Israeli intelligence officers were able to track in real time the actions of hackers backed by the Russian government as they attempted to steal information from American intelligence organizations through antivirus tools produced by Kaspersky Lab, the New York Times reported.
Officials from Israel who hacked into the network of Kaspersky more than two years ago warned their counterparts in the U.S. of the intrusion by Russia.
The Russian operation is believed to have netted classified information from an NSA employee who stored the data on a home computer on which the Kaspersky antivirus was installed.
"As the integrity of our products is fundamental to our business, Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concern they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity", the company stated. Nevertheless, the Times reports that the Kaspersky matter is unrelated to a series of other horrific revelations relating to hacking and loss of information by American intelligence units.
The House Science Committee is now planning to hold a series of hearings on software produced by Moscow-based Kaspersky Lab, the Hill has learned. Last month, the Department of Homeland Security banned federal executive-branch agencies from using any Kaspersky software, ordering them to clear it from their systems within 90 days.
This procedure was a useful way for Russian intelligence to survey and retrieve contents of classified machines. "Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts", the company said in a statement.
And late last month, the U.S. National Intelligence Council completed a classified report that it shared with NATO allies concluding that Russia's FSB intelligence service had "probable access" to Kaspersky customer databases and source code, the Post reported.
The initial speculation from Kaspersky and others about the Duqu 2.0 malware attack was that it was developed by the State of Israel and was also used against negotiators involved in the Iranian nuclear arms negotiations deal that was being discussed in 2015.
Kaspersky, a multinational company with headquarters in Moscow, produces widely-lauded antivirus software and boasts over 400 million customers worldwide.
Kaspersky Lab has repeatedly denied any knowledge of, or involvement in, Russian hack1ing.
Kaspersky spokeswoman Sarah Kitsos told the Washington Post on Tuesday that "as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight".
The statement leaves open the possibility that the company knew that its system was used, but simply chose not to interfere.