Evidence has come to light stating Kaspersky Labs’ antivirus was used by Russian government hackers to steal National Security Agency hacking tools. The breach, which was first made public by a report in The Wall Street Journal, initially occurred in 2015. The information stolen includes methods the NSA uses to penetrate foreign networks and how it defends systems within the United States. These tools could allow the Russian government to counteract cyber espionage and foil defensive measures by the US.
The hack occurred when an NSA employee working in the agency’s Tailored Access Operations unit took classified materials with him to his residence. The data was then stored on his home computer which happened to be running Kaspersky’s antivirus. The antivirus allowed the hackers to see the confidential files and extract them. However, this alone would not be enough to believe that Kaspersky was, in fact, working with the Russian government. That is until an article by the New York Times disclosed that the Israeli government had proof the application was used by the Russians for cyber espionage.
Here it is. Israeli government hackers infiltrated Kaspersky Labs’ networks and spotted Russian sponsored hackers using the antivirus to scan for any classified American intelligence. Given that an antivirus requires access to every file in a computer to scan for malware, the software was used as a search engine by the Russian agents to survey for any confidential data. Kaspersky Labs issued a statement saying they were not involved or had any knowledge regarding the NSA hack.
Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and [Kaspersky] respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity. In addition, Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.
Whenever the Russian government does any covert operation, it distances itself from the act by several degrees of separation. Even if you have evidence that points to the Kremlin in large neon red arrows, there is always that smoking gun missing that links it to the actual operation. US government has pushed to remove Kaspersky Lab’s antivirus from being in used in federal agencies due to concerns about links to the Kremlin. Even after this recent campaign, the National Intelligence Council could only conclude the FSB has “probable access” to Kaspersky Labs database and source code.