Kaspersky Admits To Reaping Hacking Tools From NSA Employee PC

Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. From a report: In October, a report from the Wall Street Journal claimed that in 2015, the Russian firm targeted an employee of the NSA known for working on the intelligence agency's hacking tools and software. The story suggested that the unnamed employee took classified materials home and operated on their PC, which was running Kaspersky's antivirus software. Once these secretive files were identified -- through an avenue carved by the antivirus -- the Russian government was then able to obtain this information. Kaspersky has denied any wrongdoing, but the allegation that the firm was working covertly with the Russian government was enough to ensure Kaspersky products were banned on federal networks. There was a number of theories relating to what actually took place -- was Kaspersky deliberately targeting NSA employees on behalf of the Kremlin, did an external threat actor exploit a zero-day vulnerability in Kaspersky's antivirus, or were the files detected and pulled by accident? According to Kaspersky, the latter is true. On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place. It was actually a year earlier than the WSJ believed, in 2014, that code belonging to the NSA's Equation Group was taken.

Why not disclose it?

[Deathlizard]

So it looks like what happened is what I suspected, that Kaspersky's Heuristic analysis found the file and submitted it for analysis. Which is fine since that's what it's supposed to do.

The real question is why wouldn't Kaspersky submit it to other AV Firms or even Microsoft for analysis instead of just deleting it? From what it sounds like they had full source code on a virus. I would think that would be the equivalent of striking gold in the AV community regardless of the virus's source, Unless Kaspersky was afraid that the US would Pressure the heck out of them if they disclosed, which is not much different from what's happening now.

Re:Beleivable

[mangastudent]

What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details.

Doing that with Officially Classified materials has legal consequences. For example, I assume employees of Kaspersky want to be able to travel outside of Russia without getting arrested and imprisoned. And to be able to travel to the US for security conferences.

Re:Beleivable

[LeftCoastThinker]

Both parties cover for each other in the hope that when out of power they will be protected as a courtesy from the other party. This is the textbook reason why special prosecutors should always be used when there is evidence of criminal activity (as opposed to the Trump Russia investigation, where there is a lot of innuendo, but no actual allegation or evidence of criminal activity, ask a real prosecutor, they will tell you).

As far as Sandy Berger, the guy was on camera stuffing classified documents into his pants the day before Clinton left office... That is what is known as evidence.