Security Market Segment LS
Friday, 06 October 2017 06:31

Kaspersky wares 'implicated in Russian theft of NSA secrets'


Russian government hackers are claimed to have obtained details of how the US breaks into networks of other countries and also how it defends itself, through the theft of material that was moved by an NSA contractor from his office machine to his home computer, unnamed sources say.

The Wall Street Journal said these sources had alleged that the stolen files were identified for exfiltration because of through the contractor's use of anti-virus software used by Kaspersky Lab. No specifics of how this was done were offered.

The contractor in question does not appear to be Harold Martin whose arrest was announced in October 2016. He has been charged with wilfully retaining national defence information, indicted on 20 counts and may face up to 20 years in prison.

The detailed WSJ report, which repeatedly cited "people with knowledge of the matter", said this was the third reported case of document theft from the NSA, with the contractor having taken home documents and other materials and had earned then NSA director Michael Rogers an official reprimand. The other two are Martin and Booz Allen employee Edward Snowden.

The incident is said to have occurred in 2015 but not discovered until the Western spring of 2016.

It is the first time that Kaspersky software has been mentioned in the context of leaks from the NSA.

The publication of the story is likely to further ratchet up the pressure on Kaspersky Lab which has already been barred from US government contracts.

The WSJ report quoted a former NSA employee Blake Darché as saying that anti-virus software made an inventory of what files were on a Windows computer.

“It’s basically the equivalent of digital dumpster diving,” he was quoted as saying, adding that Kaspersky software was aggressive in its malware hunting methods, “in that they will make copies of files on a computer, anything that they think is interesting".

He said using Kaspersky anti-virus software meant "basically surrendering your right to privacy". The report did not mention that all ant-virus software exhibits similar behaviour.

Jake Williams, also a former NSA hacker, who now runs his own information security company, Rendition Infosec, said that Darché's quote was a shoddy one.

"It's not technically untrue, but is worded in a way that my parents can't separate from 'the EULA says Kaspersky is stealing my secret files'. Also *ALL* AV companies do this, not just @Kaspersky," he said in a tweet.

Williams said he was not contesting that the story may be true. "Not saying the reports are untrue. If they are, Kaspersky should definitely be banned from use on USG machines. But there's nothing in the story that offers any level of proof - and this quote in the context of the larger story is extremely misleading," he added.

Kaspersky Lab told the WSJ that it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation".


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments