Update: Russian hackers use Kaspersky AV, find NSA info on home device

News by Teri Robinson

Home computer of National Security Agency (NSA) worker contained classified data, detected by Russian hackers using Kaspersky AV software.

Israel's discovery that Russian hackers had used anti-virus software from Kaspersky Lab to search computers worldwide for information on US intelligence programmes reportedly prompted the US government in September to ban the security company's software from all US federal agencies. 

Russia's efforts were uncovered by the country's intelligence officers who hacked into Kaspersky's networks and spied on the Russian spies in real time, the New York Times reported

While it's not known the extent of the information the hackers gleaned, the Times cited sources as saying that they did successfully pilfer classified data from the home computer of a National Security Agency (NSA) worker outfitted with Kaspersky AV software. 

Expressing concerns that Russian company Kaspersky Lab has connections to cyber-espionage activities, the US government banned the use of Kaspersky Lab security software, according to a binding order released by Department of Homeland Security (DHS) Acting Secretary Elaine Duke.

The order gave US federal agencies three months to inventory and remove the software.

Kaspersky Labs has always denied any wrong-doing and called for evidence of any inappropriate government collusion to be revealed, insisting that there is none.

As for the use of Kaspersky anti-virus to locate NSA activity, in his own blog, Eugene Kaspersky commented:  “We absolutely and aggressively detect and clean malware infections no matter the source, and have been proudly doing so for 20 years. This is the reason why we consistently get top ratings in independent, third-party malware detection tests. We make no apologies for being aggressive in the battle against malware and cyber-criminals – you shouldn't accept any less. Period.

“We hunt for and analyse all kinds of threats. We ignore none. ...Customers' security is our mission, and we're committed to protect against all kinds of cyber-threats regardless their origin or purpose. This approach is the foundation of our business and is what our users pay for."

That NSA contractors still have confidential data on home devices was also criticised by some commentators, with Lee Munson, security researcher at Comparitech.com emailing SC Media UK to say, "So, the NSA has been caught out by the internal threat and a lack of basic security hygiene in recent years.

“How embarrassing!

“That Snowden was able to go to great lengths to exfilitrate data in ingenious ways is, perhaps, forgivable but after that event, how was another contractor allowed to get classified data onto his own personal machine, especially after Harold Martin was arrested for the exact same thing?

“That question begs a response from the National Security Agency around its own physical security defences and the mind-set of the people it works with, rather than an unwarranted backlash against Kaspersky Lab which seems to be motivated by the fact that its owner is Russian, rather than any actual evidence.

“In a world of hi-tech hacking tools and mass data collection programmes, it seems the NSA actually needs to get back to basics, starting with security awareness training for its highly skilled people - who really ought to know better."


In a blog today Eugene Kaspersky commented further on the NSA hack story, saying, “In 2015 ... a spy-software developer was working at home on same spy-software, having all the instrumentation and documentation he needed for such a task, and protecting himself from the world's computer maliciousness with our cloud-connected product.

“Now, what could have happened next? This is what:

“Malware could have been detected as suspicious by the AV and sent to the cloud for analysis. For this is the standard process for processing any newly-found malware – and by ‘standard' I mean standard across the industry; all our competitors use a similar logic in this or that form. ... In ~99.99 percent of cases, analysis of the suspicious objects is done by our machine learning technologies, and if they're malware, they're added to our malware detection database (and also to our archive), and the rest goes in the bin. The other ~0.1 percent of data is sent for manual processing by our virus analysts, who analyze it and make their verdicts as to whether it's malware or not.”

While a hack of Kaspersky products by Russian-government-backed hackers was accepted as theoretically possible, Kaspersky put the probability at zero, as, when it found its own network an attacked by an unknown seemingly state-sponsored actor – Duqu2, a detailed audit of source code, updates and other technologies found no signs whatsoever of any third-party breach.

Kaspersky concluded: “If the story about our product's uncovering of government-grade malware on an NSA employee's home computer is real, then that, ladies and gents, is something to be proud of.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews