Kaspersky Lab, the Russian-headquartered anti-virus company, confirmed Wednesday it extracted sensitive files from a U.S. National Security Agency worker’s computer, but said it wasn’t a deliberate move.
The company conducted its own investigation after The Wall Street Journal on Oct. 5 reported Russian hackers spied on the U.S. government using Kaspersky software to find and steal classified files on the NSA contractor’s home computer.
“Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously,” Kaspersky said in its 13-page report. “To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others.”
Kaspersky says a poorly secured PC with a pirated version of Microsoft Office sent NSA files to its servers from Sept. 11 to Nov. 9, 2014, from a Verizon FiOS address pool for the Baltimore, Md., area. The servers downloaded the files after the antivirus software flagged them for containing malicious code.
“The reason we deleted those files and will delete similar ones in the future is two-fold,” Kaspersky Lab officials wrote in Thursday’s report. “We don’t need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials. Assuming that the markings were real, such information cannot and will not [be] consumed even to produce detection signatures based on descriptions.”
Eugene Kaspersky, the company’s founder and chief executive, ordered the classified data deleted from the company’s systems.
Kaspersky said “we also found no indication the information ever left our corporate networks,” including Russian spies.
Five days after the Wall Street Journal findings, The New York Times reported that Israel alerted the United States that Kaspersky software was being used for espionage.
Kaspersky said the only third-party intrusion in its networks was by Duqu 2.0 — malware linked to Israeli intelligence.
U.S. federal agencies have now been told to remove all Kaspersky software from their computers.
“It is appalling to see that accusations against our company continue to appear without any proof or factual information being presented,” Kaspersky said in the report. “Rumors, anonymous sources, and lack of hard evidence spreads only fear, uncertainty and doubt. We hope that this report sheds some long-overdue light to the public and allows people to draw their own conclusions based on the facts presented above. We are also open and willing to do more, should that be required.”
By Allen Cone