Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Admits To Reaping Hacking Tools From NSA Employee PC (zdnet.com)

Posted by msmash on from the he-said-she-said dept.

Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. From a report: In October, a report from the Wall Street Journal claimed that in 2015, the Russian firm targeted an employee of the NSA known for working on the intelligence agency's hacking tools and software. The story suggested that the unnamed employee took classified materials home and operated on their PC, which was running Kaspersky's antivirus software. Once these secretive files were identified -- through an avenue carved by the antivirus -- the Russian government was then able to obtain this information. Kaspersky has denied any wrongdoing, but the allegation that the firm was working covertly with the Russian government was enough to ensure Kaspersky products were banned on federal networks. There was a number of theories relating to what actually took place -- was Kaspersky deliberately targeting NSA employees on behalf of the Kremlin, did an external threat actor exploit a zero-day vulnerability in Kaspersky's antivirus, or were the files detected and pulled by accident? According to Kaspersky, the latter is true. On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place. It was actually a year earlier than the WSJ believed, in 2014, that code belonging to the NSA's Equation Group was taken.

7 of 139 comments (clear)

  1. Beleivable by AmiMoJo · · Score: 5, Insightful

    Their version of events is much more believable than the others offers so far. Guy takes home the NSA malware, disables Kaspersky to install some warez and then realizes his machine has been p0wned, so does multiple full scans. The NSA malware is picked up during those scans and automatically submitted for analysis (the default behaviour). During this time his machine had an open backdoor.

    What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details. Failure to do so is far worse than simply sharing it with the Russian government, who I'd assume already had copies anyway given how leaky the NSA is.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re: Beleivable by Baron_Yam · · Score: 5, Insightful

      >Not that I care if the NSA figures out my porn preferences

      You should, so long as there are people out there who would punish you for them. There's a seemingly unending supply of sanctimonious people out there who will outright ruin your life if they find something about you personally distasteful.

      Even though you and I are likely so unimportant to the state and they're unlikely to use what they find against you, just on general principles you should want privacy from the government as a general rule whenever it is practical.

      When the three letter agencies have access to everyone's secrets, they're no longer serving the public since they have the power to control those who are supposed to be in power.

  2. The AV software was configured as such by Anonymous Coward · · Score: 5, Insightful

    No surprise here,
    Source: https://arstechnica.com/information-technology/2017/10/worker-who-snuck-nsa-secrets-home-had-a-backdoor-on-his-pc-kaspersky-says/?comments=1

    Direct quote:
    The NSA worker's computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.

  3. Data trail by YrWrstNtmr · · Score: 3, Insightful

    NSA->employee->Home system->Kaspersky AV->Kaspersky Lab servers --------> Russian Govt?

    If Kaspersky isn't working with the Russian govt, how did their Lab data end up with the Russian govt?

    Oh, and the NSA dude needs some jail time as well.

    1. Re: Data trail by guruevi · · Score: 5, Insightful

      Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  4. Overreaction to business as usual by cloud.pt · · Score: 5, Insightful

    So basically, commercial software, namely an antivirus, proceeded as intended (detected malicious/suspicious code). Nothing new.

    Then the Russian gov., just like the US or the UK govs. pulled that software/information based on the principle of screwing anyone's privacy (especially foreigners) over national security concerns (which when you look at it from an impartial point of view, like me (someone who literally stands between both countries in western Europe), it's a contextually solid argument, even though I am completely opposed to this relegation of privacy to second place. This is also not new, and the US knows this happens frequently. They know it because they also do it. How many Sillicon Valley corps. are sueing the US gov. to prevent just that? (Well, Microsoft just dropped it because, well, the government had a bad case and decided to pull back).

    At least they're not loading Linksys hardware with trojans for deployment to China and Russia's top tier installations.

    Seems like a very plausible explanation from Kaspersky, clearly not at fault, and will be a clear case of hypocrisy by whichever government decides to slander private business of the company. Not only is the government at fault (that was bad BAD behavior from the employee, unless he was whistleblowing something, like Snowden), but they also do this.

    Demand local servers, just like Brasil did to Facebook, if you are worried about your info being offshored to jurisidictions you can't control the full chain of behavior.

  5. In their defense of deleting the files by FeelGood314 · · Score: 5, Insightful

    After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties.

    To be fair, this puts them in a bind. They acquired NSA malware source code but they got it because their product uploaded it to them. If they keep it and use it they are breaching the trust of their client. I trust and give Kaspersky permission to scan for viruses and pull their executables. I don't give them permission to look through various source code on my computer. This isn't about saving or shielding the NSA, it's about the integrity of their contract with their users. Screw the NSA but Kaspersky showed more integrity here than the NSA has ever shown in its entire existence.