The NSA has alleged that Russian hackers penetrated one of their contractor’s personal computers by exploiting Kaspersky’s anti-virus software, which the contractor had installed on his computer. The NSA has long suspected that Kaspersky has been cooperating with Russian spy agency, FSB. As a result, US government employees are no longer permitted to use any Kaspersky products.
The NSA contractor had illegally installed highly classified information on his own computer, which included information on techniques used by the NSA for breaking into foreign networks in order to collect intelligence. The NSA claims that FSB spies exploited a backdoor in the Kaspersky software in order to gain access to the classified material.
According to Kaspersky, the back door was not in its software, but in a pirated version of MS Office that the contractor installed on his computer. They claim that according to their analysis, the contractor disabled his Kaspersky security software in order to install the pirated Office software.
When Kaspersky was re-activated is when the exploits were discovered. Kaspersky further claims that when they discovered what the files contained, they destroyed them immediately, which was met with some skepticism.
According to the security firm, the antivirus software has detected malicious programs established by Equation. The Equation hacking group is suspected of ties to the NSA – on the device of an American consumer in 2014.
Following these detections, the user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator. To install and run this keygen, the user appears to have disabled the Kaspersky products on his machine. Executing the keygen would not have been possible with the antivirus enabled.
According to the company, the keygen was a Trojan which had a backdoor that had an ability to provide the access to the victim’s device.
Once the user turned on the internet security software again, the backdoor was blocked. In addition to that, the security software started to uncover variants of the Equation malware and a 7zip archive. This archive was found to contain: “multiple malware samples and source code for what appeared to be Equation malware”.
Once it was discovered, the CEO at Kaspersky was informed. It was stated that all malicious programs were removed from all of Kaspersky’s system and it wasn’t shared. It was noted that “Kaspersky Lab has never created any detection of non-weaponized (non-malicious) documents in its products based on keywords like 'top secret' and 'classified'.”
The incident is still ongoing:
The company will provide additional technical information as it becomes available. We are planning to share full information about this incident, including all technical details with a trusted third party as part of our Global Transparency Initiative for cross-verification.