Mon12112017

LAST_UPDATEMon, 11 Dec 2017 3pm

Israeli Hackers Find NSA Surveillance Tools On Kaspersky Servers

Pic: lowyat.netPic: lowyat.net

Suspicions of Kaspersky’s involvement with Russian espionage agencies have picked up steam over the last couple of months. Of late, the reason for the suspicion has become clear. It turns out that the Americans only became aware of a potential security leak through the anti-virus company after a group of Israeli spies hacked into the Kaspersky network and began looking around.

The hackers had supposedly discovered hacking tools that did not look like they were developed by the Russian based company. Instead, the tools looked suspiciously like they came from the National Security Agency. The information was promptly passed along to the NSA, and security agencies began to look into Kaspersky for potential ties to Russian espionage efforts.

Since then, the Department of Homeland Security has instructed all federal civilian agencies to remove Kaspersky Lab software found on their networks. It stopped short of calling Kaspersky a malicious agency, saying that there is “the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.” Since then, the security software has been removed from the list of approved vendors for the US government.

The search for the leak lead to an employee in the Tailored Access Operations division. A group that collects intelligence (i.e. spies) on foreign targets. The employee in question happened to be using Kaspersky anti-virus on his home computer. Which is where the information is said to have escaped. No malice is being suspected on this part; as investigators believe that the employee was only trying to do his job.

Kaspersky, for its part, maintains its innocent. It instead believes that the NSA hacking tools ended up on its network due to being detected as malware. Which, to be fair, is precisely what they are.

Security experts are not necessarily convinced of this explanation. While there is a chance that Kaspersky is telling the truth, there is also a high degree of certainty that the company is under surveillance from the Russian FSB. This is because the company must obtain a license from the state intelligence agency to deal with encrypted information. A condition that leaves it extremely open to being spied on.

An industry official says that it doesn’t matter if Kaspersky is working with the FSB or not. Instead, the company’s maintaining its servers in Russia leave it extremely vulnerable to surveillance. The company is sharing all its data with the Russian government, whether it wants to or not.

- Lowyat.net/ Washington Post