Russian spies didn’t need Kaspersky Lab’s antivirus to steal information from an NSA staffer: the computer was already infected with malware, according to the company.
Kaspersky Lab has been under massive scrutiny in the US after multiple reports that the Moscow-based security company had been working with the Russian government for digital espionage. US officials have been on high alert for Russian cyberattacks, which pose a national security risk from our electoral process to keeping the lights on.
Kaspersky’s software had allegedly helped steal the NSA’s hacking tools in 2015 and provided them to Russian spies, the Wall Street Journal first reported.
But an internal investigation from Kaspersky Lab suggests that the NSA staffer would have been hacked regardless of what antivirus program was on the computer. That’s because it had been infected with malware already.
The security company released preliminary details from its investigation on Wednesday, hours before the House Committee on Science and Technology’s hearing on Kaspersky Lab’s risks.
In the investigation, Kaspersky said the NSA staffer downloaded pirated software on his personal laptop, including an illegal Microsoft Office activation key generator, on Oct. 4, 2014.
“The malware dropped from the trojanized keygen was a full blown backdoor which may have allowed third parties access to the user’s machine,” Kaspersky said in its report.
The NSA did not respond to a request for comment. The staffer had already broken procedure by bringing classified data onto his personal computer at home.
Kaspersky Lab’s antivirus would have been able to block the malware disguised as a key generator, if the staffer didn’t disable the software to install it. After the staffer turned his antivirus back on, it spotted the hidden malware, along with a stash of the NSA’s hacking tools.
The antivirus is designed to find malware, and it doesn’t matter if it’s from a cybercriminal hiding it in pirated software or a government agency using it to hack nation states. That’s why Kaspersky’s antivirus picked up the NSA’s tools during its scans, the company said.
The NSA’s malware had come from The Equation Group, a hacking group within the government agency.
“Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” the company said.
An analyst alerted Eugene Kaspersky about picking up the NSA’s tools, and the CEO asked the archive be deleted. They said the program was not shared with any third parties.
It’s still unclear how these tools then ended up with Russian spies, but Kaspersky indicates that the malware hidden on the NSA’s staffer’s computer could have played a role. There have not been similar incidents in the three years after, according to the investigation.