Suspected NSA Hacking Code Obtained from U.S. Computer, Says Kaspersky Lab

The Russian antivirus company Kaspersky Lab has stated that its security software had obtained the suspected NSA hacking code from a personal computer based in the U.S.

Earlier this month, HackerCombat had written about Russian hackers allegedly using Kaspersky antivirus software to steal sensitive data from the U.S National Security Agency.

It was the Wall Street Journal which had, on October 5, reported the matter. The Wall Street Journal report had said- “Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyber attacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.”

Later, on October 10, The New York Times had reported about Israeli intelligence reporting to the US about the operation after allegedly hacking the Kaspersky network.

The Russian government denied any involvement, and Kaspersky had initiated an internal inquiry. It’s this inquiry that had led to this revelation by Kaspersky Lab.

Reuters, in a report dated October 25, says- “Moscow-based antivirus software maker Kaspersky Lab said on Wednesday that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.”

The report further speaks about Kaspersky’s internal probe and the reported findings- “Kaspersky began an internal inquiry in a bid to restore trust. On Wednesday, it said it had stumbled on the code in 2014 when the consumer version of its popular software flagged a zip file as malicious on a U.S. Computer…While reviewing the file’s contents, a Kaspersky analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The software removed the file and the analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the copy of the code be destroyed, the company said…Kaspersky said it assumed the 2014 source code episode was connected to the NSA’s loss of files described in media reports.”

Kaspersky has reportedly clarified that such uninfected codes are sometimes, but very rarely, removed and also that no third parties had seen the code, though as per media reports the Russian government had ended up obtaining the spy tool. Kaspersky Lab has also denied reports saying that its programs had searched for keywords that included “top secret”.

The Reuters report also says that as per Kaspersky Labs, there’s no evidence that anyone other than the Israelis had hacked its network. Reuters says-“The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there.”

The Reuters report also makes this notable observation- “The new 2014 date of the incident is of interest because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project.”

However, Kaspersky Lab has clarified that it would submit the source code of its antivirus software and future updates for inspection, by independent parties.