Israel tipped off the US to a broad Russian hacking attempt, first revealed two years ago, the New York Times reported on Wednesday.
In 2015, Russian government hackers scoured computers across the world to try to reach American intelligence programs, but they were not aware that Israeli intelligence officers were tracking their activity and eventually brought it to the knowledge of the US, who then put the dangerous hacking attempt to a halt.
The Russian hackers, the Times report explained, used an antivirus software operated by a company called Kaspersky Lab that is broadly utilized by some 400 million people worldwide (including by officials at American government agencies).
According to the Times, the Russian hackers used the software to steal classified documents from a National Security Agency employee who was using the software on his home computer. They also turned the software into a type of search engine, but the extent of the activity they pursued by doing that has still not been revealed.
Last month, the US government decided to remove the Kaspersky software from all government computers as a result of the Israeli reveal that the Russian espionage attempt was underway.
A previous report on the Russian use of the software to steal classified N.S.A materials from an employee who used the software inappropriately on his home computer was released by The Wall Street Journal last week, but did not reveal Israel’s integral role in preventing the Russian hackers from getting their hands on further sensitive information.
The Russian hackers were reportedly unaware that Israel was keeping tabs on their activity until mid-2015, at which point an engineer with Kaspersky who tested a new detection tool was made aware of unusual activity in the network, leading to an investigation by the company that concluded with a report released in 2015 and available to the public.
The report didn’t point at Israel as the country that hacked into the software, but noted that the hack was reminiscent of a previous attack identified as “Duqu,” which was attributed to the same countries behind the Stuxnet cyberweapon.
Stuxnet, spearheaded in an Israel-US collaboration, infilitrated Iran Natanz nuclear facility in 2010 and destroyed a fifth of Iran’s uranium centrifuges, according to foreign reports.
Kaspersky dubbed this attack as “Duqu 2.0,” and pointed out that others who were attacked in the same way were ideal Israeli targets.
According to the Times, Kaspersky investigators realized that Israeli hackers used especially sophisticated tools to infiltrate the system, stealing passwords, erasing emails and documents and taking screenshots.
The Jerusalem Post first reported of Kaspersky’s suspicions in 2015, when the cybersecurity firm noted that there were breaches in its software at three luxury European hotels from a virus considered a hallmark of Israeli intelligence operations. Kaspersky’s investigation then led to the discovery that all three hotels hosted talks between world powers and Iran over its nuclear program in the past year.
According to the company’s report, Kaspersky crosschecked thousands of hotels in search of similar breaches. It found only three. The firm declined to name those hotels, but the negotiations have been held in only six hotels in Switzerland and Austria since the diplomatic effort first began.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, told The Jerusalem Post at the time that the hack was not limited to the hotels and that “up to 100″ targets were subjected to the attack.
“It’s important to know that Kaspersky Lab products identified the infection within various victims,” Baumgartner said. “In addition to several unknown victims, we are quite sure that at least three of the venues where P5+1 talks about a nuclear deal with Iran were held have been attacked.”
Speaking to the Times, representatives of Kaspersky Lab denied that they were aware or implicit in the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said Tuesday. Kaspersky Lab also added that it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”
Israeli intelligence officers reached out to the N.S.A to inform the agency that while hacking into the Kaspersky software they learned that Russian government hackers were using the system to scan American government classified programs and take findings back to Russian intelligence systems. The Times report said that Israeli officials provided evidence for their findings, showing N.S.A counterparts evidence in the form of screenshots and other documents.
And while Israel intruded the Kaspersky software in 2014, only in September did the Department of Homeland Security ordered all federal executive branch agencies to stop using Kaspersky products within 90 days.
The National Security Agency, the White House, the Israeli Embassy and the Russian Embassy all declined to comment on the Times report.