Israel Allegedly Breaches Kaspersky Lab to Reveal Russian Hackers

Reports claim that a clandestine operation by Israel was able to exploit Kaspersky Lab, with information from the hack subsequently shared with U.S. intelligence officials.

DHS Orders Kaspersky Ban

After months of allegations and concerns about security firm Kaspersky Lab and its involvement in Russian government hacking efforts, there is a dramatic new revelation in the ongoing drama. According to a pair of reports published on Oct. 10 in the New York Times  and Washington Post, Israeli intelligence operatives actually hacked Kaspersky Lab possibly as far back as 2015.

The Israeli intelligence operations were able to gain access and find files as well as hacking tools on the Kaspersky Lab network that appeared to be stolen from the U.S. National Security Agency. Israeli officials then reportedly informed their U.S intelligence counterparts of their findings.

The new reports on Israeli involvement come a week after an Oct. 5 report in the Wall Street Journal alleging that Russian hackers were able to steal secrets from the NSA by way of Kaspersky Lab software. 

For its part, Kaspersky Lab is still trying to figure out if the reports are accurate and what actually happened.

"I am launching an internal investigation to cross-check," Kaspersky Lab founder Eugene Kaspersky wrote in a Twitter message. "If US LEO (Law Enforcement Officials) have relevant facts - please share."

Although Kaspersky is now launching his own investigation, the timing of the alleged Israeli hack does line up with a publicly disclosed incident. In June 2015, Eugene Kaspersky publicly revealed that his company had been hit by a cyber-attack. His company dubbed the attack Duqu 2.0, suspecting the malware used in the attack to be a successor to Duqu, state-sponsored malware that first appeared in 2011.

The initial speculation from Kaspersky and others about the Duqu 2.0 malware attack was that it was developed by the State of Israel and was also used against negotiators involved in the Iranian nuclear arms negotiations deal that was being discussed in 2015.

During a press conference discussing the Duqu 2.0 breach, Kaspersky said the attackers were in his network for several months prior to being detected. That said, he noted at the time that he was confident that the malware was removed and there was no risk to the company or its customers. According to the published reports in the New York Times and Washington Post, that might not necessarily have been the case.

Kaspersky Lab has repeatedly denied any wrongdoing or inappropriate involvement with Russian intelligence officials. Allegation of Russian intelligence involvement with Kaspersky Lab has led to the company’s software being banned by the Department of Homeland Security at U.S. federal agencies.

"As the integrity of our products is fundamental to our business, Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concern they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity," the company stated. "In addition, Kaspersky Lab has never helped, nor will help any government in the world with its cyber-espionage efforts."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.