Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com)

Posted by msmash on from the security-woes dept.

A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.

11 of 141 comments (clear)

  1. Wait... by the_skywise · · Score: 4, Insightful

    So first they admitted they retrieved the documents and patted themselves on the back for pulling down the documents that were leaked because they obviously involved data related to hacking.
    NOW they're claiming there was malware on his system (oh, and that's not Kapersky's fault either because the user allegedly turned Kapersky off for a bit) so the leaks might have come from the malware and not from them?
    I dunno... I would've led with the latter story FIRST...

  2. Re:But, but Russians hackers... by hey! · · Score: 2, Insightful

    Every country has spooks. None of them should be trusted, even if they have your best interests in mind, which if you're American the Russian SVR probably doesn't.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  3. You know what this increasingly looks like? by Opportunist · · Score: 4, Insightful

    That looks like some NSA worker used a private USB stick to transfer some of the "internal tools" from his computer to another, forgot about it, stuck it into his computer at home that ran Kaspersky, Kaspersky scanned the stick, the AV heuristics determined the stuff looked kinda fishy, did a closer scan, and eventually sent a copy to Russia. Whether that happened after asking "Hey, dude, something's kinda odd about this file, mind if we analyzed it?" or not is kinda moot now.

    And since it would be kinda embarrassing to admit such a blunder and that the NSA, of all agencies, handed their valuable zero days to the Russians... let's rather say those damn Russkies in general and Kaspersky in particular are "hacking" us.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. So let me get this straight... by Archtech · · Score: 2, Insightful

    ... he brought home non-government malware that might have stolen the government malware he was working on?

    --
    I am sure that there are many other solipsists out there.
  5. Re:Doesn't work when it's turned off [Re:That's a by bev_tech_rob · · Score: 3, Insightful

    Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!

    It doesn't protect when it's turned off. From TFA:

    The worker's home machine got infected with the backdoor after he tried to install a pirated version of Microsoft Office. Not only is pirated software notorious for containing malware, but the worker apparently intentionally disabled his Kaspersky detection software to install the pirated software. The worker disabled it in order to run a tool known as a keygen that would generate a software key that would allow him to run the pirated Microsoft Office software on his machine. But that key-generation software turned out to contain a backdoor known as “Smoke Bot," “Smoke Loader,” and "Mokes" that was purportedly created by a Russian hacker in 2012 and sold on a Russian underground forum.

    I hope this dork got fired for such incompetence....

    --
    You're messin' with my Zen Thing, man.....
  6. Re:Wait a second by cbiltcliffe · · Score: 1, Insightful

    The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.

    But apparently doesn't actually delete or quarantine those malicious files, because they claim that they blocked the malware communication until the end user turned Kaspersky off. So, they detected it, and blocked the symptoms, but didn't bother to remove the infection.

    Sounds like a pretty good reason not to run Kaspersky, to me.....

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  7. Re:But, but Russians hackers... by alvinrod · · Score: 1, Insightful

    There's even more reason to be distrustful of Russian companies after the recent Olympics scandals where the head of the Russian anti-doping organization was told by the state to actually dope and then help to conceal doping for Russian athletes in advance of the Sochi. If Russia can put pressure on people and organizations to do that kind of stuff, there's plenty of reason that they could make Kaspersky operate below board. It's not even that Kaspersky want to do this or are somehow evil, merely that rule of law is quite tenuous in Russia and Putin has enough power that it's not feasible for companies to outright oppose him.

    Yes, the U.S. government doesn't try to act much better or actively tries to get away with the same type of crap, but at least the court systems keep them in check to some degree, although I would argue nowhere near enough.

  8. Re:Wait a second by alvinrod · · Score: 4, Insightful

    I don't know if I'd want a virus scanner that has the ability to automatically remove files without my explicit permission. Imagine if your virus scanner itself were compromised and told to treat regular files as infections.

  9. Re:Credible Internal Kaspersky Investigation by Anonymous Coward · · Score: 2, Insightful

    Found the paid russian troll.

    Found the broken sarcasm detector.

  10. Re:Credible Internal Kaspersky Investigation by sit1963nz · · Score: 3, Insightful

    What reason would the US government have to lie , apart from the fact they do not control it and can not order back doors installed.

  11. Re:But, but Russians hackers... by cyn1c77 · · Score: 1, Insightful

    I'm so confused. I thought Russia was bad.

    All governments are "bad", they just use different methods.

    That said, if any government gets to spy on me, I'd rather it be a foreign one, simply because they don't have as many opportunities to mess up my life, or terminate it.

    Really?

    You don't think that a foreign government can:
    1. Leak sensitive data online and make it look like it came from your computer?
    2. Tell the US that you are a mole for them?
    3. Send a foreign operative into your house to kill you?

    Your own country is tasked to protect you. At the very least, it wants your taxes.

    A foreign government doesn't give a hoot about you, your life, or your family.