The New York Times made some sensational claims about Kaspersky software this week. The newspaper claimed Russian hackers have used the antivirus software to gather secrets from US government departments.
But unbeknownst to them the spies where being spied upon. The Israeli secret service also breached the Kaspersky software and monitored the Russians activity.
It’s all very secret squirrel. Unsurprisingly Kaspersky have rubbished the claims.
What did the New York Times say?
In true NYT style they said a heck of a lot. But I’ll try and boil it all down.
They allege the Russian’s have stolen classified documents from an NSA (National Security Agency) employee. They accessed the employee’s home computer through Kaspersky antivirus software.
According to the New York Times this is isn’t a one-off. Suspicions have been around since 2014.
The NYT story comes on the back of the US banning the use of Kaspersky software in government departments in September. In a statement they issued on September 13 The Department for Homeland Security said the software must be removed within 90 days.
The statement went on to say: “The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
An Israeli tip off led to the ban. And formed the basis of the NYT story. Their agents too had breached Kaspersky software and were shadowing the Russian’s activities.
Kaspersky and the Israelis do have a history. In 2015 the software company discovered an intruder in its network. Although not specifically naming them it was widely believed to be the Israelis.
Why target Kaspersky?
According to the NYT more than 60% of the software’s sales are in the United States and Western Europe. This includes many different government departments including over 20 US agencies. The State Department, Treasury, and Army, Navy and Air Force all use Kaspersky software.
What have Kaspersky said?
They have come out swinging. In a statement they said: “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems.
“As there has not been any evidence presented, Kaspersky Lab cannot investigate these unsubstantiated claims, and if there is any indication that the company’s systems may have been exploited, we respectfully request relevant parties responsibly provide the company with verifiable information.
“It’s disappointing that these unverified claims continue to perpetuate the narrative of a company which, in its 20 year history, has never helped any government in the world with its cyberespionage efforts.
“Contrary to erroneous reports, Kaspersky Lab technologies are designed and used for the sole purpose of detecting all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose.
“The company tracks more than 100 advanced persistent threat actors and operations, and for 20 years, Kaspersky Lab has been focused on protecting people and organizations from these cyberthreats — its headquarters’ location doesn’t change that mission.”
So what’s the truth?
Who knows? Spies hacking into antivirus software certainly sounds believable. And desirable. If you’re a spy that is. As Blake Darché a former N.S.A. operator told the New York Times: “Antivirus is the ultimate back door.
“It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”
Will we ever know the truth? Probably not. I guess it’s down to who you believe. Kaspersky or the US government / New York Times.