Israel Caught Russian Hackers Using Kaspersky Anti-Virus To Breach NSA Databases

Russian hackers have used a backdoor entry to gain access to untold numbers of documents on U.S. surveillance capabilities at the NSA. Through the anti-virus company Kaspersky Lab, headquartered in Russia, those hackers were able to search for code names of American intelligence programs.

The breach was discovered by the Israelis, and then reported to U.S. Intelligence. Initially, it was not revealed how the breach was discovered, but as soon as it was revealed government agencies using Kaspersky ordered a review of the program, and eventually stopped using it.

As we reported back in July, suspicions were raised before the breach was even discovered:

Federal officials are increasingly concerned that the company could pose a serious national security threat, ABC reports.

They believe that the Russian company could be used to spy on Americans’ personal information, and are in the process of trying to get the General Services Administration to remove them from the list of outside vendors approved for use by government agencies.

There are also serious concerns that Kaspersky software could be used by computers it inhabits to launch malicious attacks that pose a serious threat to national interests.

When it is installed on users’ computers, Kaspersky Lab’s anti-virus software is able to steal and manipulate files and read private email – like all anti-virus software does. An investigation into the company has raised alarms that the software could also be used to attack critical infrastructure in the United States.

It turns out, those suspicions were correct, as the anti-virus software was used as a backdoor entry to search for sensitive information on U.S. intelligence and surveillance apparatuses, The New York Times is now reporting.

The Israelis had actually hacked into Kaspersky’s own network, and were able to view in real time Russian hackers’ attempts to search computer across the world for code names of American intelligence programs.

The Times describes the situation as “a case of spies watching spies watching spies.”

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The way which anti-virus programs work provides government hackers a perfect avenue for accessing the information they want. It was simply the perfect ruse: while government agencies that employed the anti-virus program thought it would stop hacking from rogue states, hostile actors, etc., it actually provided those very hackers the exact access they wanted.

And these are the people who claim to be keeping us safe?

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky.

That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

Once again, the government proves that the most incompetence are prone to rise to the top and let their incompetence wreak havoc on our national security. This NSA employee should have known better than to have classified information on his personal computer (maybe he should run for President as a Democrat in 2020), but apparently that’s just too sensical for intelligence agency employees these days.

If you have Kaspersky, I’d recommend getting another anti-virus program for your computer. If they can and are hacking into NSA databases, it’s probably not the best idea to use that company’s products.