Israeli officials who had hacked into the Kaspersky Lab, a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, alerted the US about an unreported, wide scale Russian intrusion, following which Kaspersky software was removed from government computers on Sept. 13, the New York Times reported Wednesday.
The Kaspersky antivirus software is used by 400 million clients worldwide.
The National Security Agency, the White House, the Israeli Embassy and the Russian Embassy in DC have not responded to inquiries nor issued comments on the report.
The Russian hacking operation has stolen classified documents from the home computer of a National Security Agency employee who was using the Kaspersky software, according to the Times. The full extent of the damage from other aspects of the hacking is not yet known—or publicized.
The alert to the US authorities was based, according to the Times, on Israel’s 2014 hacking of Kaspersky’s corporate systems, which by then had been accused of serving as a front for Russian Intelligence. The US Dept. of Homeland Security issued a statement at the time, saying that there existed a risk “that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
Kaspersky Lab discovered the Israeli invasion in 2015, and issued a detailed report in June 2015 – but did not directly accused Israel. It did suggest there were similarities between the virus that took over their systems and Duqu, a virus utilized in the US-Israeli Stuxnet 2010 attack on Iran’s Natanz nuclear facility, which destroyed thousands of Iranian uranium centrifuges.
According to the Kaspersky report, the hackers burrowed deep in its system and evaded detection for months. When they left, the hackers—presumably Israelis—left behind multiple back doors for a quick re-entry, using sophisticated tools to steal passwords, take screenshots, and download massive amounts of emails and documents.
According to the Times, Israeli Intelligence let the NSA know that while they had been touring the belly of the Kaspersky beast, they collected evidence that Russian government hackers were using the antivirus provider’s access to brutally dig for and collect US government classified information.
The data the Israelis offered the NSA included solid evidence that the Kremlin is conducting a clandestine war against the US, the NY Times reported. Why it has taken the US this long is unclear.