Earlier this month, reports surfaced that classified NSA documents detailing how US agencies defend their cyber networks and how they breach foreign ones were stolen by Russian hackers in 2015. Those reports noted that the files were spotted through Kaspersky security software used by an NSA contractor who had saved the classified documents on a home computer. Well, Kaspersky has now provided some more information about the incident and it has acknowledged that it did in fact have classified NSA materials in its possession, the Associated Press reports.
The company's founder, Eugene Kaspersky, said that in 2014, Kaspersky analysts informed him that their software had plucked some classified files from an NSA contractor's computer. Kaspersky said it was immediately clear what needed to be done -- the materials had to be deleted. And so they were. However, whether the files in question were obtained purposefully or as a result of normal functions of the security software is still up in the air.
As Kaspersky tells it, the company was already tracking a team of hackers called the Equation Group, which was later revealed to be part of the NSA. The NSA contractor that exposed the files had run Kaspersky software on his computer after infecting it with a bootleg copy of Microsoft Office and while the software cleaned up the viruses, it was also triggered by the Equation Group materials stored on the contractor's computer. Those were then sent to Kaspersky headquarters for evaluation and as soon as analysts saw that the files were classified NSA documents, they alerted Eugene Kaspersky and subsequently deleted the files.
Releasing this information is part of Kaspersky Lab's recent push towards transparency as mistrust in the US has mounted over the past few months. Best Buy pulled Kaspersky software from its shelves last month and the US government banned the software in all federal agencies. Earlier this year, the FBI was reportedly discouraging private companies from using Kaspersky products, which have been a focus in government investigations of late and an interest of both the Senate and House of Representatives. Earlier this week, in order to regain some trust, Kaspersky announced that it would allow its source code to be reviewed by third parties and would open three "transparency centers" around the world.
Jake Williams, a cybersecurity expert and former NSA analyst, told the AP that because Kaspersky was trying to woo US government clients at the time, it made sense that it would have chosen to delete the files. "It makes sense that they pulled those up and looked at the classification marking and then deleted them," he said. "I can see where it's so toxic you may not want it on your systems." However, he added the fact that an NSA employee put classified material on an already compromised home computer was "absolutely wild."