Kaspersky antivirus software has been hacked

[John F]

If you use the antivirus software by the Russian firm Kaspersky, it looks like you should consider replacing it with some other product.

Foreign intelligence agencies might be using your anti-virus software against you
By James Hohmann
October 11 at 7:18 AM

THE BIG IDEA: Several worrisome stories popped overnight that underscore the growing vulnerability of the United States to hacking and cyberespionage by foreign governments, specifically Russia and North Korea.

-- Russian government hackers could use the anti-virus software sold by Kaspersky Lab to search the contents of any computer using it, the New York Times reported. The software, installed on more than 400 million people’s computers and employed by roughly two dozen American government agencies, can reportedly be turned into “a sort of Google search for sensitive information.”

“It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs,” Nicole Perlroth and Scott Shane report. “Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation…”

“More than 60 percent … of the company’s $633 million in annual sales come from customers in the United States and Western Europe. … Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force …

“The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries. ‘Antivirus is the ultimate back door,’ Blake Darché, a former N.S.A. operator and co-founder of Area 1 Security. ‘It provides consistent, reliable and remote access that can be used for any purpose…’”

-- Our Ellen Nakashima confirms that the Israelis tipped off the NSA that the Russians had stolen U.S. hacking tools and has some additional backstory: “[A]n investigation by the agency revealed that the tools were in the possession of the Russian government. … In the 2015 case, investigators at the NSA examining how the Russians obtained the material eventually narrowed their search to an employee in the agency’s elite Tailored Access Operations division … The employee was using Kaspersky anti-virus software on his home computer … The employee, whose name has not been made public and is under investigation by federal prosecutors, did not intend to pass the material to a foreign adversary.”

Kaspersky Labs was founded in 1997 by Eugene Kaspersky, a decade after he had graduated from a KGB-supported cryptography school and had worked in Russian military intelligence agencies. The company has previously touted this part of his background in promotional materials. The firm denies having “inappropriate” ties to the Russian government, as well as any role in the hacks. “Kaspersky Lab is caught in the middle of a geopolitical fight,” it said in a statement last night. But the company’s data is routed through Russian Internet service providers that are subject to Russian government surveillance. Ellen quotes two experts explaining how implausible it is that Vladimir Putin’s regime would not get access to the information:

“Andrei Soldatov, a Russian surveillance expert and author of ‘The Red Web,’ said, ‘I would be very, very skeptical’ of the claim that the government cannot read the firm’s data: As an entity that deals with encrypted information, Kaspersky must obtain a license from the FSB, the country’s powerful security service … which ‘means your company is completely transparent’ to the FSB.” Steven Hall, who ran the CIA’s Russia operations for 30 years, said the firm is likely beholden to the Kremlin: “He said that Kaspersky’s line of work is of particular interest to … Putin and that because of the way things work in Russia, Eugene Kaspersky ‘knows he’s at the mercy of Putin.’”

-- The U.S. government is belatedly mobilizing to contain the Kaspersky threat before it’s too late. The Department of Homeland Security instructed federal civilian agencies last month to identify Kaspersky Lab software on their networks and remove it. The General Services Administration, which is the federal agency in charge of purchasing, removed Kaspersky from its list of approved vendors in July. The FBI has notified major companies, including in the energy and financial sectors, about the risks of using Kaspersky software over at least the past two years, Ellen reports: “The briefings have elaborated on the risks of espionage, sabotage and supply-chain attacks that could be enabled through use of the software.”
The National Intelligence Council also just completed a classified report that it shared with NATO allies concluding that the FSB had “probable access” to Kaspersky customer databases and source code. Moscow could use this to launch debilitating cyberattacks against American and European networks in the event of war.

-- A red flag: Local and state government agencies from Oregon to Connecticut are widely using the software and may be oblivious that it’s a Trojan horse. (Jack Gillum and Aaron Davis reported this summer on some of the places that rely on Kaspersky.)..

https://www.washingtonpost.com/news/pow ... f26f219246