theintercept | Kaspersky Lab said
an individual, believed to be one identified as a National Security
Agency worker in news accounts, triggered the company’s antivirus
software and paved the way for it to upload classified NSA files from
his computer when he tried to pirate Microsoft Office and ended up
infecting himself with malicious software.
The piracy claim is included in a set of preliminary findings
released by the Moscow-based company from an internal investigation
into a byzantine spying scandal that didn’t seem like it could get any
more bizarre. A series of news reports this month, citing U.S.
intelligence sources, asserted that the files on the worker’s computer,
which included source code for sensitive hacking tools he was developing
for the spy agency, were uploaded by Kaspersky security software and
then collected by Russian government hackers, possibly with the
company’s knowledge or help. Kaspersky has denied that it colluded with
Russian authorities or knew about the worker incident as it was
described in the press.
Details from the investigation, including the assertion that
Kaspersky’s CEO ordered the files deleted after they were recognized as
potential classified NSA material, could help absolve the antivirus firm
of allegations that it intentionally searched the worker’s computer for
classified files that did not contain malware. But they also raise new
questions about the company’s actions, the NSA worker, and the spying
narrative that anonymous government sources have been leaking to news
media over the last two weeks.
After facing increasingly serious allegations of spying, Kaspersky provided The Intercept with a summary of preliminary findings of an internal investigation the company said it conducted in the wake of the news reports.
In its statement of findings, the company acknowledged that it
detected and uploaded a compressed file container, specifically a 7zip archive,
that had been flagged by Kaspersky’s software as suspicious and turned
out to contain malware samples and source code for what appeared to be
components related to the NSA’s so-called Equation Group spy kit. But
the company said it collected the files in the normal course of its
operations, and that once an analyst realized what they were, he deleted
them upon the orders of CEO Eugene Kaspersky. The company also insists
it never provided the files to anyone else.
Kaspersky doesn’t say the computer belonged to the NSA worker in
question and says the incident it recounts in the report occurred in
2014, not 2015 as news reports state. But the details of the incident
appear to match what recent news reports say occurred on the worker’s
computer.
The NSA could not be reached for comment.
0 comments:
Post a Comment