Jump to content
Fi8sVrs

Kaspersky defends its role in NSA breach

Recommended Posts

_98777398_b27faf31-2581-46d8-ab69-122a71

Eugene Kaspersky has denied his company has worked with the Kremlin to hack others

 

The Russian-headquartered anti-virus company Kaspersky Lab has hit back at reports it deliberately extracted sensitive files from a US National Security Agency worker's computer.

 

The allegations Please login or register to see this link. report in early October.

 

Russian hackers had used Kaspersky software to identify classified files on the NSA contractor's home computer, which they then stole, it said.

 

It later emerged Kaspersky had also copied files off the PC itself.

 

_98777400_e9689632-1a05-49c7-95f8-559899

An NSA contractor was said to have installed Kaspersky's software on a personal computer

 

But the company Please login or register to see this link. and any classified documents were destroyed.

 

It said its researchers had been investigating malicious software created by "the Equation Group", which is widely understood to be Kaspersky's codeword for the NSA.

 

And this research had included looking for signatures relating to known Equation activity on machines running the company's software.

 

On 11 September 2014, the company said, one of its products deployed on a home computer with an internet protocol (IP) address in Baltimore, Maryland - close to where the NSA is based - had reported what appeared to be variants of the malware used by the Equation Group.

 

_98777402_70afde17-3504-4066-a9a0-1c0cd9

Kaspersky Lab denies sharing any of the copied archive's files with third parties

 

Soon after, the user had disabled the Kaspersky Lab anti-virus tool and downloaded and installed pirated software infected with another, separate form of malware.

 

And when the Kaspersky product had been re-activated, it had also detected this malware and new variants of Equation malware inside a 7zip archive - a file containing compressed documents.

 

This had been sent back to Kaspersky Lab and found to contain known and unknown Equation tools, source code and classified documents, indicating the user of the computer had been not a victim of Equation but one of its authors.

 

Eugene Kaspersky, the company's founder and chief executive, had then ordered the classified data should be deleted from the company's systems, and within days it had been.

 

_98777404_e79e0fc6-7af7-4833-9f09-d01e12

The scandal overshadowed Kaspersky's 20th anniversary celebrations earlier this month

 

Kaspersky had kept only the malware "binaries", computer code necessary to improve protection for its customers.

 

Quote

"According to security software industry standards, requesting a copy of an archive containing malware is a legitimate request," the firm said.

 

 

Quote

"We also found no indication the information ever left our corporate networks."

 

 

The Wall Street Journal report had said the Russian government had secretly scanned computers using Kaspersky software to spy on the US government - not necessarily with the company's knowledge.

 

Israeli intelligence

Kaspersky denies creating "signatures" specifically designed to search for top secret or classified material.

 

And it has now said the only third-party intrusion in its networks was by Duqu 2.0 - malware linked to Israeli intelligence.

 

Following the Wall Street Journal report, Please login or register to see this link. that Israel had penetrated Kaspersky's networks in 2014 and alerted the US to the possibility of Kaspersky software being used for espionage.

 

Kaspersky has also said the separate form of malware not linked to the Equation Group that it had detected on the Maryland PC, had been Smoke Bot or Smoke Loader, a Trojan created by a Russian hacker in 2012 and sold on Russian underground forums.

 

Prime target

And during this period the command-and-control servers of this malware were registered to what appeared to be a Chinese entity.

 

Quote

"Given that system owner's potential clearance level, the user could have been a prime target of nation states," the Kaspersky spokesman said.

 

US federal agencies have now been told to remove all Kaspersky software from their computers.

 

Quote

The Kaspersky spokesman said: "Kaspersky Lab security software, like all other similar solutions from our competitors, has privileged access to computer systems to be able to resist serious malware infections and return control of the infected system back to the user," the company says in its statement.

 

Quote

"This level of access allows our software to see any file on the systems that we protect. With great access comes great responsibility."

 

Via Please login or register to see this link.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×