Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security United States

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com) 141

A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
This discussion has been archived. No new comments can be posted.

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware

Comments Filter:
  • Yes we scan (Score:4, Funny)

    by Anonymous Coward on Thursday November 16, 2017 @11:19AM (#55563029)

    In Russia, anti virus scans you

  • Exactly how did Kapersky Lab determine this?

    • by Tinsoldier314 ( 3811439 ) on Thursday November 16, 2017 @11:24AM (#55563081)

      Exactly how did Kapersky Lab determine this?

      By siphoning all the files off his computer, DUH

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Exactly how did Kapersky Lab determine this?

      The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.

      • Re: (Score:2, Insightful)

        by cbiltcliffe ( 186293 )

        The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.

        But apparently doesn't actually delete or quarantine those malicious files, because they claim that they blocked the malware communication until the end user turned Kaspersky off. So, they detected it, and blocked the symptoms, but didn't bother to remove the infection.

        Sounds like a pretty good reason not to run Kaspersky, to me.....

        • Re:Wait a second (Score:5, Insightful)

          by alvinrod ( 889928 ) on Thursday November 16, 2017 @01:19PM (#55564195)
          I don't know if I'd want a virus scanner that has the ability to automatically remove files without my explicit permission. Imagine if your virus scanner itself were compromised and told to treat regular files as infections.
          • If your virus scanner is compromised, it is not going to care whether you give it permission to do something or not.
          • There was at least one incident where a virus checker found that an important Windows system file was malware, and removed it. Not good.

          • Virtually all virus scanners automatically quarantine files, which removes them from their original location, and sometimes encrypts them.

            If you think that's unacceptable, then I guess you need to change the settings for anything you run.

        • So it was like that scene in Ghostbusters where everything was under control until EPA Inspector Walter Peck shutdown the containment facility.
        • Or, the guy at FSB who normally writes their press releases had a day off, and the guy that was doing it that day didn't understand the engineering and made an "oops" claim.

    • by rtb61 ( 674572 )

      It should be really fucking obvious but it seems you are a bit dim. The person didn't trust US security software for some reason and instead preferred to use Kaspersky security software for some reason. Now for normal security software, the default setting is to send back a report about infections found, so that the security companies can tighten security, that is like so obvious. The idiots world view presented by the lying American establishment is, if you hire a security guard to guard you property and h

      • by EvilSS ( 557649 )

        That a NSA employee preferred Kaspersky software over US security software is extremely revealing ie probably you should prefer it as well...

        That's like saying I should prefer to eat at McDonald's because an morbidly obese nutritionist prefers to eat at McDonald's. This is the last person on earth anyone should be trying to emulate when it comes to security. He failed at it miserably.

        Also no concern at all that those malware reports are traceable back to an individual device? I get reporting new malware, but Kaspersky seems to be able to tie it back to specific client devices which certainly is a problem. There is no reason they need that to a

  • by Anonymous Coward

    I am American and I can see now that they have fully investigated and have found that they are not to be blamed. Case is closed so now can we go to get back to real problems?

  • Wait... (Score:5, Insightful)

    by the_skywise ( 189793 ) on Thursday November 16, 2017 @11:25AM (#55563089)
    So first they admitted they retrieved the documents and patted themselves on the back for pulling down the documents that were leaked because they obviously involved data related to hacking.
    NOW they're claiming there was malware on his system (oh, and that's not Kapersky's fault either because the user allegedly turned Kapersky off for a bit) so the leaks might have come from the malware and not from them?
    I dunno... I would've led with the latter story FIRST...
    • by Anonymous Coward
      Personally, I find it concerning the amount of data they collected from this machine to be able to give this analysis (the questionable analysis due to motivation aside). Their excuse just provides a style type of rope.
    • by Anonymous Coward

      Get real. Kaspersky is not out there to infect your computer, steal your secrets (which you stole in the first place), or lie to the world while they hack all the computers. Did you grow up in front of the TV or something? They produce a top AV suite and some of the best research out there, and have been doing so for over a decade. Do you think their record is made up? How often do you see the same amount of research and diligence from your American firms? Never. Ever.

  • by PopeRatzo ( 965947 ) on Thursday November 16, 2017 @11:26AM (#55563099) Journal

    What possible reason would Kaspersky have to lie?

    Also, in Soviet Russia, antivirus software installs you.

  • Sounds like Kaspersky is either trying to deflect or didn't do a good job of prevention/protection. Were I Kaspersky, at this point, I think I might have kept my mouth shut.
  • by Opportunist ( 166417 ) on Thursday November 16, 2017 @11:43AM (#55563269)

    That looks like some NSA worker used a private USB stick to transfer some of the "internal tools" from his computer to another, forgot about it, stuck it into his computer at home that ran Kaspersky, Kaspersky scanned the stick, the AV heuristics determined the stuff looked kinda fishy, did a closer scan, and eventually sent a copy to Russia. Whether that happened after asking "Hey, dude, something's kinda odd about this file, mind if we analyzed it?" or not is kinda moot now.

    And since it would be kinda embarrassing to admit such a blunder and that the NSA, of all agencies, handed their valuable zero days to the Russians... let's rather say those damn Russkies in general and Kaspersky in particular are "hacking" us.

    • The NSA really doesn't have that good a reputation for internal security, although it's probably better than it was when the agency was younger.

  • From the summary: "Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well..."

    I thought computers only had one asshole, and it was generally referred to in polite society as "User".

  • by barbariccow ( 1476631 ) on Thursday November 16, 2017 @11:50AM (#55563331)
    So... he's a developer for NSA creating malware, and it detected malware? Sounds about right. The guy was probably testing explicitly if Kapersky could detect the malware since that's what the Russian targets would use. And it did. And now they're pissed / backroom deal with American anti-virus companies to ensure only their shittier software is used (which likely doesn't detect NSA's malware, or has explicit exemptions built-in).
  • by Archtech ( 159117 ) on Thursday November 16, 2017 @11:52AM (#55563365)

    ... he brought home non-government malware that might have stolen the government malware he was working on?

  • Comment removed based on user account deletion
  • by OneHundredAndTen ( 1523865 ) on Thursday November 16, 2017 @12:27PM (#55563729)
    Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?
    • The Deep State is not particularly competent at all. They simply like exercising power. If they fail - so what? They'll just try again. It's not like they're in danger of being tossed out for failure. Being untouchable is what being in the unelected career government is all about.
    • by jon3k ( 691256 )
      Because they're humans and it's technology is complex. So far the only things I'm aware of are Snowden who violated his sworn duty to not leak classified data and however the Russians got a hold of the very small amount of NSA code. The most plausible story of which I've heard was that they left some exploit code on a compromised machine somewhere and the Russians found it.

      For all we know the NSA planted it to see who would pick it up because they realized the Russians had found the same exploit and ne
    • by AHuxley ( 892839 )
      Re "They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas?"

      The GCHQ and NSA had crypto all worked out until the first networked home/desktop computers of the early 1980's. Real time decryption of junk standard global cryptic systems.
      All commercial, NATO/mil/gov, many nations diplomatic, banking encryption that was sold as a standard in the West was totally understood by the NSA and GCHQ from the 1950-80's
      The 1980's desktop computers gave the user the abilit
    • Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?

      They do not pay very well and are quite anal to work for. What kind of people do you think they will get?

  • Now the NSA chickens are coming home to roost.
  • It was a honeypot (Score:5, Interesting)

    by MobyDisk ( 75490 ) on Thursday November 16, 2017 @02:14PM (#55564667) Homepage

    The contractor's computer was a honeypot. NSA hacking tools are being released on the dark web and they want to find out how they are being leaked. One theory was that Kaspersky was the culprit. So the NSA intentionally had a contractor put some NSA tools on a laptop that has Kaspersky, and had him put some other malware on there so that Kaspersky antivirus would detect it and wake up, then they watched to see if anyone scanned the NSA hacking tools and downloaded them.

    What is happening now is the ensuing PR war. The public won't really learn the truth for years, if ever.

  • ... mock the NSA guy for this?

    E.g. the Kaspersky guys could say "Look out! Here comes Typhoid Mary!" whenever they saw him. That shit would never get old.

  • And my grandfather, my dad, and I never served in units fighting Russian operatives during the Cold War(s).

    Suuuure.

    Try another one.

    Maybe they'll byte.

  • It seems like the United States Postal Service network is becoming more secure that that of the NSA.
  • Kaspersky AV was installed on a machine full of malware and NSA hacking tools. Kaspersky AV then did its job perfectly, and retrieved samples of all the malware.

    America then got wind of this, and because this is 1) embarassing to the NSA, and 2) proves that Kaspersky is a top product, America is now in a full head-on propaganda assault, spreading lies and misinformation that Kaspersky and the Russians (all of them, apparently) are hacking into your computers.

    Wake the F up. The only two AV-suites you can tru

  • Why does slashdot keep mentioning Kaspersky? The world needs to just forget they exist. Kind of like the country they are in. The world doesn't need it at all, but it needs the world. Let's just ignore the whole bunch.
  • Echoing the sentiments of such security giants as Howlin' Wolf, Willie Dixon and Chicken Shack, Mr. Morrison, CEO of security company "Doors" was crystal clear about an increased role for women in protecting certain software and hardware ports from unanticipated penetration.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...