Kaspersky Admits To Reaping Hacking Tools
Kaspersky has admitted that code or hacking tools that belonged to the US National Security Agency (NSA) was lifted from one PC for analysis. They are also adamant about the fact that it was entirely unintentional. According to a report from the Wall Street Journal, the Russian firm specifically targeted the NSA employee who was working on the agency’s hacking tools. Kaspersky has denied those claims.
The report went on to say that the employee took classified work material home. While running them on his PC, which was running Kaspersky’s antivirus, the files were flagged. The Russian government was able to get hold of this information.
Even though Kaspersky said time and again that it did not do what it was accused of, the rumors of being associated with the Russian government was enough to ensure their products were banned on all federal networks. There are a number of theories associated with what actually happened. We only know what Kaspersky has issued in their statement.
NSA’s Equation Group Code
The Moscow-based firm said that it carried out a preliminary investigation of the incident reported by the journal. The journal was right on one account but they got the year wrong. The code belonging to NSA’s Equation Group was taken in 2014, rather than 2015 and the company was involved in an Advanced Persistent Threat (APT) investigation at the time. It was due to this that the detection subsystems…
“caught what appeared to be Equation malware source code files.”
There were over 40 active infections worldwide at the time, but one of the…
“infections” in the US “consisted in what appeared to be new, unknown and debug variants of malware used by the Equation group.”
Pirated Software Installed
The company goes on to explain that the employee in question had installed pirated software on his computer as illegal keygens were present. This keygen was infected with a malware known as Backdoor.Win32.mokes.hvl. The antivirus when enabled caught this malware and scans were run by the user to remove the Trojan. This resulted in the antivirus getting hold of the Equation group hacking tools, These were then uploaded to the cloud like any other threat, as per protocol.
“One of the files detected by the product as new variants of Equation APT malware was a 7zip archive,” Kaspersky says. “The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,”
When the analyst reported these findings to the CEO Eugene Kaspersky, he ordered the archive to be deleted instantly from the company’s systems. The company claims that this was an isolated incident and any information obtained is not processed in any special way. The company hopes that the public statement will clear up the matter and help them gain back their customers.
The security firm says that the investigation…
“confirmed that Kaspersky Lab has never created any detection of non-weaponized (non-malicious) documents in its products based on keywords like “top secret” and “classified.” The CEO went on and added “If we see confidential or classified information, it will be immediately deleted and that was exactly (what happened in) this case,”
“We believe the above is an accurate analysis of this incident from 2014,” the company says. “The investigation is still ongoing, and the company will provide additional technical information as it becomes available. We are planning to share full information about this incident, including all technical details with a trusted third party.”