UPDATED 22:06 EDT / OCTOBER 05 2017

INFRA

Russian hackers alleged to have stolen NSA data via Kaspersky antivirus software

Hackers acting on behalf of the Russian government are alleged to have stolen sensitive data, including exploits, from a contractor working for the National Security Agency, according to a report published Thursday.

The Wall Street Journal claimed that the hack took place in 2015 but was not discovered until spring in the following year and involved an NSA contractor taking classified code, documentation and other materials home to work on using his personal computer. Those materials included “details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying, and how it defends networks inside the U.S.”

And in another explosive claim, the unnamed sources in the report said the attack vector the hackers used was antivirus software from Kaspersky Lab, which the contractor was running on his computer.

“U.S. investigators believe the contractor’s use of the [Kaspersky] software alerted Russian hackers to the presence of files that may have been taken from the NSA” the report claimed. It added that “how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programmed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.”

Kaspersky disputed the report, saying in a statement that it had not been provided any evidence substantiating the company’s involvement in the alleged incident and that as a private company it “does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Founder Eugene Kaspersky (pictured) took the argument further in a blog post, saying that the report sounds like the script of a C movie before adding that he did agree with the suggestion in the report that the company is very aggressive in its methods of hunting for new malware, and proud of it.

“We absolutely and aggressively detect and clean malware infections no matter the source and we have been proudly doing it for 20 years,” Eugene Kaspersky said. “This is the reason why we consistently get top ratings in independent, third-party malware detection tests. We make no apologies for being aggressive in the battle against malware and cybercriminals – you shouldn’t accept any less. Period.”

The facts, as they stand, are that neither The Wall Street Journal nor the NSA has provided evidence that Kaspersky was involved in this hack.

Presuming that Kaspersky software was actually used in the hack, there is a reasonable alternative theory: Russia itself hacked the company to gain access to the data it was gathering. Indeed, Kaspersky was hacked in 2015, the same year the NSA contractor was allegedly hacked. According to a report from the time,  Kaspersky said that its own systems were compromised by hackers in an attack that was designed to spy on its newest technologies and “involved up to three previously unknown techniques,” suggesting a state-sponsored actor may have been involved.

The timing of The Wall Street Journal report on a hack discovered 18 months ago is also suspicious given that it comes at a time where the Federal Bureau of Investigation is investigating the company over its links to the Russian government, with the Trump White House and the Department of Homeland Security banning the use of Kaspersky software on computers. It would appear someone has an ax to grind with Kaspersky, a company that until recently has successfully competed with American firms in antivirus and security software.

Photo: Kaspersky

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU