Kaspersky defends role in NSA breach

The Russian-headquartered anti-virus company Kaspersky Lab has hit back at reports it deliberately extracted sensitive files from a US National Security Agency worker’s computer.
The allegations stem from a Wall Street Journal report in early October.
Russian hackers had used Kaspersky software to identify classified files on the NSA contractor’s home computer, which they then stole, it said.
It later emerged Kaspersky had also copied files off the PC itself.
But the company has now said this was not deliberate and any classified documents were destroyed.
It said its researchers had been investigating malicious software created by “the Equation Group”, which is widely understood to be Kaspersky’s codeword for the NSA.
And this research had included looking for signatures relating to known Equation activity on machines running the company’s software.
On 11 September 2014, the company said, one of its products deployed on a home computer with an internet protocol (IP) address in Baltimore, Maryland – close to where the NSA is based – had reported what appeared to be variants of the malware used by the Equation Group.
Soon after, the user had disabled the Kaspersky Lab anti-virus tool and downloaded and installed pirated software infected with another, separate form of malware.
And when the Kaspersky product had been re-activated, it had also detected this malware and new variants of Equation malware inside a 7zip archive – a file containing compressed documents.
This had been sent back to Kaspersky Lab and found to contain known and unknown Equation tools, source code and classified documents, indicating the user of the computer had been not a victim of Equation but one of its authors.
Eugene Kaspersky, the company’s founder and chief executive, had then ordered the classified data should be deleted from the company’s systems, and within days it had been.
Kaspersky had kept only the malware “binaries”, computer code necessary to improve protection for its customers.
“According to security software industry standards, requesting a copy of an archive containing malware is a legitimate request,” the firm said.
“We also found no indication the information ever left our corporate networks.”
The Wall Street Journal report had said the Russian government had secretly scanned computers using Kaspersky software to spy on the US government – not necessarily with the company’s knowledge.

Leave a Reply