Kaspersky Lab Requests Proof That its Antivirus Aided Russian Hack of NSA
Kaspersky Lab said it would like to see evidence of a purported attack by hackers with ties to the Russian government, alleged to have used the Moscow-based security software vendor’s antivirus to steal top-secret National Security Agency records.
The allegations were first reported Thursday in The Wall Street Journal, which cited multiple unnamed sources with knowledge of the matter.
The NSA has not publicly confirmed the story.
According to the report, the hackers exploited Kaspersky Lab antivirus software to identify the existence of a large cache of sensitive NSA records on the home computer of a contractor for the secretive government agency.
The hackers then exfiltrated the data, which had been unlawfully removed from a government facility, though the sources suggested the contractor was not believed to have taken it home for malicious reasons.
“Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal…and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company,” the software maker said in a statement Thursday.
“However, as the trustworthiness and integrity of our products are fundamental to our business, we are seriously concerned about the article’s implications that attackers may have exploited our software,” the statement went on. “We reiterate our willingness to work alongside U.S. authorities to address any concerns they may have about our products and respectfully request any relevant information that would enable the company to begin an investigation at the earliest opportunity.”
If true, the case would give life to long-stated concerns by U.S. intelligence authorities that culminated last month in an outright ban by the U.S. Department of Homeland Security against the use of any Kaspersky products by federal government agencies.
Among the rationale given by DHS in announcing the ban was a fear that laws governing Russian firms allowed that government broad access to information collected by its companies.
Kremlin intelligence agencies or their agents could gain access to the information, with or without cooperation from Kaspersky.
The WSJ report maintains that U.S. government employees were not prohibited from using Kaspersky Lab technology at home in 2015, but that they were advised against it because of the potential for exploiting personal devices of employees in sensitive government positions.
Antivrus scans, by definition, produce an inventory of all that is on the scanned computer, the Wall Street Journal sources said, and it’s precisely that type of an inventory that was accessed and exploited by hackers in the latest NSA case.
That attack – which was only discovered this year – was described by the paper’s sources as “one of the most significant security breaches in recent years.”
“How the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material,” the report states. “Also unclear is whether Kaspersky employees alerted the Russian government to the finding.”
According to sources in the report, Kaspersky Lab is among the more aggressive antivirus software systems in terms of copying anything of interest from computers being scanned.
Most users are unaware of the depth of intrusion when they approve the terms of service, it added.
“We make no apologies for being aggressive in the battle against malware and cybercriminals,” Kaspersky said in its statement.
“The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests,” the statement went on. “It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”
The information stolen from the NSA contractor could help Russian intelligence agencies to learn details of how the U.S. has been infiltrating their systems, and also how the U.S. defends its own computer networks, experts told WSJ.
Scrutiny of Kaspersky Lab products intensified during the past year following assertions of Russian government meddling in the 2016 Presidential election.
This report marks the first purported allegation that Kaspersky Lab technology has been used to compromise U.S. national security.
Send tips and news to MSPmentorNews@Penton.com.