(rbc.ru – translated by RussiaFeed) – Kaspersky Lab has learned that on the computer of an NSA employee, whose data tampering it was accused of in the US, a lot of virus ware were installed. Among others, hackers from China could get access to the computer.
“Kaspersky Lab” published the results of an internal investigation of the incident, which resulted in the Russian company allegedly received four secret documents from the NSA contractor’s computer. This episode became the trigger for prohibiting US institutions from using the antivirus software developer products as from September, The New York Times reported.
In 2014, an unknown suspicious file was automatically sent to the cloud storage of the Kaspersky Security Network (KSN) system from the computer of one of the users of the Kaspersky antivirus program in the United States. The computer that automatically sent suspicious file belonged to one of the NSA contractors.
Among the files received by anti-virus software developers was “a previously unknown debug version of malicious software”, which is used by the hacking group Equation, as well as several highly classified files, followed from the company’s preliminary conclusions. “Laboratory” allegedly connect this hacker grouping with the US special services.
“The supposedly secret information was obtained by experts, because it was sent in the archive, which was responded to on the basis of Equation signatures,” the Laboratory said in a statement about the end of the internal investigation.
During the investigation, other facts were established. For example, telemetry analysis showed that remote access to the device “could have an unknown number of third parties,” experts warn.
“Kaspersky Lab’s protection solution installed on the computer reported 121 samples of malicious software not related to Equation,” the company said in a statement.
The malicious software installed on this computer got there by various backdoors (a deliberate algorithm defect that allows an attacker to almost imperceptibly gain access to other data), exploits (a program that exploits vulnerabilities in software for different purposes), “Trojans” and advertising programs. The company’s experts, however, can not exactly state whether the detected software was “launched during the incident period”.
In particular, experts explain, the computer of the NSA officer, from which secret documents were received, was infected with the backdoor Mokes.
The managing servers of the backdoor Mokes during the period when the infection was detected were allegedly registered with a Chinese organization called Zhou Lou, Kaspersky Lab points out.
The company also repeated an earlier statement that the secret documents received by Kaspersky Lab as part of the infected files were destroyed immediately after receipt and were not transferred to third parties. The “Laboratory” could not say if the destruction procedure was carried out in accordance with the requirements of US law.
“Experts of the company did not receive instruction on handling classified documents and do not have legal obligations to pass it,” the report says. The company also stressed that it is ready to provide details of the investigation to interested parties – governmental organizations or clients of the company.