Russian hackers were allegedly caught in the act by Israeli intelligence officials for attempting to spy and obtain confidential information from the U.S. government.
This intelligence was gathered two years ago, during which time Israel alerted the U.S. to what was an ongoing Russian hacking expedition.
Just last month, the U.S. finally made the move to order all governmental departments to stop using Kaspersky software. Israel’s role in this event was made public by journalists only a few days ago.
The Back Story: Clashes Between Russia and U.S.
In 2015, hacking entities aligned with the Russian government scoured computers across the globe in an attempt to get to American intelligence programs, unaware that Israeli intelligence officials were subsequently keeping tabs with their activities.
They eventually unearthed the plot and informed the U.S. government of the activities, who in turn immediately halted the dangerous hacking.
According to reports, these Russian hacking teams made use of an antivirus software which is broadly used across the globe by over 400 million users (including American government officials).
The product is developed by Russia-based cybersecurity tech company Kaspersky Lab, which also serves as the accompanying brand name for the software.
The hackers secretly used this particular software to steal top secret information from an NSA (National Security Agency) employee who had installed the software on his home computer.
The attackers also modified the software into a sort of search engine, although the extent to which they undertook these activities has not been publicized yet.
In response, the U.S. government issued an order for all government computers to immediately remove the antivirus software last month. This decision was arguably long overdue—a whole two years after the Israeli government had revealed to them what was unfolding.
It had been previously reported that Russians were using the software to get hold of classified information from an NSA employee who was inappropriately using the software on his personal computer.
Nonetheless, this information did not highlight the integral role Israeli intelligence played in preventing Russian hackers from successfully acquiring sensitive information from the U.S.
The Russian government hacking team was allegedly not aware that Israel’s intelligence sector was keenly following their activities until mid-2015.
This was after a Kaspersky engineer tested a newly designed detection tool and discovered unusual activity within the network, which led to the company conducting an investigation and releasing the 2015 report to the public.
While this report did not pinpoint Israel as the nation that hacked its mainframe, it did however identify that the hack reminisced a previous attack branded as “Duqu” and which was said to arise from the same countries as those that were behind the nefarious Stuxnet cyberweapon.
Stuxnet, which was courtesy of a U.S.-Israel collaboration, was able to infiltrate the Iran nuclear facility Natanz back in 2010. It was also able to destroy 20 percent of Uranium centrifuges by Iran, as per international reports.
Kaspersky later cited this particular attack as “Duqu 2.0,” and subsequently mentioned that other nations who witnessed similar attacks were ideally Israeli targets.
Kaspersky investigators reportedly discovered that the Israeli hacking entities employed particularly complex tools to consequently infiltrate their systems—effectively erasing documents and emails, taking screenshots and stealing passwords.
The company’s suspicions that began in 2015 were first reported by The Jerusalem Post when the company initially discovered several infringements in their software originating from three lavish European hotels.
These elements arose from a virus outwardly considered an Israeli intelligence operations trademark.
The investigations later identified that the mentioned hotels had hosted talks between global heads and Iran over its subsequent nuclear program the previous year.
The company apparently crosschecked numerous hotels to identify similar breaches and only discovered three.
The company declined to identify the hotels, but such negotiations have only occurred in just six hotels located in Austria and Switzerland since these diplomatic efforts initially kicked off.
But Kurt Baumgartner, who is the principal security researcher in the company, stated to The Jerusalem Post at the time that this hack was not just limited to the stated six hotels but spread across “about 100” targets.
In his statement, he said that the company’s products discovered “the infection” within several victims and in that extensive list, they were confident that at least three of the attacked places were locations where P5+1 talks on Iran and its nuclear activities took place.
Presently, Responses are Thin
Earlier this month, Kaspersky Lab representatives nonetheless denied knowing any involvement or collaboration with Russians in hacking.
The company further reiterated that they would not participate or assist any agency or government in undertaking any cyber espionage activities.
Reports indicate that Israeli intelligence made it known to the U.S. government the alleged hacking attack on their systems and even backed it up with evidence in document and screenshot formats, among others.
And although the Israeli intrusion on Kaspersky software occurred in 2014, the U.S. government through the Homeland Security Department only issued the order for government agencies to cease using the software this year in September.
All mentioned parties—the NSA, the Russian and Israeli Embassies, and the White House—have all refrained from commenting to the press about the revelation of the hacking.