Connect with us

International

Kaspersky defends its role in NSA breach

Published

on

Eugene Kaspersky has denied his company has worked with the Kremlin to hack others


The Russian-headquartered anti-virus company Kaspersky Lab has hit back at reports it deliberately extracted sensitive files from a US National Security Agency worker’s computer.

The allegations stem from a Wall Street Journal report in early October.

Russian hackers had used Kaspersky software to identify classified files on the NSA contractor’s home computer, which they then stole, it said.



It later emerged Kaspersky had also copied files off the PC itself.

But the company has now said this was not deliberate and any classified documents were destroyed.

It said its researchers had been investigating malicious software created by “the Equation Group”, which is widely understood to be Kaspersky’s codeword for the NSA.

Advertisement
Read Also Man Utd revenues grow thanks to TV pay, match-day income

And this research had included looking for signatures relating to known Equation activity on machines running the company’s software.

On 11 September 2014, the company said, one of its products deployed on a home computer with an internet protocol (IP) address in Baltimore, Maryland – close to where the NSA is based – had reported what appeared to be variants of the malware used by the Equation Group.

The Lab denies sharing any of the copied archive’s files with third parties


Soon after, the user had disabled the Kaspersky Lab anti-virus tool and downloaded and installed pirated software infected with another, separate form of malware.

And when the Kaspersky product had been re-activated, it had also detected this malware and new variants of Equation malware inside a 7zip archive – a file containing compressed documents.

This had been sent back to Kapersky Lab and found to contain known and unknown Equation tools, source code and classified documents, indicating the user of the computer had been not a victim of Equation but one of its authors.

Eugene Kaspersky, the company’s founder and chief executive, had then ordered the classified data should be deleted from the company’s systems, and within days it had been.

Advertisement

Kaspersky had kept only the malware “binaries”, computer code necessary to improve protection for its customers.

“According to security software industry standards, requesting a copy of an archive containing malware is a legitimate request,” a spokesman said.
“We also found no indication the information ever left our corporate networks.”

The Wall Street Journal report had said the Russian government had secretly scanned computers using Kaspersky software to spy on the US government – not necessarily with the company’s knowledge.

More on BBC

Advertisement

Copyright © 2015 - 2024 ChronicleNG

Discover more from Chronicle.ng

Subscribe now to keep reading and get access to the full archive.

Continue reading