Kaspersky Lab Has Been Repeatedly Targeted By U.S., British, and Israeli Intelligence Services

2015 was a busy year for Western intelligence agencies and Kaspersky Lab.

SOMETIME IN EARLY 2015 — An NSA contractor was caught with classified materials on his home computer thanks to Kaspersky Lab AV software working exactly as it should.

FEBRUARY 2015 — Kaspersky Lab released a detailed report on how the NSA had been breaching systems in 42 countries for the past fourteen years.

A few days later, a group of CIA contractors did a post-mortem on what mistakes the NSA had made which allowed Kaspersky’s GReAT team to detect them.

JUNE 2015 — Kaspersky Lab discovered that its own corporate network had been breached for almost a year by the Israeli government.

JUNE 2015- The Intercept published a lengthy article that described NSA and GCHQ projects to compromise Kaspersky Lab as part of an overall program to leverage anti-virus software for espionage purposes.

British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

Unfortunately for Kaspersky Lab, a privately-held company that has out-performed every other AV vendor in the world for identifying and reporting on sophisticated threat actors including Russian ones, it has now become a victim of unsubstantiated and anonymous claims published in the Wall Street Journal, New York Times, and Washington Post. One of the worst, however, was published yesterday on the CyberScoop blog:

In the first half of 2015, Kaspersky was making aggressive sales pitches to numerous U.S. intelligence and law enforcement agencies, including the FBI and NSA, multiple U.S. officials told CyberScoop. The sales pitch caught officials’ attention inside the FBI’s Counterterrorism Division when Kaspersky representatives boasted they could leverage their product in order to facilitate the capture of targets tied to terrorism in the Middle East. While some were intrigued by the offer, other more technical members of the intelligence community took the pitch to mean that Kaspersky’s anti-virus software could effectively be used as a spying tool, according to current U.S. intelligence officials who received briefings on the matter.

In retrospect, it’s fascinating to note that as Kaspersky Lab was looking to assist foreign governments with a cyber intelligence feed (not their consumer AV product as reported), that the company itself was under attack by foreign intelligence services whose covert cyber espionage campaigns they had outed: Regin (GCHQ); DuQu (Unit 8200); Equation Group (NSA).

So to start things off, there was a fundamental confusion about the product that was being sold by Kaspersky Lab to federal agencies. But the next claim in the CyberScoop article bordered on insanity:

The flirtation between the FBI and Kaspersky went far enough that the bureau began looking closely at the company and interviewing employees in what’s been described by a U.S. intelligence official as “due diligence” after Counterterrorism Division officials viewed Kaspersky’s offerings with interest.
The examination of Kaspersky was immediately noticed in Moscow. In the middle of July 2015, a group of CIA officials were called into a Moscow meeting with officials from the FSB, the successor to the KGB. The message, delivered as a diplomatic démarche, was clear: Do not interfere with Kaspersky.


Kaspersky Lab U.S. is doing what it’s supposed to do — sell a competitive product (cyber threat intelligence) to U.S. government agencies that are in the market for those products. The FBI, to its credit, expresses interest and does some due diligence. And THAT caused an international incident?

Assuming that FSB-CIA meeting actually took place in Moscow, wouldn’t it have been about the NSA, GCHQ, and Unit 8200’s efforts to attack and breach a privately held Russian company to conduct espionage? After all, Kaspersky Lab had just announced that it had been breached by a State actor one month earlier.

But no, that’s not what generated a Demarche, right? It was that damn due diligence by a U.S. government agency THAT WANTED TO BUY KASPERSKY SOFTWARE.

Any software company in the world that is found to be spying on its customers deserves to be exposed for such a heinous act. The consequences to the company would be fatal, and therefore the standard of proof needs to be high. Kaspersky Lab has suffered more slander from more supposedly reputable news outlets than any company in recent memory, and the only thing that they’re guilty of is being able to detect some of the world’s most sophisticated malware when its running on your laptop.

That’s some heinous shit right there.