Israel reportedly behind discovery of Russian antivirus company’s spy links

Computer hackingIsraeli spy services were reportedly behind the United States government’s recent decision to purge Kaspersky Lab antivirus software from its computers, citing possible collusion with Russian intelligence. Last month, the US Department of Homeland Security issued a directive ordering that all government computers should be free of software products designed by Kaspersky Lab. Formed in the late 1990s by Russian cybersecurity expert Eugene Kaspersky, the multinational antivirus software provider operates out of Moscow but is technically based in the United Kingdom. Its antivirus and cybersecurity products are installed on tens of millions of computers around the world, including computers belonging to government agencies in the US and elsewhere. But last month’s memorandum by the US government’s domestic security arm alarmed the cybersecurity community by alleging direct operational links between the antivirus company and the Kremlin.

On Tuesday, The New York Times reported that the initial piece of intelligence that alerted the US government to the alleged links between Kaspersky Lab and Moscow was provided by Israel. The American paper said that Israeli cyber spies managed to hack into Kaspersky’s systems and confirm the heavy presence of Russian government operatives there. The Times’ report stated that the Israelis documented real-time cyber espionage operations by the Russians, which targeted the government computer systems of foreign governments, including the United States’. The Israeli spies then reportedly approached their American counterparts and told them that Kaspersky Lab software was being used by Russian intelligence services as a backdoor to millions of computers worldwide. The Israelis also concluded that Kaspersky’s antivirus software was used to illegally steal files from these computers, which were essentially infected by spy software operated by the Russian government.

It was following the tip by the Israelis that he Department of Homeland Security issued its memorandum saying that it was “concerned about the ties between certain Kaspersky [Lab] officials and Russian intelligence and other government agencies”. The memorandum resulted in a decision by the US government —overwhelmingly supported by Congress— to scrap all Kaspersky software from its computer systems. Kaspersky Lab has rejected allegations that it works with Russian intelligence. In a statement issued in May of this year, the company said it had “never helped, nor will help, any government in the world with its cyberespionage efforts”.

Author: Joseph Fitsanakis | Date: 11 October 2017 | Pemalink

Advertisements

Israel denies using computer virus to spy on Iran nuclear deal

Duqu 2.0The Israeli government rejected reports yesterday that its spy agencies were behind a virus found on the computers of three European hotels, which hosted American and other diplomats during secret negotiations on Iran’s nuclear program. Cybersecurity firm Kaspersky Lab said on Wednesday that it first discovered the malware, which it dubbed “Duqu 2.0”, in its own systems. The Moscow-based firm said the sophisticated and highly aggressive virus had been designed to spy on its internal research-related processes. Once they detected the malicious software in their own systems, Kaspersky technicians set out to map Duqu’s other targets. They found that the virus had infected computers in several Western countries, in the Middle East, as well as in Asia. According to Kaspersky, the malware was also used in a cyberattack in 2011 that resembled Stuxnet, the elaborate virus that was found to have sabotaged parts of Iran’s nuclear program in 2010.

However, Kaspersky said that among the more recent targets of the virus were “three luxury European hotels”, which appear to have been carefully selected among the thousands of prestigious hotels in Europe. The three appear to have only one thing in common: all had been patronized by diplomats engaged in the ongoing secret negotiations with Iran over the Islamic Republic’s nuclear program. Kaspersky was referring to the so-called P5+1 nations, namely the five permanent members of the United Nations Security Council plus Germany, who lead ‘the Geneva pact’. Israel has condemned the negotiations and has repeatedly expressed anger at reports that the Geneva pact is about to strike an agreement with Tehran over its nuclear program.

However, Israel’s deputy foreign minister flatly rejected Kaspersky’s allegations on Wednesday, calling them “pure nonsense”. Speaking on Israel Radio, Eli Ben-Dahan said Israel had “many far more effective ways” of gathering foreign intelligence and that it did not need to resort to computer hacking in order to meet its intelligence quotas. Israeli government spokespeople refused to comment on the allegations when asked late Wednesday.

Author: Joseph Fitsanakis | Date: 11 June 2015 | Permalink: https://intelnews.org/2015/06/11/01-1713/

Sophisticated cyberespionage operation focused on high-profile targets

Rocra malware programming codeBy JOSEPH FITSANAKIS | intelNews.org |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. Read more of this post