How Russian Hackers Used Popular Kaspersky Antivirus to Steal U.S. Secrets

how russian hackers kaspersky antivirus spy
The logo of the anti-virus firm Kaspersky Lab is seen at its headquarters in Moscow, Russia September 15, 2017. REUTERS/Sergei Karpukhin

Hackers from Israel were behind the discovery that Russian spies were using the popular Kaspersky Lab antivirus software to spy on American intelligence agencies, according to reports.

The Israeli hackers spied on the Russians in real time, The New York Times and The Washington Post reported, before revealing it to American officials. The discovery has led the Department of Homeland Security to remove Kaspersky Lab software from government computers.

The antivirus software, used by 400 million people around the world, was used by Russian hackers as a search tool to find code names of American intelligence programs running on computers around the world.

kaspersky antivirus hacked russian spies
Moscow-based Kaspersky Lab has 36 offices in 30 countries. Three of them are in the United States. Reuters

The operation is known to have stolen sensitive information from the home computer of a National Security Agency (NSA) employee. Other secrets that the operation may have uncovered have not yet been revealed publicly.

Antivirus software has been described as "the ultimate back door" by former NSA employee Blake Darché for its ability to provide covert espionage on users, or even as a platform to launch cyberattacks.

Like other antivirus software, Kaspersky Lab software requires complete access to the computer it is installed upon in order to effectively scan and check for viruses. If exploited, a hacker could technically gain access to everything stored on a computer running Kaspersky Lab antivirus software.

The Department of Homeland Security issued an order last month for all federal executive branch agencies to cease using antivirus products from Kaspersky Lab, citing "information security risks."

According to Elaine C. Duke, Acting United States Secretary of Homeland Security, the antivirus software provided "broad access to files" and "can be exploited by malicious cyber actors to compromise" federal computers.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information systems directly implicates U.S. national security," the Department of Homeland Security said in its statement last week.

Kaspersky released a statement claiming it has "never helped, nor will help, any government in the world with its cyberespionage efforts," while also requesting any relevant information from the U.S. government to enable Kaspersky to begin an investigation.

"Kaspersky Lab was not involved in, and does not possess any knowledge of, the situation in question," the statement read. "As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company.

"Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems."