How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab,
that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.
The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National
Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed.
In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state
attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N. S.A.
— and the “Regin” campaign, another industry term for a hacking unit inside the United
Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ
Acting Department of Homeland Security Secretary Elaine C. Duke cited the “information security risks” presented by Kaspersky
and said the company’s antivirus and other software “provide broad access to files” and “can be exploited by malicious cyber actors to compromise” federal computer systems.
The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has
not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.
