The Wall Street Journal said these sources had alleged that the stolen files were identified for exfiltration because of through the contractor's use of anti-virus software used by Kaspersky Lab. No specifics of how this was done were offered.
They’re not talking Hal Martin. Here’s an artists impression of the NSA’s security controls. pic.twitter.com/U03qTeU9oO— Kevin Beaumont ? (@GossiTheDog) 5 October 2017
The contractor in question does not appear to be Harold Martin whose arrest was announced in October 2016. He has been charged with wilfully retaining national defence information, indicted on 20 counts and may face up to 20 years in prison.
The detailed WSJ report, which repeatedly cited "people with knowledge of the matter", said this was the third reported case of document theft from the NSA, with the contractor having taken home documents and other materials and had earned then NSA director Michael Rogers an official reprimand. The other two are Martin and Booz Allen employee Edward Snowden.
It is the first time that Kaspersky software has been mentioned in the context of leaks from the NSA.
The WSJ report quoted a former NSA employee Blake Darché as saying that anti-virus software made an inventory of what files were on a Windows computer.
“It’s basically the equivalent of digital dumpster diving,” he was quoted as saying, adding that Kaspersky software was aggressive in its malware hunting methods, “in that they will make copies of files on a computer, anything that they think is interesting".
He said using Kaspersky anti-virus software meant "basically surrendering your right to privacy". The report did not mention that all ant-virus software exhibits similar behaviour.
This is just a shoddy quote. It's not technically untrue, but it worded in a way that my parents can't separate from "the EULA says Kaspersky is stealing my secret files." Also *ALL* AV companies do this, not just @Kaspersky. pic.twitter.com/1t0TidzK8Z— Jake Williams (@MalwareJake) 5 October 2017
Jake Williams, also a former NSA hacker, who now runs his own information security company, Rendition Infosec, said that Darché's quote was a shoddy one.
"It's not technically untrue, but is worded in a way that my parents can't separate from 'the EULA says Kaspersky is stealing my secret files'. Also *ALL* AV companies do this, not just @Kaspersky," he said in a tweet.
Williams said he was not contesting that the story may be true. "Not saying the reports are untrue. If they are, Kaspersky should definitely be banned from use on USG machines. But there's nothing in the story that offers any level of proof - and this quote in the context of the larger story is extremely misleading," he added.
Kaspersky Lab told the WSJ that it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation".
I can only assume that if DoD is making this claim they’re convinced of it. If it’s true, the Russian gov just lit Kaspersky on fire. pic.twitter.com/YtGoR50PN2— Matthew Green (@matthew_d_green) 5 October 2017