Kaspersky Hack Reveals Conflict Between Spy Agencies, Security Firms

With documents showing national intelligence agencies are targeting Kaspersky and other security firms, can their customers really feel secure?

Spy Battle 2

When security firm Kaspersky Lab announced in June that a sophisticated attacker had infiltrated its network and stole research data, the apparent act of espionage became the latest incident to target a company whose products protect many other firms.

The attack, which also targeted nations and organizations involved in nuclear talks with Iran, used at least three zero-day attacks, incorporated fake breadcrumbs designed to implicate Chinese or Eastern European attackers, and had sophisticated technical capabilities.

Many parts of the code resembled the Duqu espionage platform, an attack tool discovered in 2011 and linked to U.S. and Israeli intelligence agencies. Kaspersky Lab dubbed the attack Duqu 2.0, and implicated Israel in the attack.

While the attack appears exceptional, the targeting of security firms will only become more commonplace as groups seeking information increasingly need to bypass security measures, Antti Tikkanen, director of technology strategy and research for Finnish security-software company F-Secure Corp., told eWEEK.

"This makes the conflict between intelligence agencies and security companies very concrete," Tikkanen said. "We (security firms) are all targets, and often targets of high priority, and we should not be surprised."

In 2011, security giant RSA suffered a major breach, with attackers gaining access to a database of critical seed data used by the company to generate the pseudo-random codes that many companies and government agencies use to enhance security.

A year later, attackers infiltrated security firm Bit9, which creates security devices to keep out unknown code, and stole a digital certificate that could allow malware to sneak past its customers' defenses.

While private companies often have been been targeted by nations, the latest attacks underscore that security firms have become objectives in a global intelligence war, because they are front-line soldiers protecting customers against nation-states and other economic espionage. They hold the keys to their customers' defenses, and that means security firms will always be an interesting target to government intelligence agencies.

Such attacks, however, pose a worrisome trend, according to Eugene Kaspersky, CEO of Kaspersky Lab.

“Spying on cyber-security companies is a very dangerous tendency," he said in a statement released on June 10. "Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised."

Kaspersky warned that such attacks only blaze a trail for less savvy attackers to follow. Cyber-criminals and hacktivists already have used methods demonstrated by Stuxnet, Flame and Duqu in subsequent attacks. "Sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cyber-criminals, and that is an extremely serious and possible scenario," Kaspersky said.

Although security companies strive to create technology to keep attackers out of their customers' networks, the industry as a whole has realized that prevention is only a small part of the overall security equation. Companies should expect to be breached and that goes doubly so for security firms.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...