Anti-virus software ‘spied on US’
RUSSIANS ACCUSED OF TURNING KAPERSKY INTO A TOOL FOR ESPIONAGE
The Russian government used a popular antivirus software to secretly scan computers around the world for classified US government documents and top-secret information, modifying the program to turn it into an espionage tool, according to current and former US officials.
The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could have been made only with the company’s knowledge, the program searched for terms as broad as “top secret”, which may be written on classified government documents, as well as the classified code names of US government programs.
The Wall Street Journal reported last week that Russian hackers used Kaspersky’s software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program.
The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. An NSA spokesman did not comment on the breach.
But the use of the Kaspersky program to spy on the US is broader and more pervasive than the operation against that one individual, whose name had not been released, current and former officials said.
Kaspersky Lab, founded by an engineer trained at a KGB technical school, has long denied assisting the Russian government with spying on other countries. But many US officials now think the evidence the US has collected shows the company is a witting partner.
“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” said a former US official with knowledge of information gleaned in 2015 about how the software was used to search for American secrets.
He said the nature of the software is such that it would have had to be programmed to look for specific keywords, and Kaspersky’s employees were likely to have known that was happening, the former official said.
The company said in a statement yesterday that “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems”.
It remains unclear exactly how many other government computers or employees may have been targeted using the Kaspersky product or whether secret government material was stolen, said the people familiar with the matter.
After discovering the 2015 breach, US officials began gathering other evidence that Kaspersky was being used to identify classified information and assist in its theft, said the people familiar with the matter.
For many months, US intelligence agencies studied the software and even set up controlled experiments to see whether they could trigger Kaspersky’s software into believing it had found classified materials on a computer being monitored by US spies, these people said.
Those experiments persuaded officials that Kaspersky was being used to detect classified information.
The government of Israel initially alerted the US that Kasper- sky software was being used to find American intelligence information, after Israel’s own computer spies penetrated the networks of Kaspersky Lab from 2014, the current and former officials said.
Last month, the Department of Homeland Security took the extraordinary step of banning all federal government agencies and departments from using Kaspersky goods and services.
That action was a direct result of US efforts to build a case against Kaspersky, said former officials involved in the work.
Until that decision was made, Kaspersky software was authorised for use in 22 government agencies, US officials have said.
It also is sold to US consumers and companies.