Security Market Segment LS
Friday, 06 October 2017 06:31

Kaspersky wares 'implicated in Russian theft of NSA secrets'


Russian government hackers are claimed to have obtained details of how the US breaks into networks of other countries and also how it defends itself, through the theft of material that was moved by an NSA contractor from his office machine to his home computer, unnamed sources say.

The Wall Street Journal said these sources had alleged that the stolen files were identified for exfiltration because of through the contractor's use of anti-virus software used by Kaspersky Lab. No specifics of how this was done were offered.

The contractor in question does not appear to be Harold Martin whose arrest was announced in October 2016. He has been charged with wilfully retaining national defence information, indicted on 20 counts and may face up to 20 years in prison.

The detailed WSJ report, which repeatedly cited "people with knowledge of the matter", said this was the third reported case of document theft from the NSA, with the contractor having taken home documents and other materials and had earned then NSA director Michael Rogers an official reprimand. The other two are Martin and Booz Allen employee Edward Snowden.

The incident is said to have occurred in 2015 but not discovered until the Western spring of 2016.

It is the first time that Kaspersky software has been mentioned in the context of leaks from the NSA.

The publication of the story is likely to further ratchet up the pressure on Kaspersky Lab which has already been barred from US government contracts.

The WSJ report quoted a former NSA employee Blake Darché as saying that anti-virus software made an inventory of what files were on a Windows computer.

“It’s basically the equivalent of digital dumpster diving,” he was quoted as saying, adding that Kaspersky software was aggressive in its malware hunting methods, “in that they will make copies of files on a computer, anything that they think is interesting".

He said using Kaspersky anti-virus software meant "basically surrendering your right to privacy". The report did not mention that all ant-virus software exhibits similar behaviour.

Jake Williams, also a former NSA hacker, who now runs his own information security company, Rendition Infosec, said that Darché's quote was a shoddy one.

"It's not technically untrue, but is worded in a way that my parents can't separate from 'the EULA says Kaspersky is stealing my secret files'. Also *ALL* AV companies do this, not just @Kaspersky," he said in a tweet.

Williams said he was not contesting that the story may be true. "Not saying the reports are untrue. If they are, Kaspersky should definitely be banned from use on USG machines. But there's nothing in the story that offers any level of proof - and this quote in the context of the larger story is extremely misleading," he added.

Kaspersky Lab told the WSJ that it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation".


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments