Secret NSA documents stolen through backdoors in Kaspersky Lab anti-viruses (reportedly)

The echoes of comments after the law prohibiting the use of Kaspersky Lab's software in government institutions in the USA have not yet stopped ( Russia is also able to bite off ), and further reports of a conflict between the US government and Russian hackers and Kaspersky Lab are coming to light.

Many American websites, including the first Wall Streat Journal , report on Russian hackers working for the government who in 2015 had access to secret NSA documents stolen from the National Security Agency employee's home computer. It is unbelievable in this story that the employee managed to steal (which probably was not difficult) documents containing detailed information on the penetration of foreign computer networks, software and tools used by the NSA and just stored them on a home computer. The reason for the hacker intrusion into the NSA employee's computer is the backdoor in the Kaspersky Lab anti-virus software. If this is actually true ... And what about this anonymous employee amounting to secret documents from the NSA headquarters?

Truths can be many, and each of them will be conditioned by the point of sitting. The secret of Poliszynel is that the supporters of American politics see a threat in everything that comes from the East, especially from Russia and China. On the other hand, American services have proved more than once that they are the greatest spy threat to this world. The truth may lie somewhere in the middle - if Eugene Kaspersky, Kaspersky Lab executive director, proposed to the US government internal software code audit to prove once and for all that backdoor accusations are untrue, why did the US government not make such calls? This is obvious - if US representatives agreed to the audit, the truth scale would be tilted towards Kaspersky Lab, and thus the US government would informally admit defeat. What's more, if there were such talks, it was only on American terms. And that means that experts delegated to the audit would check very carefully the various versions of Kaspersky Lab's software used at that time on government computers, and in previous years. Certainly, Eugene Kaspersky, when deciding on such a proposal, took such a scenario into account.

While maintaining objectivity in this case (if possible), we suspect that the incident ended for hackers with a success for a completely different reason:

  • Kaspersky Lab's software is available to everyone, so preparing a completely undetectable malware (FUD, Fully Undetectable), having at their disposal the most talented programmers in the world, as well as financial support, was just a formality.
  • We can not reject another hypothesis: hackers could use the found and unpublish the vulnerability in a Kaspersky Lab brand product. Security researchers, especially those from Google Project Zero , regularly find smaller or greater vulnerabilities in antivirus software. Sometimes there are even holes in the code, which is incorrectly validated by the antivirus program in the system, which can run the threat with administrator privileges.
  • A group of hackers of unknown origin could use the Russian proxy to hide their real location and blame the incident with competition from Russia.

At the moment, it is only known that investigators suspect that Kaspersky Lab's anti-virus software could have marked with special NSA tool tags that were detected by the anti-virus as malicious. These tags were known only to analysts of a Russian company that provides security products to markets around the world. The report states that having such data and anonymous information about the threat from an NSA employee's computer, Kaspersky Lab researchers could locate this particular user and refer the matter to the Russian government.

Every few heads are not one, that's why we ask readers who have additional information or any evidence that will testify about finding backdoors, and thus loopholes intentionally left by Kaspersky Lab programmers for government hackers to share them. For now, we assume that the report is based on anonymous sources, but most importantly, it does not provide factual and technical evidence in this matter.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.