Kaspersky offers timeline for NSA document breach

October 26, 2017 // 10:42 a.m.

Tags: #anti-virus #equation-group #eugene-kaspersky #insecurity #kaspersky-anti-virus #malware #russia #security

Eugene Kaspersky, founder of the anti-virus firm which carries his name, has confirmed that his company's software did indeed take copies of classified National Security Agency (NSA) documents from a contractor's laptop - but claims they were immediately deleted upon discovery.

When the news broke that Kaspersky's anti-virus software was being blamed for the leaking of National Security Agency (NSA) documents to Russian intelligence services the company was quick to deny any involvement. 'As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia,' its official statement read, 'and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.'

An internal investigation, preliminary results of which have now been published, has, however, indicated that confidential files were indeed uploaded to Kaspersky's servers in Russia by the anti-virus package. Following what the company's timeline paints as a picture of a series of errors and missteps made by the NSA contractor, ranging from having confidential documents on his personal laptop in the first place through to disabling his anti-virus software to install a keygen app for the Microsoft Office suite, the company admits: 'One of the files detected by the product as new variants of Equation APT malware was a 7zip archive. The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation [Group, an NSA division responsible for computer espionage] malware.

'After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties,' the company continues - while admitting that, at the time of the file being on Kaspersky Labs servers, its own internal systems were suffering from an infection of the Duqu 2.0 malware, a sign that it may be trying to blame the files ending up with the Russian intelligence services on incompetence rather than collusion.

It's a claim backed up by founder Eugene Kaspersky himself in an interview with the Associated Press. 'They immediately came to my office,' Kaspersky tells the newswire service, 'and they told me that they have a problem. If we see confidential or classified information, it will be immediately deleted.'

Kaspersky products have been banned from US government agency computer systems since September this year.

Discuss this in the forums