UPDATED 22:20 EDT / OCTOBER 25 2017

INFRA

Kaspersky claims malware installed by NSA contractor led to secret data grab

Kaspersky Labs today said it obtained spying code used by the National Security Agency after it was scrapped when an NSA contractor installed malware on his computer.

According to details published Monday by Kaspersky, an internal investigation found one instance in 2014 where its detection subsystem caught what appeared to be Equation malware source code files, the top-security software used by the NSA to spy on users. Kaspersky’s antivirus software had been configured to send new malware samples automatically back to the company for analysis, explaining why it had ended up with a copy.

Then it just gets weird. The NSA contractor who shared the code with Kaspersky is said to have downloaded malware-laden piracy software in the form of a Microsoft Office key generator, and temporarily disabled the Kaspersky installation on his computer that would have prevented the software being installed. The malware,  Backdoor.Win32.Mokes.hvl, remained on the computer for a period of time afterward.

Once the contractor reactivated his antivirus protection, the software subsequently searched his machine, detected the malware and secret NSA code, then uploaded it to Kaspersky for further study. “Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” explained the company. “After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO.”

Once made aware that they had obtained NSA code, founder Eugene Kaspersky (pictured) ordered that all records of the code be deleted and did not share the details with third parties — most importantly, given the accusations at hand, with the Russian government.

Kaspersky argued that given how the company accidentally obtained the NSA code, anyone could have installed a backdoor on a computer hosting the code to obtain access to it. Kaspersky also claimed that given it had deleted the data, it could not have been stolen from it at a later date — in particular, during the alleged hacking of the company in 2015.

Concerns about Kaspersky’s links to the Russian government first emerged earlier this year, leading to a Federal Bureau of Investigation probe and bans on federal employees using the software by both the  Trump White House and the Department of Homeland Security.

Photo: Kai Mork/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.