Kaspersky says suspected NSA code was lifted from U.S. computer

Register now

(Bloomberg) -- Russian cybersecurity giant Kaspersky Lab said it uploaded secret data linked to the National Security Agency from a personal computer in the U.S., though it said staff destroyed the material and didn’t show it to anyone outside the company.

The code was in a zip file containing malware samples that Kaspersky’s antivirus software removed from the home computer, the company said in a statement, confirming earlier reports about its involvement in the leak of classified material. The program automatically uploaded the file to Kaspersky’s specialists for further analysis, it said.

Russian hackers exploited vulnerabilities in the antivirus program to breach an NSA contractor’s computer in 2015 and steal classified files that he’d taken home, according to a person familiar with the matter. Israeli officials informed their U.S. counterparts about the operation after they hacked into Kaspersky’s network, the New York Times reported on Oct. 11.

The incident happened in 2014, a year earlier than reported, and Russian hackers weren’t involved, according to Kaspersky, whose products have been banned from U.S. government agencies since September amid concerns over the company’s alleged links to Russian intelligence. Kaspersky denies it has any connection to government spy agencies.

Malware CodeMoscow-based Kaspersky said staff who examined the computer file found it contained Equation malware code, a sophisticated hacking tool kit linked to the NSA. They reported the discovery to the company’s chief executive officer, Eugene Kaspersky, who ordered the samples deleted. The company didn’t share the code with any third party, according to the statement.

The U.S. computer user compromised the machine’s security by deactivating the Kaspersky program in order to install pirated software, according to the company. The illegal software infected the computer with a backdoor virus “which may have allowed third parties access to the user’s machine,” the company said, adding that the vulnerability was detected and blocked when the person reactivated Kaspersky’s antivirus.

Kaspersky said its own networks hadn’t been breached by Russian hacker viruses or any other instruments besides the Duqu 2.0. malware in 2015. Computer experts have linked that virus to Israel.

Earlier this week, Kaspersky announced it will provide the source code of its antivirus software for independent review.

Bloomberg News