Spy vs. Spy vs. Spy: Did Israel Use Russian Software to Spy on U.S.?


As I’ve often mentioned, I don’t pay that much attention to all the Spy vs. Spy allegations in the papers because:

A) How should I know what really happened?

B) The basic rule of intelligence is to assess capabilities rather than intentions.

For example, if, say, the Russians have the capability to spy on the U.S., they probably will do so. Similarly, if the Israelis have the capability to spy on the U.S., they probably will do so.

This way of thinking is alien to the growing style of merely determining who are the Good Guys and who are the Bad Guys and leaving it at that.

From the New York Times:

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

By NICOLE PERLROTH and SCOTT SHANE OCT. 10, 2017

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers. …

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

… But the role of Israeli intelligence in uncovering that breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed. …

For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. …

That directive, which some officials thought was long overdue, was based, in large part, on intelligence gleaned from Israel’s 2014 intrusion into Kaspersky’s corporate systems. …

Kaspersky Lab did not discover the Israeli intrusion into its systems until mid-2015, when a Kaspersky engineer testing a new detection tool noticed unusual activity in the company’s network. The company investigated and detailed its findings in June 2015 in a public report.

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded.

In other words, Israel was implanting backdoors in Russian software in order to spy on the negotiations with Iran that the United States was involved in.

Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

Kaspersky’s researchers noted that attackers had managed to burrow deep into the company’s computers and evade detection for months. Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky’s systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.

In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N.S.A. — and the “Regin” campaign, another industry term for a hacking unit inside the United Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ. …

It is not clear whether, or to what degree, Eugene V. Kaspersky, the founder of Kaspersky Lab, and other company employees have been complicit in the hacking using their products. …

But experts on Russia say that under President Vladimir V. Putin, a former K.G.B. officer, businesses asked for assistance by Russian spy agencies may feel they have no choice but to give it.

This is of course totally different from, say, Israeli companies that sell software to American telephone companies for tracking who calls whom. There is no way that those Israeli firms have anything to do with Israeli intelligence. And Israeli intelligence would never ever ask an Israeli software firm to let them know, say, who Senator Lindsey Graham calls.

Seriously …

The U.S.-Russia-Israel triangle is particularly interesting because of sizable flows of very high IQ individuals among these countries from 1973 onward, when the U.S. pushed through legislation to, in effect, begin stripping the Soviet Union of many of its smartest people via demanding Soviet Jews be allowed to emigrate.

For instance, my wife’s uncle, a USAF colonel, used to drop by East Berlin to quietly talk shop in a car in a dark sidestreet about aerospace metallurgy with vacationing Soviet Jewish defense scientists during their five year cooling off period before they were allowed to emigrate.

Of course, now that I think about it, the KGB likely salted Soviet loyalists among the emigres, so maybe he was a patsy in a KGB disinformation scheme to send the U.S. off on expensive wild goose hunts.

I’ve never seen much speculation on this idea that the Soviets/Russians would have excellent incentives to infiltrate their own Jewish loyalists among the post-1973 emigres.

We’ve been trained to assume that no Jewish person could possibly be loyal to their native country because the Russians were so hatefully anti-Semitic that all Jews must be Russophobes.

Of course, in reality, Moscow in the 1990s turned heavily to American and semi-American Jews for strategic advice, like Larry Summers, Jeffrey Sachs, Stanley Fischer, and Andrei Shleifer, raising questions about the Narrative of Russian anti-Semitism. Similarly, in the 21st Century, Putin maintains cordial relations with more conservative Jews and with Israel.

Or, even more speculatively, maybe the sudden Israeli explosion into becoming an exporter of software for controlling telecommunications in America was actually in part a KGB effort to infiltrate America with Israeli software that included backdoors not just back to Israel but perhaps to Russia as well?

Back in 2001, Fox reporter Carl Cameron ran a four part series on Israeli spying in the United States that was quickly spiked and deleted from the network’s archives.

Beyond the usual reasons, perhaps the American deep state had patriotic reasons for objecting to Cameron drawing attention to Israeli assets in the U.S. Perhaps the U.S. considered them compromised not just by Israeli intelligence, but by Russian intelligence as well, and was using them to feed disinformation to Moscow?

Who knows? It’s all a wilderness of mirrors.

[Comment at Unz.com]