Kaspersky, a popular Russian antivirus software used by several U.S. agencies, was reportedly exploited by Russian hackers as a Google-like search tool to sniff out sensitive information, The New York Times reported on Tuesday night.
Israeli intelligence agents discovered the exploit after they broke into Kaspersky’s systems in 2014, and later tipped off U.S. intelligence agencies on the matter.
The Israeli agents reportedly stole passwords, took screenshots, and collected emails and documents, ostensibly to learn about Russian cyberespionage activities, and in doing so, found that Russian-sponsored hackers were using the Kaspersky software to scan for classified U.S. information that could be relayed back to intelligence agencies in Russia.
The U.S. government has vowed to stop using Kaspersky software.
Kaspersky Lab issued a statement on Tuesday denying any involvement in the Russian hacks: “Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products,” the statement read. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.”
On a broad scale, it is common for state-sponsored hackers to exploit antivirus software for surveillance purposes. Officials at the National Security Agency and the CIA have said they never used Kaspersky software for precisely that reason.