Kasper­sky spy rev­e­la­tions may vin­di­cate Is­rael

Rus­sian cy­ber­se­cu­rity firm to ‘Post’: Ties to hack of Iran talks ‘un­ver­i­fied’

Jerusalem Post - - NEWS - • By MICHAEL WILNER Jerusalem Post Cor­re­spon­dent

WASH­ING­TON – Back in 2015, Is­rael’s in­tel­li­gence agen­cies were caught on the de­fen­sive when a Rus­sian-based cy­ber­se­cu­rity firm re­leased an ex­plo­sive re­port strongly im­pli­cat­ing them of spy­ing on the US at host sites of the Iran nu­clear talks.

The firm, Kasper­sky Lab, de­clined to name Is­rael as di­rectly re­spon­si­ble for the hack. But it pointed to the use of a so­phis­ti­cated mal­ware, code-named Duqu 2.0, that had orig­i­nally been de­vel­oped jointly by Is­raelis and Amer­i­cans and had now been adapted to tar­get US in­ter­ests. Or so the story went in 2015. Now Kasper­sky Lab is the party on the de­fen­sive, af­ter The New York Times re­vealed this week that in its 2015 hack of Kasper­sky sys­tems Is­rael un­cov­ered a Rus­sian gov­ern­ment ef­fort to use the pri­vate cy­ber­se­cu­rity firm as a pow­er­ful search en­gine on com­put­ers world­wide.

Af­ter Is­rael re­port­edly un­cov­ered the Rus­sian op­er­a­tion, it promptly alerted the US to its find­ings. The re­port calls into ques­tion the dom­i­nant 2015 nar­ra­tive that Jerusalem and Wash­ing­ton were work­ing against one an­other – not to­gether – on in­tel­li­gence col­lec­tion.

At that time, the Obama ad­min­is­tra­tion fielded ques­tions from re­porters fo­cused pri­mar­ily on the ques­tion of whether Is­rael was tar­get­ing the US through es­pi­onage, due to dis­agree­ments over the Iran talks.

“I can say that we take steps, cer­tainly, to en­sure that con­fi­den­tial... clas­si­fied ne­go­ti­at­ing de­tails stay be­hind closed doors in these ne­go­ti­a­tions,” said Jeff Rathke, then a State Depart­ment spokesman.

He de­clined to elab­o­rate. But US of­fi­cials in pri­vate re­peat­edly ac­cused Is­rael of spy­ing on their ef­forts, and in the clos­ing months of the talks dra­mat­i­cally cur­tailed their brief­ings to Is­raeli of­fi­cials on their diplo­matic progress.

Spy­ing was surely go­ing both ways, and it re­mains un­clear whether Is­rael’s in­tended goal of the Kasper­sky hack was to un­der­stand Kasper­sky’s sys­tems, to col­lect in­tel­li­gence on the nu­clear talks, or for some other un­known pur­pose.

In De­cem­ber of that year, The Wall Street Jour­nal re­vealed that a wide US sur­veil­lance net of Is­raeli lead­ers had in­ci­den­tally col­lected the com­mu­ni­ca­tions of sev­eral mem­bers of Congress. Other re­ports from that year seem to con­firm Is­raeli and US ef­forts to spy on one an­other.

And Is­rael’s will­ing­ness to come for­ward with its dis­cov­ery of Rus­sia’s ef­fort does not nec­es­sar­ily mean that they re­vealed to the Amer­i­cans their sources and meth­ods for the in­for­ma­tion shared.

In a state­ment to The Jerusalem Post on Thurs­day, Kasper­sky Lab could not con­firm that Is­rael’s find­ings on the use of Kasper­sky sys­tems oc­curred dur­ing its al­leged in­fil­tra­tion of the Iran talks. The firm fur­ther de­nied any con­nec­tion to the Rus­sian gov­ern­ment.

“With re­gards to un­ver­i­fied as­ser­tions that this sit­u­a­tion re­lates to Duqu 2, a so­phis­ti­cated cy­ber­at­tack of which Kasper­sky Lab was not the only tar­get, we are con­fi­dent that we have iden­ti­fied and re­moved all of the in­fec­tions that hap­pened dur­ing that in­ci­dent,” the firm said. “Kasper­sky Lab does not defini­tively at­tribute at­tacks to spe­cific en­ti­ties or na­tion-states, be­cause the com­pany’s pol­icy is to fo­cus on the tech­ni­cal anal­y­sis of cy­ber-threats.”

The or­ga­ni­za­tion said that no ev­i­dence had been pre­sented to sub­stan­ti­ate the Times re­port, and called on rel­e­vant par­ties to re­spon­si­bly pro­vide the com­pany with ver­i­fi­able in­for­ma­tion.

“Con­trary to er­ro­neous re­ports, Kasper­sky Lab tech­nolo­gies are de­signed and used for the sole pur­pose of de­tect­ing all kinds of threats, in­clud­ing na­tion-state spon­sored mal­ware, re­gard­less of the ori­gin or pur­pose,” the firm added.

In an in­ter­view in 2015 with the Post, Kasper­sky Lab’s prin­ci­pal se­cu­rity re­searcher, Kurt Baum­gart­ner, of­fered more de­tails.

“At­tri­bu­tion of cy­ber­at­tacks over the In­ter­net is a dif­fi­cult thing,” Baum­gart­ner said. “How­ever, it’s im­por­tant to stress that we are ab­so­lutely sure that Duqu 2.0 is an up­dated ver­sion of the in­fa­mous 2011 Duqu mal­ware.”

Duqu was orig­i­nally dis­cov­ered in 2011 as a strik­ingly sim­i­lar soft­ware to Stuxnet, the virus of US-Is­raeli ori­gin that was used to in­fil­trate Iran’s nu­clear in­fra­struc­ture, de­stroy­ing it from within.

“In ad­di­tion to sev­eral un­known vic­tims, we are quite sure that at least three of the venues where P5+1 [US, UK, China, France and Rus­sia, plus Ger­many] talks about a nu­clear deal with Iran were held have been at­tacked,” Baum­gart­ner said. He added that the “Duqu 2.0 group launched a sim­i­lar at­tack in re­la­tion to the 70th an­niver­sary event of the lib­er­a­tion of Auschwitz-Birke­nau.”

Newspapers in English

Newspapers from Israel

© PressReader. All rights reserved.