Israel and Russia’s overlapping hacks of Kaspersky complicate espionage narrative

The drama between Russian cybersecurity firm Kaspersky and the U.S. government just doesn’t quit, but a new report may answer some longstanding questions.

This week, The New York Times revealed that U.S. intelligence was actually tipped off about the Russian government hacking Kaspersky Lab software by Israeli intelligence officers who observed Russia in action during the course of their own spying efforts.

Russia’s activities are described as “[searching] computers around the world for the code names of American intelligence programs,” indicating that Russian intelligence leveraged the broad permissions required by any antivirus software to turn compromised computers into a kind of searchable database.

While there is much we don’t yet know about the Russian government’s efforts to hack Kaspersky products, in at least one instance they appear to have resulted in Russia obtaining classified documents from an NSA employee who had stored them on a personal computer that ran Kaspersky software.

The extensive system-wide permissions that antivirus software necessitates and the trust it demands of its users make Kaspersky’s products an ideal target for governments wishing to spy on their adversaries. Kaspersky first noticed intrusion by Israel referenced in The New York Times story back in 2015, when it reported that “a sophisticated cyberespionage actor” had infiltrated its systems using code that resembled a previous attack. Kaspersky dubbed the effort “Duqu 2.0” and drew a connection between methods used in the new intrusion and those employed by Stuxnet, a cyber weapon developed for use against Iran by the U.S. and Israel.

On Wednesday, Germany’s federal cybersecurity agency BSI told Reuters that it had not detected any threat from Kaspersky software but would work in cooperation with U.S. intelligence agencies.

The whole ordeal is a nightmare for Kaspersky Lab. The company looks incompetent at preventing state-sponsored hacks in the best-case scenario and complicit with the Russian government in the worst-case scenario. However it plays out, the unfolding drama will certainly hurt the software maker’s footprint in the U.S., where Congress has already taken action to purge the government of the company’s software.

Kaspersky maintains its desire to “certifiably refute the false accusations” made in The New York Times story:

“Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical,” the company said in a statement to TechCrunch.

“… For 20 years, Kaspersky Lab has been focused on protecting people and organizations from these cyberthreats — its headquarters’ location doesn’t change that mission.”