Kaspersky: NSA staffer's laptop was infected with malware

The Russian cybersecurity company releases details from its internal investigation into an NSA hack, which it's accused of being behind.

Alfred Ng
Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
2 min read

Kaspersky Lab released details from an internal investigation on Wednesday, hours before a hearing in Congress on its antivirus technology.

Eugene Kaspersky/Flickr

Russian spies didn't need Kaspersky Lab's antivirus software to steal information from an NSA staffer, the company says -- the computer was already infected with malware.

Kaspersky Lab has been under scrutiny in the US after multiple reports alleged that the Moscow-based security company had been working with the Russian government for digital espionage. US officials have been on high alert for Russian cyberattacks and internet shenanigans, fearing national security threats to everything from the country's elections to its power grid.

Kaspersky's software had allegedly helped someone steal the NSA's hacking tools in 2015 and provide them to Russian spies, the Wall Street Journal first reported.

But an internal investigation by Kaspersky Lab suggests that the NSA staffer would have been hacked regardless of what antivirus program was on the computer. That's because malware had already slipped in.

The security company released preliminary details from its investigation on Wednesday, just hours ahead of a hearing before the House Committee on Science and Technology on the risks Kaspersky Lab might pose.  

'A full blown backdoor'

According to the investigation, the company said, the NSA staffer downloaded pirated software onto his personal laptop, including an illegal Microsoft Office activation key generator, on Oct. 4, 2014.

"The malware dropped from the trojanized keygen was a full blown backdoor which may have allowed third parties access to the user's machine," Kaspersky said in its report.

The NSA declined to comment for this story. The staffer had already broken procedure by bringing classified data onto his personal computer at home.

Kaspersky Lab said its antivirus technology would have been able to block the malware disguised as a key generator if the staffer hadn't disabled the software to allow the download. After the staffer turned his antivirus back on, it spotted the hidden malware, along with a stash of the NSA's hacking tools.

Antivirus software is designed to find malware, regardless of whether it's from a cybercriminal hiding it in pirated software or a government agency using it to hack nation states. That's why Kaspersky's software picked up the NSA's tools during its scans, the company said.

The NSA's malware had come from Equation Group, a hacking team within the government agency.

"Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware," the company said.

An analyst alerted company CEO Eugene Kaspersky about picking up the NSA's tools, and Kaspersky asked that the archive be deleted. They said the program was not shared with any third parties.

It's still unclear how these tools then ended up with Russian spies, but Kaspersky Lab indicated that the malware hidden on the NSA's staffer's computer could have played a role. There have not been similar incidents in the three years since, according to the investigation.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.