Moscow-based cybersecurity firm Kaspersky Lab has hit back at a report in the Wall Street Journal which accused it of being involved in a Russian government hack of an NSA contractor in 2015.
Investigators believe that software from Russia’s top cybersecurity firm, Kaspersky Lab, was involved in a theft of top secret National Security Agency intelligence outlining how the US hacks its adversaries .
And depending on what was stolen, the breach could spell catastrophe for the company.
According to the Journal, an NSA contractor stole and downloaded onto his personal computer highly classified details about how the US penetrates foreign computer networks and defends itself against cyberattacks.
The report from sources says, the contractor’s use of Kaspersky’s antivirus software “alerted Russian hackers to the presence of files that may have been taken from the NSA”. Once the machine was in their sights, the Russian hackers infiltrated it and obtained a significant amount of data, according to the paper.
Russian hackers then stole that intelligence by exploiting the Kaspersky antivirus software the contractor had been running on his computer.
The breach wasn’t discovered until spring 2016, according to the sources – nearly one year after the hackers are believed to have gained access to the intelligence.
Kaspersky has denied any involvement in the theft, and it is unclear whether the hackers stole code or documents from the contractor. The latter would prove far more damning for Kaspersky, experts say, especially as it stands accused by the US government of being a tool of the Kremlin.
Ultimately, this will come down to what was stolen from the computer,” said David Kennedy, a former NSA intelligence analyst who founded the cybersecurity firm TrustedSec .
“If the antivirus software was pulling back data with no code – for example, strategic documents containing classified information – that’s the nail in the coffin,” Kennedy said, adding it would be a “catastrophic” for the company. “That’s an indication they’re spying on individuals.”
Jeff Bardin, the chief intelligence officer of cybersecurity firm Treadstone 71 , echoed those sentiments.
“If documents were stolen, then that would make them an agent of the Russian government,” he said.
Bardin said there is “a certain level of trust” when a customer downloads an antivirus software, because it involves giving the program “a significant amount of access” to a computer.
“They’re scanning every file for malware, but at same time they could search for keywords relative to sensitive data,” he said.
The FBI interviewed at least one-dozen Kaspersky employees in June, visiting them at their homes on both the US east and west coasts to gather facts about how the company works, NBC reported. Two months later, the bureau reportedly warned private sector companies against using Kaspersky software. Last month, President Donald Trump ordered US government agencies to purge Kaspersky products from their computers altogether.
Kennedy said it is unlikely that the government would have made those moves without “direct evidence” that Kaspersky is in some way connected to the Russian government.
The FBI is “not going to let on and they’ll be very generic in their comments to prevent Kaspersky from learning what they know,” he said. “But there’s definitely something there.”
“We make no apologies for being aggressive in the battle against malware and cybercriminals,” the company said.
While the firm is often aggressive in its pursuit of foreign hackers, however, it doesn’t pursue alleged Russian cyber operations “with the same vigor,” according to a 2015 Bloomberg investigation.
Eugene Kaspersky, the firm’s billionaire founder and CEO, was educated at a KGB-sponsored cryptography institute before working for Russian military intelligence. He reportedly maintains relationships with former and current Russian intelligence officials, but has pushed back against claims that his company works with the Kremlin.