How Israel Caught Russian Hackers Scouring the World for U.S. Secrets<br />What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab,<br />that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.<br />The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National<br />Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed.<br />In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state<br />attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N. S.A.<br />— and the “Regin” campaign, another industry term for a hacking unit inside the United<br />Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ<br />Acting Department of Homeland Security Secretary Elaine C. Duke cited the “information security risks” presented by Kaspersky<br />and said the company’s antivirus and other software “provide broad access to files” and “can be exploited by malicious cyber actors to compromise” federal computer systems.<br />The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has<br />not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.
