Israel hacked Kaspersky, then tipped off the NSA about what it found: the US agency’s cyber toolkit

In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm: hacking tools that could only have come from the National Security Agency.

Israel notified the NSA, where alarmed officials immediately began a hunt for the breach, according to individuals familiar with the matter, who said an investigation by the agency revealed that the tools were in the possession of the Russian government.

Israelis spies had found the hacking material on the network of Kaspersky Lab, the global antivirus firm, now under a spotlight in the United States because of suspicions its products facilitate Russian espionage.

Last month, the Department of Homeland Security instructed federal civilian agencies to identify Kaspersky Lab software on their networks and remove it, on the grounds that “the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.” The directive followed a decision by the General Services Administration to remove Kaspersky from its list of approved vendors. And lawmakers on Capitol Hill are considering a governmentwide ban.

The NSA declined to comment on the Israeli discovery, which was first reported by The New York Times.

Kaspersky spokeswoman Sarah Kitsos said that “as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.” She said the company “does not possess any knowledge” of Israel’s hack.