Israeli Spies Pwned Kaspersky & Caught Russian Spies Using AV Tool To Pwn Others

This isn’t going to be good news for Kaspersky who has been battling accusations that their anti-virus software is used by Russian spies to spy on the west. According to the New York Times, Israel pwned Kaspersky. In the process of doing that, they discovered that Russian spies were using the anti-virus software as a gateway to pwn others:

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

How do we know that it was Israel? Well, there’s this:

Kaspersky Lab did not discover the Israeli intrusion into its systems until mid-2015, when a Kaspersky engineer testing a new detection tool noticed unusual activity in the company’s network. The company investigated and detailed its findings in June 2015 in a public report.

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

If this report is accurate, then Kaspersky is done like dinner in most places on planet Earth. There’s no way that anyone will install their software. Though I will say that the employee who got pwned by Russian spies needs a kick in the you know where for allowing this to happen.

There’s also one other thing. Since a nation state or anyone else pwning anti-virus software so that they can use it as a bride to pwn a network has gone from being theory to fact, anti-virus vendors are going to let a lot less people look at their code. Symantec was the first to do this with its CEO Greg Clark telling Reuters this week it will no longer let governments inspect its source code. That will help, but seeing as the Russians and Israelis were in the Kaspersky network for up to 2 years, it cannot be the only line of defense.

Meanwhile, let us watch the fall of Kaspersky as I cannot see a scenario at this point where they survive this.


One Response to “Israeli Spies Pwned Kaspersky & Caught Russian Spies Using AV Tool To Pwn Others”

  1. […] the revelation that Russian spies have been using the beleaguered Kaspersky anti-virus software for years to troll for s…, the question is, should you uninstall it or is it safe to leave on your […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: