The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer’s home PC took an explosive turn on Tuesday.
Essentially, it is now claimed Israeli spies hacked into Kaspersky’s backend systems only to find Russian snoops secretly and silently using the software as a global search engine. Kremlin agents were observed in real-time sweeping computers worldwide for American cyber-weapons, and then extracting any matching files. The Russians, it is claimed, hacked Kaspersky’s servers to harvest any suspicious data flagged up by the antivirus that matched known codenames for American software exploits.
非法闯入是指黑客利用企业网络的安全漏洞,不经允许非法访问企业内部网络或数据资源,删除、复制甚至毁坏数据。

In short, Kaspersky’s code, installed on millions of computers around the planet, was being used as a global searchable spying tool by the Russian government, it is alleged. It also means, now that this has been splashed on the pages of the New York Times, that US intelligence insiders have blown the lid on details of a highly sensitive Israeli operation.
“The role of Israeli intelligence in uncovering [the Kaspersky] breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed,” the NYT reported. For good reason: the disclosure means someone in the US intelligence community is prepared to leak against – and put an abrupt end to – an Israeli operation known to America because Israel trusted its intelligence pals.
As cyber-security expert Matt “Pwn All The Things” Tait put it:
Starting with: if this is true, some “current and former US officials” just leaked and blew a highly classified Israeli counter-intelligence op. Good job guys.
— Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 10, 2017
As we noted last week, antivirus packages can pose a huge risk to organizations, not least the NSA, because if a scan of someone’s computer yields something that looks like a threat, such as a freshly developed exploit or piece of spyware, it’s uploaded to the AV vendor’s cloud for analysis.
If an attacker were able to infiltrate those backend systems, with or without cooperation, they would be able to rifle through collected sensitive documents and snatch copies of any samples. In this case, the Russians were apparently hunting for America’s exploits to, presumably, wield them against corporations and government agencies in the West and beyond, and shore up their IT defenses to thwart the cyber-weapons.
That remains speculative, of course. Tait again:
That all said, if Kaspersky was looking for classification markers in documents, then they’re toast.
— Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 10, 2017
The New York Times didn’t identify exactly what information was exfiltrated by the Russians, but it claims the Kremlin’s access into Kaspersky was maintained for two years. Indeed, in 2015, Kaspersky said it detected sophisticated cyber-espionage code within its corporate network, and publicly wrote about it although did not name Israel as the culprit. Back then, Kaspersky was infected by the Duqu 2.0 spyware, which was related to the American-Israeli-developed Stuxnet malware that got into the Iranian government’s nuclear weapons labs in 2010 and knackered its uranium centrifuges.
While digging around inside Kaspersky’s systems, the Israeli were looking for the Moscow-based business’s research into the NSA and the UK’s counterparts, GCHQ. After spotting Kremlin agents, the Israelis tipped off the NSA. And now that’s all over the news.
Unsurprisingly, Kaspersky Labs founder Eugene Kaspersky denies the substance of the NYT article:
Kaspersky Lab was not involved in, and does not possess any knowledge of the intelligence operation described in the recent @NYTimes article pic.twitter.com/didzcB0650
— Eugene Kaspersky (@e_kaspersky) October 10, 2017
I am launching internal investigation to cross-check. If US LEA has relevant facts – please share.
— Eugene Kaspersky (@e_kaspersky) October 10, 2017
In the light of the ongoing scandal, it’s hardly surprising that security vendors are taking a long, hard look at their code review policies – particularly any code that government agents can examine for exploitable bugs to use remotely against customers.
Symantec was the first to jump, with its CEO Greg Clark telling Reuters this week it will no longer let governments inspect its source code. Clark said: “Saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’” poses an unacceptable risk to customers. ®
经开分局:严厉打击违规渣土运输行为 严防各类生产安全事故发生
PS: Kaspersky just opened a research lab in Israel. Awkward!
Sponsored:
The Joy and Pain of Buying IT – Have Your Say
较普通职员矾,老总们被黑的概率会更高一些,明星们的账号密码同样也存在脆弱性,不过他们的被关注度和社会影响力更高,这使得安全防护更不容忽视。

猜您喜欢

网络安全应急资源调度平台
网络安全公益短片防范移动僵尸网络
网络安全法实施宣传
或于10月底上市 起亚新福瑞迪内饰官图
JWFILES CLIPPINGMAGIC
保密讲堂第一弹:准确定密并正确标识国家秘密