Kaspersky Says It Intercepted NSA Hacking Tools but Didn't Hand Them Over to Russia

Eugene Kaspersky, Russian antivirus programs developer and chief executive of Russia's Kaspersky Lab

Eugene Kaspersky, Russian antivirus programs developer and chief executive of Russia's Kaspersky Lab Pavel Golovkin/AP

The Russian anti-virus firm released preliminary results of an investigation into how and when it lifted NSA malware from a personal computer.

Kaspersky Lab removed what looked like National Security Agency hacking tools from a personal computer in 2014, the Russian anti-virus software firm acknowledged Wednesday, as part of an effort to clear its name from allegations of collusion with the Russian government.

The Kaspersky statement bolsters news reports that those tools were removed from an NSA contractor’s home computer that was running Kaspersky and ended up in the hands of Russian intelligence.

Kaspersky did not identify the customer whose computer contained the NSA malware, however.

The company also stressed that it had not shared the NSA malware with the Russian government or any other third parties. CEO Eugene Kaspersky ordered the malware sample destroyed soon after looking at it, the company said.

The computer user also disabled Kaspersky before installing the NSA hacking tool—an action that the software would have detected and blocked—leaving a window where another actor, such as Russian intelligence, could have hacked into the computer and stolen the malware, Kaspersky said.

That timeline comes from preliminary results of a Kaspersky investigation into media reports about the NSA malware theft. The company, which vehemently denies any collusion with Russian government hackers, has also offered to open up its source code to U.S. investigators and to third-party security researchers in an effort to clear its name.

The Kaspersky report also comes after months of escalating concerns about the anti-virus firm’s ties to Russian intelligence agencies that led the General Services Administration to remove Kaspersky from major contract vehicles in July and the Homeland Security Department to ban Kaspersky from all civilian government computers in September.

The Defense Department is also scrubbing Kaspersky from all of its systems.

The Kaspersky release came the same day as a deluge of other Kaspersky news:

  • Sen. Jeanne Shaheen, D-N.H., sent a letter to acting Homeland Security Secretary Elaine Duke urging the department to declassify information about Kaspersky to help U.S. businesses and citizens better judge whether they should run the anti-virus software on their own computers.
  • Sen. Claire McCaskill, D-Mo., asked Homeland Security a series of questions about the Kaspersky ban, including why it took so long to issue the ban, how many agencies are running Kaspersky and how the department will ensure they’re complying with the ban.
  • Three government IT vendors were offering Kaspersky products on GSA’s major contract vehicles without proper authorization, Chief Information Officer David Shive testified during a House Science Committee hearing. Those contractors all removed the product after the administration’s July order, Shive said, though he’s not clear if the contractors were punished.