Kaspersky Lab Denies Involvement in Russian Hack of NSA Contractor

Moscow-based cybersecurity firm Kaspersky Lab has hit back at a report in the Wall Street Journal which accused it of being involved in a Russian government hack of an NSA contractor in 2015. From a report: The paper reported on Thursday that the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home. There, the report says, the contractor's use of Kaspersky's antivirus software "alerted Russian hackers to the presence of files that may have been taken from the NSA." Once the machine was in their sights, the Russian hackers infiltrated it and obtained a significant amount of data, according to the paper. Calling the allegations "like the script of a C movie," Eugene Kaspersky, the infosec firm's founder, gave his own explanation of what might have happened. Mr Kaspersky vehemently denied that his company had played any active role in the breach, noting: "We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done." Instead, he implied that the root of the problem was that Kaspersky Lab had correctly identified the hacking tools the contractor was working on as malware -- perhaps through Kaspersky Lab's own research into the Equation Group, a "sophisticated cyber espionage platform" believed to be linked to the NSA.

Re:

[jellomizer]

Not necessary evil but insidious is a better term for the Russian Government. After the chaos after the Soviet Union dissolved, there population in general has accepted a strong man government to keep order. Russia is a major world player and with its strong man government in charge, it isn't happy with just controlling it local populous but also the rest of the world. They realize that the military would suffer losses if they try to openly attack NATO countries, or China and its allies.
However after gene

Re:

[cascadingstylesheet]

Trump became president due to Russian influence in our election

No, that's not why he became president, but it's a wonderful ego-saving belief for a segment of the country.

Re:Calling Captain Renault

[ohnocitizen]

I wonder if, when Mueller's report comes out showing collusion, the shrinking minority of Republicans who still support Trump will eat their words? Or if they'll act like Fox News analysts caught in a lie, and just move onto the next hot topic with their credibility among other conservatives mysteriously intact?

But you're right to a tiny degree, Trump didn't become president due to Russian influence alone. Voter suppression, moving from dog whistles to overt racism and sexism that appeal to a segment of the country, and the Democrats refusing to acknowledge how weak a candidate they chose... All of these things played a role.

I'm curious to see if Republicans will switch from ignoring the evidence of foreign influence to excusing it. It'll be fascinating to watch that play out, even as we figure out what to do with the court appointments and other fruit of the poison tree of an illegitimate president.

Re:

[ohnocitizen]

Of course you'd reply as AC. You're still at the denial stage of grief. https://www.reuters.com/articl... [reuters.com]

The British intelligence are our ALLIES, and have been for decades. Can't you tell the difference anymore, or more likely, will you just say anything that seems to support your point in the moment?

Re:

[allcoolnameswheretak]

Trump became president due to Russian influence in our election

No, that's not why he became president, but it's a wonderful ego-saving belief for a segment of the country

There are a number of high-profile investigations going on that are starting to provide results and evidence of how a foreign actor (Russia) tried to influence the election in favor of Trump.
And Russia has a history of manipulating public opinion and interfering with elections in other countries.

Do you think all of this is "fake news" and all the agents, secret services, politicians and other actors that are involved in these investigations are part of a liberal conspiracy?

I guess that's a wonderful ego-sav

Re: Calling Captain Renault

[Anonymous Coward]

Burr said [theguardian.com] the committee had come to a conclusion on at least one issue: that it had faith in the conclusions of the intelligence community assessment (ICA) presented by the CIA, FBI and NSA to Barack Obama and Donald Trump in January.

That assessment found that Vladimir Putin and the Russian government had intervened extensively in the presidential election and âoeaspired to help president-elect Trumpâ(TM)s election chances when possible by discrediting secretary Clinton and publicly contrasting he

Re:

[PolygamousRanchKid]

Trump became president due to Russian influence in our election,

Nope. Trump became president because a lot of folks detest Hillary Clinton. She still hasn't realize this. It reminds me of celebrity who cries:

"What?!?! There are people who don't like me!?!?! I'm so great that everyone must absolutely love me!"

In the election folk did not vote for the better candidate. They voted for the least worse.

A lot of folks held their noses while voting.

It's quite sad actually.

Re:

[Hognoxious]

I'm shocked to see them denying it. Russians are honourable people. If they'd done it, they'd admit it.

My suspicion

[Anonymous Coward]

The Kapersky Labs campus has a mysterious building that is off limits to all employees except a select few with very close government ties and high security clearances. All products must be approved by the black building for release to the public. Nobody knows what exactly goes on in that building, just that it is where the products must be reviewed before their release and that there are a lot of black SUV's that come and go.

Re: My suspicion

[NettiWelho]

In the US if you refuse to sabotage your product the worst they can do is maybe find out you cheated on your taxes and/or publicly shame you somehow.

Nope, your business gets destroyed by the government if you refuse. See: Lavabit

In Russia you fall down elevator shaft, after shooting self in back of head 4 times.

Where as in US you can get shot by government in clear daylight with everything caught on video and murderers escape all punishment.. Apples and oranges.

Re:

[gtall]

C'mon, in the U.S. we let the public shoot anyone in the public. Hell, there's even a bill in Congress to allow silencers on guns. And you are worried about the government?

Re:

[Anonymous Coward]

Silencers are already available in much of the US after payment of a tax; the bill would simplify that and allow those who wish to save their hearing while shooting to save some money. With the exception of a few short-range, low-velocity loads silencers do not make guns come anywhere close to 'silent'. In almost all cases it is still dangerous to fire a gun with a silencer without hearing protection (even one shot) because it is still that loud.

If your education on silencers is Hollywood, I'm sorry to in

Re:

[Anonymous Coward]

Technically, he destroyed the business rather than comply with the government.

Lavabit is back, by the way.

Re: My suspicion

[bestweasel]

Henry Ford's famous speech still resonates.

"I have a dream that my four little vehicles will one day live in a nation where they will not be judged by the color of their skin, but by what's under the hood."

It's an interesting subject

[burtosis]

I'm honestly torn between a corporations invasion of personal privacy on one hand, and the anger from the NSA that it identifies thier hacking tools as malware and helps remove thier backdoors. You can't really win as anti virus software is never good and you can be certain no one really has your best interests in mind.

He actually said that?

[hyades1]

"Instead, [Kaspersky] implied that the root of the problem was that Kaspersky Lab had correctly identified the hacking tools the contractor was working on as malware..."

Given the circumstances, this may be the best unintentionally ironic example ever of the well-worn meme, "It's not a bug, it's a feature."

Re: NSA trying to leak ?

[Brockmire]

Contractors typically work from home, especially if they don't live in the US.

The story smells

[guruevi]

a) A contractor was allowed to take his work home on an unencrypted, unsecured laptop
b) The contractor was a foreign national (hint: you can't get top secret clearance unless you're a US citizen)
c) The contractor created viruses and malware directly in his "core" work environment, where I suppose he also keeps his e-mail and other stuff, not in a VM
d) The NSA then also installed Kaspersky even though the NSA has quite publicly said Kaspersky is all sorts of bad (unsubstantiated)

So the crux of the story:
1) NSA is lying
2) NSA is incompetent
3) Both

Re:

[will_die]

The software was on his personal computer.
So a, does not apply; b, don't know; c, not the case, he stole copies of the software and installed on personal computer; d, personal computer so he installed kasperksy.
So none of the cruxes apply.

Re:

[guruevi]

a still applies because after Snowden they still allow people to take stuff on personal devices
b is in the summary
c is in the summary, again, a contractor that creates hacking tools conveniently doesn't know that carrying around malware in your hypervisor environment is bad?

Re:

[guruevi]

How moronic can you be, first you claim that it was his personal laptop, now you claim that they don't even allow personal devices in the same room. The story doesn't match up with reality.

Re:

[chill]

Wow. You're either:

A) illiterate
B) lying sack of shit
C) didn't read the story
D) All of the above

Because...

a) The contractor was NOT allowed to take the work home. The story states it was both a violation of NSA rules and a possible criminal action and is being investigated.
b) The story doesn't say anything about the nationality of the contractor.
c) The story doesn't say anything of the sort.
d) No, the story says EXACTLY THE OPPOSITE.

NSA employees and contractors never had been authorized to use Kaspersky so

Re:

[guruevi]

I read the following:

The paper reported on Thursday that the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home.

Re:

[guruevi]

No, all of it is in the summary.

a) Look at your own answer: If he's not allowed to do it, how did it end up on his computer? Snowden supposedly did this a few years ago, they either haven't changed the rules or they still don't enforce them. If he knows it wasn't allowed, then why would he alert his supervisors when the antivirus went full-tilt and how would the NSA know that the malware exited the computer at all? The story doesn't add up - either it's an NSA-controlled computer and they monitor it's ins-a

Another theory: NSA set this up

[MobyDisk]

Another theory: The NSA suspected a Russian agent. They suspected someone at Kaspersky. So they setup a test: Put Kaspersky on a laptop, put something valuable on the laptop that would be found by Kaspersky AntiVirus, then wait and see what happens.
The result is they successfully baited out the hacker.

Alternative theory: The NSA wanted to discredit Kaspersky, so they put something on the laptop that they new Kaspersky antivirus would find. Maybe Kaspersky automatically downloaded that file, and now the N

Re:

[MobyDisk]

Ha! It is looking more like my first theory was right. And now we know how the NSA knew that Kaspersky had the files in question. https://arstechnica.com/information-technology/2017/10/russian-hackers-reportedly-used-kaspersky-av-to-search-for-nsa-secrets/ [arstechnica.com]

not the whole story

[guygo]

OK, so if - as Gene says - there was just a flag that malware existed on a given computer, and that flag made it all the way back to Kaspersky Central's servers, how did that flag then get to the people who entered the computer and copied the files? That step seems to indicate some kind of inside job and/or collusion between Kaspersky and the black hatters, n'ext-ce pas? So even if Gene and what he thinks is his company were totally sincere (something I doubt is confirmable for any KGB-trained human) in his denials, that log that contained that flag got into the hands of the bad-actors, and Kaspersky IS responsible for THAT.

Putting on my tinfoil hat

[ChoGGi]

Damn, looks like the U.S. gov really wants to discredit Kaspersky.

Re:

[ChoGGi]

Been going on for some time; I think you are correct, and I can't figure out why.

No? I assumed it was a combination of the FBI "investigating" them for Russian gov connections, and/or for detecting NSA mal/spyware.

Re:

[account_deleted]

Comment removed based on user account deletion

How did NSA close the loop?

[tomhath]

The story is that Russian hackers stole documents from the contractor's laptop, which he had stolen from NSA.

What I haven't seen is how NSA learned that the Russians obtained that information, and how do they know it came from a compromised Kaspersky installation on that particular guy's laptop?

It sounds like all the spooks are hacking each other.

Re:

[MobyDisk]

Or it was a setup. The NSA created a fake virus, then planted it on a laptop that ran Kaspersky. Then they listened to the underground to see if someone reported finding a new NSA developed virus.

Re:

[MobyDisk]

And now we know how they closed the loop: The Israelis hacked Kaspersky. https://arstechnica.com/information-technology/2017/10/russian-hackers-reportedly-used-kaspersky-av-to-search-for-nsa-secrets/ [arstechnica.com]

Re:

[AHuxley]

Re "What I haven't seen is how NSA learned that the Russians obtained that information"
The US gov created some new file that acts like malware in the wild when lost or activated at home.
All part of the digital contractor buddy system upgrades. Files that report if they get taken outside of any secure US mil/gov location.
Such prepared file actions would have been detected by any good AV app as new malware in the wild.
The AV app reports a new sample of unexpected malware code in the OS.
The US gov notes

And the takeaway is...

[jasonma84]

A.) If you aren't a US government employee you should probably have Kaspersky installed on your machine for security reasons. B.) The government has started recruiting foreign nationals to develop cyber espionage software. Not surprising since they have many more options available for silencing recruits that decide they want to go public and since they aren't protected by the US Constitution they can pretty much do whatever they want with them; in secret of course. Yikes!

Re:

[account_deleted]

Comment removed based on user account deletion

hint: look at their malware discoveries

[hlee]

I use Kaspersky at home. During my research, I looked up what malware Kaspersky Labs had discovered and wanted to see if they'd be bold enough to uncover any Russian state sponsored malware - there weren't any, while they did discover several with links back to NSA and Israel - interesting, but didn't think much more of it.

Best case scenario is that Kaspersky do not have ties to government, but they're not stupid enough to reveal Russian state sponsored malware either (if they did so publically, I can't ima