Kaspersky says its software siphoned NSA hacking tool during routine virus scan

Russian cybersecurity firm Kaspersky Lab admitted Wednesday that its antivirus program siphoned the source code for a secret National Security Agency hacking tool from a personal computer in the United States as the company continues to come under fire for its alleged ties to Russian intelligence.

Responding to unspecified media reports, Kaspersky said an internal investigation confirmed that a home version of its antivirus software incidentally swept up the NSA hacking tool during a routine malware scan of a customer’s computer in 2014.

A Kaspersky customer with the NSA code on their home computer ran the company’s antivirus scan after downloading and installing pirated software infected with malware, Kaspersky said. Kaspersky’s software detected the virus, according to the company, but also flagged new and unknown variants of other malware previously linked to the Equation Group, Kaspersky’s name for the sophisticated hacking outfit widely reported to be a division of the NSA.

The computer file containing the Equation Group code “was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts,” Kaspersky said. “Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware.”

“After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems,” Kaspersky said.

The file containing the hacking tool was not shared with any third parties, Kaspersky said.

Kaspersky’s explanation Wednesday comes on the heels of recent news reports accusing Russian state-sponsored spies of exploiting the company’s antivirus software to conduct espionage. The Wall Street Journal reported on Oct. 5 that Russian intelligence used Kaspersky software to steal classified software from the personal computer of an NSA worker, and a subsequent article published by The New York Times corroborated aspects of that report.

Kaspersky described the non-Equation Group malware detected by its antivirus scan as “a full blown backdoor which may have allowed third parties access to the user’s machine,” meaning anyone, Russian spies or otherwise, could have potentially hacked the NSA worker’s computer.

The U.S. Department of Homeland Security issued a directive Sept. 13 banning all federal agencies from using Kaspersky products, and Sen. Claire McCaskill, the ranking Democrat on the Homeland Security and Governmental Affairs Committee, wrote Acting Homeland Security Secretary Elaine Duke on Tuesday this week seeking answers about the removal of Kaspersky products from government computers.

“Kaspersky products present a clear security threat to the U.S.,” Ms. McCaskill, Missouri Democrat, wrote in the letter.

The Russian government has previously denied exploiting Kaspersky products to steal state secrets.