The Central Intelligence Agency created and used code that pretended to be from Kaspersky Lab while hacking people, a big twist on what has been an ongoing saga of allegations of Kaspersky colluding with the Russian government, according to the latest release by Wikileaks of leaked top secret U.S. government files.
The Vault 8 release, issued Thursday, detailed the source code and development logs behind the CIA’s “Project Hive,” designed by the agency to implant malware to spy on targets outside the country. Within the released code was evidence that the CIA used fake certificates pretending to have been from Kaspersky Lab, meaning essentially that the agency was hacking people across the globe while impersonating Kaspersky.
“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said in a statement. “Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention.”
Kaspersky Lab has been in the spotlight since June after the Federal Bureau of Investigation raided the company’s employees as part of an investigation into claims the company was colluding with the Russian government to hack and steal information from the U.S. government. Despite there being no solid evidence to date, the company has since been banned by The White House and Department of Homeland Security from use by U.S. government agencies.
In a surprising twist in a story that already reads like a poorly edited self-published spy drama in Amazon.com Inc.’s Kindle book store, Kaspersky claimed last month that it had indeed gained access to top secret spying tools used by the National Security Agency, but only because a contractor accidentally installed malware on his or her computer. The company then claimed that after being made aware that it had accidentally accessed the code, it immediately deleted it.
Although much of the story to date has appeared to be nothing more than a witch hunt against Kaspersky Lab, the fact that Wikileaks has now revealed that the CIA itself was pretending to be the company while hacking people may finally provide some relief to the company going forward.