Refuting allegations in which its anti-virus product helped Russian spies steal classified files by an NSA employee’s laptop, Kaspersky Lab has released more findings in which suggest the computer in question may have been infected with malware.
Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware.
According to the latest Kaspersky report, the telemetry data its antivirus collected by the NSA staffer’s home computer contained large amounts of malware files which acted as a backdoor to the PC.
The report also provided more details about the malicious backdoor in which infected the NSA worker’s computer when he installed a pirated edition of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader.
Backdoor On NSA Worker’s PC May Have Helped additional Hackers Steal Classified Documents
This specific backdoor could have allowed additional hackers to steal classified documents along with hacking tools belonging to the NSA by the machine of the employee, who worked for the Tailored Access Operations (TAO) group of hackers at the agency.
For those unaware, United States has banned Kaspersky antivirus software by all of its government computers over suspicion of Kaspersky’s involvement with the Russian intelligence agency along with spying fears.
Though there’s no substantial evidence yet available, an article published by US news agency WSJ last month claimed in which Kaspersky Antivirus helped Russian government hackers steal highly classified documents along with hacking tools belonging to the NSA in 2015 by a staffer’s home PC.
However, the article, which quoted multiple anonymous sources, failed to provide any solid evidence to prove if Kaspersky was intentionally involved with the Russian spies or some hackers simply exploited some zero-day bug within the Antivirus product.
Kaspersky lives up to its claims in which its antivirus software detected along with collected the NSA classified files as part of its normal functionality, along with has rigorously denied allegations the idea passed those documents onto the Russian government.
today, within the recent report published by the anti-virus firm said between September 11, 2014, along with November 17, 2014, Kaspersky Lab servers received confidential NSA materials multiple times by a poorly secured computer located within the United States.
The company’s antivirus software, which was installed on the employee’s PC, discovered in which the files contained malware used by Equation Group, a 14-year-old NSA’s elite hacking group in which was exposed by Kaspersky in 2015.
Kaspersky Claims the idea Deleted All NSA Classified Files
Besides confidential material, the software also collected 121 separate malware samples (including a backdoor) which were not related to the Equation Group.
The report also insists in which the company deleted all classified documents once one of its analysts realized in which the antivirus had collected more than malicious binaries. Also, the company then created a special software tweak, preventing those files by being downloaded again.
“The reason we deleted those files along with will delete similar ones within the future will be two-fold; we do not need anything additional than malware binaries to improve protection of our customers along with secondly, because of concerns regarding the handling of potential classified materials,” Kaspersky Lab report reads.
“Assuming in which the markings were real, such information cannot along with will not [be] consumed even to produce detection signatures based on descriptions.”
Trojan Discovered on NSA Worker’s Computer
The backdoor discovered on the NSA staffer’s PC was actually a Trojan, which was later identified as “Smoke Bot” or “Smoke Loader” along with allegedly created by a Russian criminal hacker in 2011. the idea had also been advertised on Russian underground forums.
Interestingly, This specific Trojan communicated with the command along with control servers apparently set up by a Chinese individual going by the name “Zhou Lou,” using the e-mail address “email@example.com.”
Since executing the malware would certainly not have been possible with the Kaspersky antivirus enabled, the staffer must have disabled the antivirus software to do so.
“Given in which system owner’s potential clearance level, the user could have been a prime target of nation states,” the Kaspersky report reads.
“Adding the user’s apparent need for cracked versions of Windows along with Office, poor security practices, along with improper handling of what appeared to be classified materials, the idea will be possible in which the user could have leaked information to many hands.”
More details on the backdoor can be found here.
For today, the Kaspersky anti-virus software has been banned by the U.S. Department of Homeland Security (DHS) by all of its government computers.
within the wake of This specific incident, Kaspersky Lab has recently launched a brand-new transparency initiative in which involves giving partners access to its antivirus source code along with paying large bug bounties for security issues discovered in its products.