Kaspersky say NSA worker’s computer was riddled with malware

Kaspersky say the NSA worker’s home computer became infected when he installed a pirated version of Microsoft Office.
  • Kaspersky Lab have released a new report on Thursday that pushes back against accusations that it helped leak sensitive NSA materials and suggests that a backdoor found on an NSA worker’s computer could have allowed others to take files from his machine.
  • Kaspersky say the computer of the NSA worker who brought home classified hacking tools was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the NSA files.
  • The report says the worker had at least 120 other malicious files on his home computer in addition to the backdoor. The backdoor was allegedly trying to communicate with a malicious command-and-control server at the time of the theft.
  • “Given that system owner’s potential clearance level, the user could have been a prime target of nation states,” the report speculates.
  • Costin Raiu, director of Kaspersky’s Global Research and Analysis Team says that the NSA worker had disabled his Kaspersky software and left his computer unprotected for a time. Raiu says they found evidence of a second backdoor as well, though they saw no sign of it trying to communicate with an external server.
  • “It looks like a huge disaster the way it happened with running all this malware on his machine. It’s almost unbelievable,” says Raiu.
  • The NSA declined to comment on the revelations.
  • Kaspersky claim that once analyst brought the NSA files he had discovered to the company’s CEO, Eugene Kaspersky, he was instructed to delete them immediately.
  • The NSA worker’s home computer apparently got infected with the backdoor after he tried to install a pirated version of Microsoft Office. The report says he disabled his Kaspersky detection software to install the pirated software. It turned out to contain a backdoor known as “Smoke Bot” that was purportedly created by a Russian hacker in 2012 and sold on a Russian underground forum. Raiu describes it as a very small backdoor that has the ability to download and run additional plugins from an attackers’ command servers. “It’s high-end stuff,” he says.
  • When Rob Joyce, the Trump administration’s top cybersecurity adviser, was asked for comment on the findings, he reiterated that Kaspersky software should be banned from government computers.
  • “Kaspersky as an entity is a rootkit you run on a computer,” he said. While acknowledging that other AV software has the same potential for misuse, he contended that Kaspersky is “a Russian company subjected to FSB control and law, and the US government is not comfortable accepting that risk on our networks.”

So you Think Shes Cheating on You - Put Your Mind at Rest With FlexiSPY (728x90)

Be the first to comment

Leave a Reply

Your email address will not be published.