Analysis

Israel's Kaspersky Hack Reveals That Russia Is Crossing All the Red Lines

Israel's Kaspersky hack is just the latest in a series of Israeli intelligence operations to have leaked, almost certainly from the Trump administration. How out of the ordinary is such a hacking effort?

Russian President Vladimir Putin kisses a Turkmen shepherd dog gifted to him by Turkmen President Gurbanguly Berdimuhamedov in Sochi, Russia, October 11, 2017.
Russian President Vladimir Putin kisses a Turkmen shepherd dog gifted to him by Turkmen President Gurbanguly Berdimuhamedov in Sochi, Russia, October 11, 2017. MAXIM SHEMETOV/REUTERS

The reports in the New York Times and Washington Post on Wednesday that Israel detected Russian intelligence using the popular cybersecurity software Kaspersky Lab have not pleased the Israeli intelligence community.

“Assuming they’re true, the reports in the U.S. are not necessarily good for Israel,” said one veteran of Israel’s cyber intelligence apparatus. “It could reveal our capabilities and the fact that we are targeting Russian companies.” Wednesday’s reports are just the latest in a series of cases over the last few years in which Israeli intelligence operations have leaked, almost certainly from the Trump administration, to the American media. 

>> Israeli army combating a new kind of cyber threat

According to the reports, Israel hacked into Kaspersky’s computers in 2015 and revealed that its security software, used by hundreds of millions private citizens and organizations around the world, had been compromised in such a way that it enabled Russia’s intelligence agencies to target and extract information from the NSA. As a matter of routine, Israel passed on this information to its American allies. How out of the ordinary is such a hacking operation?

Boaz Dolev, CEO of ClearSky Cybersecurity, who was in charge of the security of Israeli government computer networks for thirteen years, said “there is an assumption in the cyber industry that many leading security companies in different countries cooperate with their governments. But what has been reported, that the internal search engine of the Kaspersky product was being used for targeted espionage in users’ computers, is breaking all the red lines.”

FILE PHOTO: An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013.
Sergei Karpukhin/REUTERS

>>Israeli experts sensed Putin's role in U.S. election ahead of Washington

“This kind of an operation is ‘the Premier League of hacking,’” said Ronen Yehoshua, CEO of Morphisec, a company which develops defences to advanced cyber threats and employs many former operatives of Israel’s electronic surveillance agencies. “Most hacking is still done by making the user download a file. What we’re seeing here are much more serious supply-chain attacks, in which a product of a recognized software vendor could have been manipulated to penetrate computer systems of organizations that trusted them.”

In order to break into computers, many hackers today use versions of corrupted files, or malware, which are available online or can be bought on the darknet. But supply-chain attacks are much more sophisticated. The hackers would first need to break into the computers of a major software company and have the knowledge to locate and change codes which are being developed, before they are distributed. According to Yehoshua, “this is way beyond the ability of normal cybercrime gangs.” This information naturally leads to the question whether Russian intelligence had a helping hand within Kaspersky Lab.

Eugene Kaspersky, the company’s founder, used to work for the Russian intelligence apparatus himself, and not surprisingly, there have been questions surrounding possible cooperation between Kaspersky and the Kremlin in the past. Kaspersky issued a statement on Wednesday saying that his company “was not involved in, and does not possess any knowledge of the situation in question.” But since his company is based in Moscow and its development center and marketing operation use Russian internet servers – which are under tight supervision by the Kremlin – there would be ample opportunity for Russia’s cyber warfare agencies, or a criminal group working on their behalf, to compromise Kaspersky’s products.

One interesting footnote to Wednesday’s revelations is that if they are indeed true, it would seem that the information on Kaspersky’s vulnerabilities was a tightly kept secret even with the Israeli government. A number of Israeli ministries and agencies still use Kaspersky cybersecurity software (U.S. government agencies stopped doing so last month) and five months ago, the National Cyber Security Authority, a department within the Prime Minister’s Office, even signed an agreement with Kaspersky to supply it with detailed information on cyber threats.