Kaspersky's Slingshot malware revelation sabotages US intelligence operation targeting ISIS

Compromise of MikroTik routers attributed to US Joint Special Operations Command

Security firm Kaspersky's Slingshot revelation ten days ago sabotaged a US intelligence operation targeting ISIS terrorists in Afghanistan, Iran, Sudan and Somalia, it has been claimed.

The Slingshot malware was found to have compromised a small number of routers made by MikroTik, a Latvian manufacturer of networking hardware. The malware took advantage of security flaws in the routers' firmware and is believed to have been active since 2012.

Now, though, Cyberscoop claims that Slingshot is - or was, up until about ten days agao - an active, US-led cyber espionage operation designed for counterterrorism.

The report suggests that Kaspersky's revelations has effectively burned the US intelligence operation, which was also operational in Congo and Libya.

Kaspersky didn't speculate which nation-state may have been behind the spyware, although the list of countries in which it turned up pointed the finger firmly in one direction. But Cyberscoop claims to have been told by both current and former US intelligence officials that Slingshot is a US military program run by the Joint Special Operations Command (JSOC).

Slingshot reportedly enabled US intelligence and military to collect information about terrorists by snooping on computers they regularly used. Slingshot was also used to snoop on internet café traffic in developing countries as terrorist groups like ISIS and al-Qaeda are known to use them to communicate.

The claims, if true, won't do anything to enhance Kaspersky's reputation in and around the US government and intelligence services, following a US Department of Homeland Security order to remove all Kaspersky software from government networks.

While Kaspersky has rejected such claims, it this week revealed plans to open a data centre in Switzerland to combat concerns that its anti-virus software, which routinely sends back suspect files for analysis, could be compromised and used by Russia's security services to spy on networks overseas.

While the Slingshot revelation was likely just a regular exploit and security probe that cybersecurity companies routinely undertake, the whole operation is likely to have been shut down by the US intelligence services.

"SOP [standard operating procedure] is to kill it all with fire once you get caught," a former intelligence official told Cyberscoop. "It happens sometimes and we're accustomed to dealing with it. But it still sucks … I can tell you this didn't help anyone."