A New Trojan Horse: The Kaspersky Software Hack of US Intelligence

Published with Permission by:
Lint, James R., “A New Trojan Horse: The Kaspersky Software Hack of US Intelligence”, In Cyber Defense, 18 October 2017, Web,

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
InCyberDefense and Contributor, In Homeland Security

According to legend, when the warring Greeks were unable to pierce the defenses of the city of Troy, they presented Troy with a gift — a huge, hollow wooden horse known as the “Trojan Horse.” Since then, the term “Trojan horse” has come to refer to subversion or sabotage from within.

Beginning in the late 20th century, the term was applied to deceptive computer codes that seemed like legitimate applications. However, this software was actually written to deliberately damage or disrupt a computer’s programming or to steal information from it.

If Software Seems Too Good To Be True, It Is When it’s Made in Russia

Sometimes when something looks too good or is priced too low, it usually is too good to be true. So imagine a large nation-state that was the West’s main foe during the Cold War creating software to help the West. Would you buy its software to protect your systems?

Can Antivirus Software Be an Espionage Tool?

Amazingly, U.S. government agencies and others did just that; they bought expensive enterprise packages of Kaspersky Lab’s antivirus cyber security software from Russia. According to US-CERT, “anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software.”

Now, as the result of new revelations, buying Russian-made software is reminiscent of the Trojans taking their equine gift inside their city walls. Of course, that did not work out so well for the people of Troy. That night, Greek soldiers hidden inside the Trojan horse got out, opened the city gates and allowed their army to take the city.

A recent New York Times article revealed how the Israelis hacked into Kaspersky Lab’s own network and alerted the National Security Agency (NSA) to the Russian intrusion into U.S. government computer systems.

“The Russian operation was known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed,” the Times story said. “What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.”

Who Paid Kaspersky for This Russian Espionage?

The revelation exposed how easily Russia was able to target American individuals and government organizations for espionage. The irony here is that Americans paid Kaspersky Lab for the privilege of using its antivirus software that sucked out their information and sent it to Russia. Russia ran an espionage operation against the U.S. sponsored by a Russian business and possibly by the Russian government.

As the Times reported: “For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. More than 60 percent, or $374 million, of the company’s $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force.”

The Greeks gave Troy the Trojan Horse for free; the Russians did the Greeks one better. They made the West pay millions of dollars for their digital Trojan horse.

Kaspersky’s business was a wonderful way to help boost the Russian economy and add jobs at a time when oil prices had dropped. It was also a brilliant espionage operation, which could bring further income to Russia from the theft of Western research and development (R&D) information and economic espionage.

Although Their Espionage Succeeded, Russian Creators Won’t Receive Public Recognition

When you look at the U.S. government agencies that used the Kaspersky Lab software, you see a textbook list of targets for a hostile nation-state or competitor. You rarely see, however, this group of espionage targets paying a foreign power to take their information, intelligence and research and development materials.

The Russians who thought up and perpetrated this Trojan horse operation probably received a wonderful reward from a very grateful Russian government. As is common in the intelligence field, the creators probably will never be able to talk about or share their award outside the Kaspersky offices or the Kremlin walls. After all, they do not want a foreign power learning their secrets.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”