Based in silicon valley, california, security brief is a blog by chris louie. his posts discuss current information security affairs

US Government Bans Kaspersky Software Following Discovery by Israeli Government

US Government Bans Kaspersky Software Following Discovery by Israeli Government

In a story that reads more like a spy novel than real life, the Israeli government hacked Russian security firm Kaspersky and as a result tipped off the US National Security Agency (NSA) that they had been compromised.  In a story first reported by The New York Times, the Israeli government found NSA hacking tools on the network of Kaspersky.  These tools could only have been obtained through unauthorized access to the NSA’s network.   This disclosure comes on the heels of news that the US Department of Homeland Security is moving to ban the use of Kaspersky software on all federal agency computers.  The Department of Homeland Security is quoted as saying

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

This appears to be the case with the recent breach of the NSA.  The Wall Street Journal reports that the 2015 breach occurred when an NSA contractor or employee improperly transferred classified materials from the NSA to his or her personal internet-connected computer, which was running Kaspersky Anti-Virus.  The Kaspersky AV engine was modified to search for strings such as “Top Secret” and “Classified” in order to identify data to be exfiltrated.  Further, a US official familiar with the investigation contends that this modification could not have happened without at least one or a few Kaspersky employees assisting the Russian government as witting partners.

"There is no way, based on what the software was doing, that Kaspersky couldn't have known about this," the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, "likely" would have known such a thing was happening.

Kaspersky Lab is denying any involvement.

 

Further reading:

ROCA: Vulnerable RSA generation (CVE-2017-15361)

ROCA: Vulnerable RSA generation (CVE-2017-15361)

CCleaner malware attack worse than initially reported.

CCleaner malware attack worse than initially reported.