UPDATED 22:20 EST / OCTOBER 25 2017

INFRA

Kaspersky claims malware installed by NSA contractor led to secret data grab

Kaspersky Labs today said it obtained spying code used by the National Security Agency after it was scrapped when an NSA contractor installed malware on his computer.

According to details published Monday by Kaspersky, an internal investigation found one instance in 2014 where its detection subsystem caught what appeared to be Equation malware source code files, the top-security software used by the NSA to spy on users. Kaspersky’s antivirus software had been configured to send new malware samples automatically back to the company for analysis, explaining why it had ended up with a copy.

Then it just gets weird. The NSA contractor who shared the code with Kaspersky is said to have downloaded malware-laden piracy software in the form of a Microsoft Office key generator, and temporarily disabled the Kaspersky installation on his computer that would have prevented the software being installed. The malware,  Backdoor.Win32.Mokes.hvl, remained on the computer for a period of time afterward.

Once the contractor reactivated his antivirus protection, the software subsequently searched his machine, detected the malware and secret NSA code, then uploaded it to Kaspersky for further study. “Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” explained the company. “After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO.”

Once made aware that they had obtained NSA code, founder Eugene Kaspersky (pictured) ordered that all records of the code be deleted and did not share the details with third parties — most importantly, given the accusations at hand, with the Russian government.

Kaspersky argued that given how the company accidentally obtained the NSA code, anyone could have installed a backdoor on a computer hosting the code to obtain access to it. Kaspersky also claimed that given it had deleted the data, it could not have been stolen from it at a later date — in particular, during the alleged hacking of the company in 2015.

Concerns about Kaspersky’s links to the Russian government first emerged earlier this year, leading to a Federal Bureau of Investigation probe and bans on federal employees using the software by both the  Trump White House and the Department of Homeland Security.

Photo: Kai Mork/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU