Kaspersky: NSA security contractor leaked hacking tools by mistake

26 Oct 20179 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

An NSA contractor allegedly downloaded malware by mistake. Image: ImYanis

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Kaspersky Lab alleges that a series of errors led to an NSA agent leaking his own confidential hacking tools.

Fresh from its announcement of a new transparency initiative, Kaspersky Lab yesterday (25 October) claimed that although it did find hacking tools on the computer of a user with Kaspersky antivirus software installed, it noted a series of security mistakes by the owner (an alleged NSA contractor).

The internal investigation stems from the decision by the US government to remove the firm’s software from all official machines, citing the apparent Kremlin influence and possible security dangers as the reason for doing do.

A tangled web

It was then reported that a hacker working on behalf of the Russian government targeted an NSA worker using Kaspersky software, and later it was alleged that Israeli officials had reported the Russian operation to the US after they had hacked into Kaspersky’s network.

Apparently, an NSA staffer had run a pirated version of Microsoft Word in 2014, along with a tool to spoof a registry key. The computer was then infected with malware, including a backdoor to allow theft of NSA tools. The owner of the machine had Kaspersky software installed at the time, but uninstalled it to add the pirated version of Word to their computer.

Denials from Kaspersky and the Kremlin

Both the Russian government and the cybersecurity firm have vehemently denied any involvement in the alleged incidents. Yesterday, Kaspersky said it had stumbled across the code in late 2014 when the consumer version of its software alerted it to a malicious zip file on a US machine.

The zip file apparently contained the source code for a hacking tool that the company linked to a body known as Equation Group. The file was removed and CEO Eugene Kaspersky ordered the source code to be destroyed. The company said that this incident could be assumed to be connected to NSA file losses reported in the media.

Although Kaspersky said no third parties saw the code, reports claimed the hacking tool ended up in the Kremlin’s hands.

Who is Equation Group?

In February 2015, Reuters reported that Kaspersky had discovered an espionage campaign by Equation Group, alleging that the group was an NSA project.

Eugene Kaspersky told The Guardian: “We are confident that we have identified and removed all the infections that happened during that incident. Furthermore, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.”

There have been multiple calls from security experts and consultants for the US authorities to issue a clear statement around what they know to be true about the hacking incident, with Errata Security consultant Rob Graham telling Wired: “Our government hasn’t even been clear about what they’re accusing Kaspersky of. We’re just getting propaganda on this issue and no hard data. And that’s bad.”

The investigation is ongoing.

Ellen Tannam is a writer covering all manner of business and tech subjects

editorial@siliconrepublic.com