According to a new report, the NSA learned of the federal government’s Kaspersky weakness from Israel.
As the independent security and intelligence reporters at DEBKA are reporting:
Acting on this Israeli tip-off in 2015, the National Security Agency confirmed that its tools were being used by the Moscow-based Kaspersky company and enabled Russian spy services to dig out US secrets.
The Israeli government hackers’ tipoff prompted a search through US intelligence agencies for the leak. It was found in the NSA’s Tailored Access Operations division, and came from an employee who had installed Kaspersky’s anti-virus software on his home computer, thereby enabling Russian spy agencies to penetrate US intelligence networks.
He is still being investigated to find out whether he installed the Kaspersky software, which serves 400 million computers around the world, with malicious intent or through negligence.
The report also noted U.S. intelligence has concluded the Russian FSB has access to Kaspersky’s customer databases and source code, which can enable it to conduct cyberattacks against U.S. government, commercial, and industrial networks. Russian law allows the government to see all data moving through its domestic components of the Internet, increasing the risks of espionage, sabotage, and supply-chain attacks.
The report noted the “manifold” ramifications of these developments:
1. Whether or not Kaspersky is working directly for the Russian government doesn’t matter; their Internet service providers are subject to monitoring. So virtually anything shared with Kaspersky could become the property of the Russian government.
2. The Israeli tip-off helped the US intelligence agency beat off one major breach of its security system. But that was two years ago, and it stands to reason that the Russians have come up with more methods in the interim.
3. The Kaspersky software tool for detecting computer viruses – but also to identity other data – is known as “silent signatures” – strings of digital code that operate in stealth to find malware but which could also be written to search computers for potential classified documents, using keywords or acronyms. This is the only anti-virus firm whose data is routed through Russian Internet service providers subject to Russian surveillance.
4. This episode casts the massive and elaborate political probes launched to discover whether Russian intelligence helped Donald Trump win the 2016 presidential election in an absurd light. Russian spies were known to have been digging around America’s most secret networks a year earlier. Although President Barack Obama must have been informed about these clandestine hacking operations, he never held Moscow to account.
5. The Israeli government’s digital operators who track Russian systems pass their discoveries to US intelligence agencies, as this episode shows. Therefore, the Netanyahu government’s efforts to paint a picture of close friendship between Jerusalem and Moscow apply only to the surface relationship. The Russians have always seen Israel as an integral part of America’s military and intelligence presence in the Middle East and other parts of the world, and their policies with regard to Israel can be expected to reflect that perception.