Russian hackers used a Kaspersky Labs antivirus product to steal hacking tools from the National Security Agency (NSA), The Wall Street Journal reported Thursday.
Citing unnamed sources the WSJ said the Russians targeted a US government contractor that was using the Kaspersky product using it to identify documents being held on the contractor's system. The hack reportedly took place in 2015 and was only discovered this spring.
Kaspersky Labs' CEO Eugene Kaspersky immediately took to Twitter to refute the claim.
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
“With big power comes big responsibility. We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done,” he said in a company blog addressing the article.
In September the U.S. Department of Homeland Security banned the use of any Kaspersky product on a government computer citing concern over ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian network.”
Kaspersky went on to say that even if there were a few unethical people at his firm they would be countered by the “dozens” of internal technological and organisational barriers in place that would mitigate the situation, along with all the other employees, some of whom would be bound to see such nefarious moves and take action.
US Senator Jeanne Sheehan, D-NH, tweeted “This should serve as a stark warning to all. Trump admin should declassify info on Kaspersky Lab to raise awareness.”
Sen. Ben Sasse, R-Neb., called on the NSA to figure out its contractor problem. Edward Snowden was a contractor when he released reams of data from the NSA in 2013. He is currently wanted by the US and is living under asylum in Russia.
“Russia is a clear adversary in cyber-space and we can't afford these self-inflicted injuries,” Sasse said in a written statement.
A treasure trove of government hacking tools have been released, and then put to use by cyber-criminals, by Wikileaks and The Shadow Brokers, during the last year. The huge WannaCry and NotPetya attacks that took place earlier this year were based on vulnerabilities discovered by US government agencies.