WSJ: Russian security services learned about NSA secret tools using Kaspersky Anti-Virus

The newspaper The Wall Street Journal again published a provocative article referring to anonymous sources about "Russian hackers who work for the government."



At this time we are talking about the leakage of secret information about hacking tools that the NSA uses in intelligence activities. According to several sources, Russian hackers managed to get this information by hacking into the home computer of one of the NSA contractors who copied secret information from the NSA network.



It so happened that this person installed Kaspersky Anti-Virus on the home machine. Hacking his computer was a trick.



Informed sources told the WSJ that the incident occurred in 2015, but it became known about him only in the spring of 2016.



Among the stolen material is information about how the NSA penetrates into the computer networks of foreign countries and the computer code of the exploits used in these attacks.



According to American intelligence officers, having such information, Russian intelligence services could not only protect their networks from NSA penetration, but also use exploits in their own operations.



It’s not quite clear from the WSJ article how exactly hackers used Kaspersky Anti-Virus to obtain information about the NSA exploits. Here there are two options: either with the participation of the developer company itself, or without its participation, using vulnerabilities in the software.



As you know, the antivirus sends home the signatures of new viruses found. Among these “new malicious programs”, which have never been seen before, were the hacker tools of the NSA, including unique Trojans for targeted attacks. "Kaspersky Lab" does not hide the fact that it works closely with the Russian special services, but within the framework of the law, to combat cyber threats. If we assume the company's participation in this operation, then she could notice unusual signatures - and report them to her colleagues from the FSB, which could limit the participation of Kaspersky Lab in the operation.



If we assume that the company did not know anything about the incident, then it is possible that government hackers exploited the existing vulnerabilities in the program to get into the system (Kaspersky Anti-Virus found many vulnerabilities that could allow remote code execution ). Some security experts say that any antivirus is an additional security breach of the system, since it adds its own vulnerabilities to the OS, while working at the OS kernel level. Thus, hackers can use bugs in antivirus to gain full access to the computer.



There is another option that Russian intelligence services could have access to the signature database or to the network traffic of Kaspersky Lab - and found out about new signatures without the knowledge of the company itself.



Evgeny Kaspersky himself says that he did not know anything about the incident and calls it a new conspiracy theory:





In the comments on his tweet, users discuss the career of Eugene in the state security bodies. Someone suggests that there are no former KGB agents, and the only way to leave the bodies is to die.



WSJ writes that this is the third case of NSA documents leakage through a contractor (after Edward Snowden and Harold Martin ) and the first known case of hacker use of Kaspersky Lab tools for spying against US government agencies. According to the developer, antivirus software is installed on more than 400 million computers worldwide, and sales in Western Europe and America brought Kaspersky Lab more than $ 500 million last year. Given these numbers, there is no doubt that companies are absolutely unprofitable such scandals that spoil its reputation. That is, the company should distance itself as much as possible publicly from the Russian government and intelligence, cooperating with them without undue publicity, on the most secret terms.





Headquarters of Kaspersky Lab. Photo: Savostyanov Sergei / TASS / Zuma Press



Representatives of the NSA refused to comment on the information, but noted that the US Department of Defense had contracted to use antivirus software with another company, not Kaspersky Lab.



The representative of the Russian government, Dmitry Peskov, did not mention the theft of the NSA documents, but said that the ban on using Kaspersky Anti-Virus in US federal agencies "undermines the competitive position of Russian companies on the world stage."



In the meantime, a real “witch hunt” can take place in America. On October 5, 2017, Senator Jeanne Shaheen asked the Senate Armed Forces Committee to schedule a hearing on the issue of “danger of using” the Kaspersky Lab software.



Sources WSJ do not report which of the NSA contractors was guilty this time. They say only that he did not have a goal to declassify the documents, but simply wanted to work with them at home during school hours. At the same time, the person was aware that it was prohibited to copy and remove secret documents from the NSA building, so that he would be liable under the law. Now a federal investigation is underway in his case. It should be noted that NSA employees and contractors were never allowed to use Kaspersky Lab's programs on work computers, and they were not advised to install them on home PCs - even before the 2015 incident, and even more so now.



Kaspersky Lab officially announced that it does not cooperate with the intelligence of any countries in conducting intelligence operations abroad. But the WSJ writes that Russian intelligence services can use this software for spying and without the company's knowledge.