NSA Contractor Downloaded Backdoor to PC, Says Kaspersky Lab

[tao]

Kaspersky Lab has released the results of an internal investigation into the suspected theft by Russian spies of NSA hacking tools from a contractor’s laptop, which seem to clear it of wrongdoing alleged in US media reports.

 

The Moscow-headquartered vendor has been under fire over the past few months after reports in various outlets including the Washington Post and Wall Street Journal indicated its products may have been used by Russian intelligence to harvest the data; potentially with the firm’s knowledge.

 

A New York Times story earlier this month then claimed that Israeli spies which had also compromised Kaspersky Lab software had spotted Kremlin hackers using its tools, evidence it passed on to Washington, which then banned federal use of all products.

 

However, Kaspersky Lab now says it has reviewed telemetry logs in relation to “alleged 2015 incidents described in the media”.

 

Most notably, it claims the NSA worker in question, who took home the stolen classified materials, disabled the Kaspersky Lab software running on his PC after it detected new versions of Equation APT – malware linked to the US spy agency.

 

It continues:

“Following these detections, the user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator (aka ‘keygen’) which turned out to be infected with malware. Kaspersky Lab products detected the malware with the verdict Backdoor.Win32.Mokes.hvl.

 

To install and run this keygen, the user appears to have disabled the Kaspersky products on his machine. Our telemetry does not allow us to say when the anti-virus was disabled, however, the fact that the keygen malware was later detected as running in the system suggests the antivirus had been disabled or was not running when the keygen was run. Executing the keygen would not have been possible with the anti-virus enabled.”

 

This “full blown backdoor” could have allowed third parties to access the user’s machine, Kaspersky Lab claimed.

An unspecified time later, the same user re-enabled Kaspersky Lab and new malicious variants of Equation APT were sent back to the vendor’s servers for analysis.

 

“After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO,” it added. “Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties.”

 

Kaspersky Lab claimed no further detections were received from the user in 2015 and there have been no other incidents or third-party intrusions to date, except the “Duqu 2.0” intrusion thought to be the work of Israeli spies.

 

What’s more, Kaspersky Lab confirmed it has never created any detection of non-malicious documents in its products based on keywords like “top secret” and “classified”, as alleged in a WSJ story.

 

The only question mark remains around the timing of the incident. Most reports have it as 2015, while Kaspersky Lab claimed it happened in 2014. The firm went public with its findings on the NSA’s Equation Group in February 2015.

 

As part of its efforts to prove its innocence, Kaspersky Lab this week launched a Global Transparency Initiative under which it plans to offer its source code for independent third party review.

 

< Here >

[Ha91]

Haha, I can't believe a NSA contractor would so dumb to download an alleged 'microsoft office keygen', when the activation process of Windows does not allow for such things

This is epic!

[steven36]

Russian cybersecurity company admits taking NSA code

 

SAN FRANCISCO – Moscow-based Kaspersky Lab on Wednesday acknowledged that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.

 

The admission came in a statement from the embattled company that described preliminary results from an internal inquiry it launched into media reports that the Russian government used Kaspersky anti-virus software to collect National Security Agency technology.

 

While the explanation is considered plausible by some security experts, U.S. officials who have been campaigning against using Kaspersky software on sensitive computers are likely to seize on the admission that the company took secret code that was not endangering its customer to justify a ban.

 

Fears about Kaspersky’s ties to Russian intelligence, and the capacity of its anti-virus software to sniff out and remove files, prompted an escalating series of warnings and actions from U.S. authorities over the past year. They culminated in the Department of Homeland Security last month barring government agencies from using Kaspersky products.

 

In a statement, the company said it stumbled on the code a year earlier than the recent newspaper reports had it, in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.

 

While reviewing the file’s contents, an analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the company’s copy of the code be destroyed, the company said.

 

“Following a request from the CEO, the archive was deleted from all our systems,” the company said. It said no third parties saw the code, though the media reports had said the spy tool had ended up in Russian government hands.

 

The Wall Street Journal said on Oct. 5 that hackers working for the Russian government appeared to have targeted the NSA worker by using Kaspersky software to identify classified files. The New York Times reported on Oct. 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

 

Kaspersky did not say whether the computer belonged to an NSA worker who improperly took home secret files, which is what U.S. officials say happened. Kaspersky denied the Journal’s report that its programs searched for keywords including “top secret.”

 

The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there.

 

The new 2014 date of the incident is intriguing, because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project.

 

Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.

Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.

 

It also did not say how often it takes uninfected, non-executable files, which normally would pose no threat, from users’ computers.

 

Former employees told Reuters in July that the company used that technique to help identify suspected hackers. A Kaspersky spokeswoman at the time did not explicitly deny the claim but complained generally about “false allegations.”

 

After that, the stories emerged suggesting that Kaspersky was a witting or unwitting partner in espionage against the United States.

 

Kaspersky’s consumer anti-virus software has won high marks from reviewers.

 

It said Monday that it would submit the source code of its software and future updates for inspection by independent parties.

 

 

http://nypost.com/2017/10/25/russian-cybersecurity-company-admits-taking-nsa-code/

 

[knowledge-Spammer]

Russian cybersecurity company admits taking NSA code

its not what they say  100%

 

[steven36]

Kaspersky: We uploaded US documents but quickly deleted them

 

PARIS — Sometime in 2014, a group of analysts walked into the office of Eugene Kaspersky, the ebullient founder of Russian cybersecurity firm Kaspersky Lab, to deliver some sobering news.

Kaspersky's anti-virus software had automatically scraped powerful digital surveillance tools off a computer in the United States and the analysts were worried: The data's headers clearly identified the files as classified.

 

They immediately came to my office," Kaspersky recalled, "and they told me that they have a problem."

 

He said there was no hesitation about what to do with the cache.

 

"It must be deleted," Kaspersky says he told them.

 

The incident, recounted by Kaspersky during a brief telephone interview on Tuesday and supplemented by a timeline and other information provided by company officials, could not immediately be corroborated. But it's the first public acknowledgement of a story that has been building for the past three weeks — that Kaspersky's popular anti-virus program uploaded powerful digital espionage tools belonging to the National Security Agency from a computer in the United States and sent them to servers in Moscow.

 

The account provides new perspective on the U.S. government's recent move to blacklist Kaspersky from federal computer networks, even if it still leaves important questions unanswered.

To hear Kaspersky tell it, the incident was an accident borne of carelessness.

 

Analysts at his company were already on the trail of the Equation Group — a powerful group of hackers later exposed as an arm of the NSA — when a computer in the United States was flagged for further investigation. The machine's owner, identified in media reports as an NSA worker, had run anti-virus scans on their home computer after it was infected by a pirated copy of Microsoft Office, according to a Kaspersky timeline released Wednesday.

 

The scan didn't just treat the infection. It also triggered an alert for Equation Group files the worker had left in a compressed archive which was then spirited to Moscow for analysis.

Kaspersky's story at least partially matches accounts published in The New York Times, The Washington Post and The Wall Street Journal. All three publications recently reported that someone at the NSA's elite hacking unit lost control of some of the agency's powerful surveillance tools after they brought their work home with them, leaving what should have been closely guarded code on a personal computer running Kaspersky's anti-virus software.

 

But information security experts puzzling over the hints dropped by anonymous government officials are still wondering at whether Kaspersky is suspected of deliberately hunting for confidential data or was merely doing its job by sniffing out suspicious files.

 

Much of the ambiguity is down to the nature of modern anti-virus software, which routinely submits rogue files back to company servers for analysis. The software can easily be quietly tweaked to scoop up other files, too: perhaps classified documents belonging to a foreign rival's government, for example.

 

Concerns have been fanned by increasingly explicit warnings from U.S. government officials after tensions with Russia escalated in the wake of the 2016 presidential election.

 

Kaspersky denies any inappropriate link to the Russian government, and said in his interview that any classified documents inadvertently swept up by his software would be destroyed on discovery.

"If we see confidential or classified information, it will be immediately deleted and that was exactly (what happened in) this case," he said, adding that the order had since been written into company policy.

An AP request for a copy of that policy wasn't immediately granted.

 

Kaspersky's account still has some gaps. For example, why not alert American authorities to what happened? The newspaper reports alleged that the U.S. learned that Kaspersky had acquired the NSA's tools via an Israeli spying operation.

 

Kaspersky declined to say whether he had ever alerted U.S. authorities to the incident.

 

"Do you really think that I want to see in the news that I tried to contact the NSA to report this case?" he said at one point. "Definitely I don't want to see that in the news."

So did he alert the NSA to the incident or not?

 

"I'm afraid I can't answer the question," he said.

 

Even if some questions linger, Kaspersky's explanation sounds plausible, said Jake Williams, a former NSA analyst and the founder of Augusta, Georgia-based Rendition InfoSec. He noted that Kaspersky was pitching itself at the time to government clients in the United States and may not have wanted the risk of having classified documents on its network.

 

"It makes sense that they pulled those up and looked at the classification marking and then deleted them," said Williams. "I can see where it's so toxic you may not want it on your systems."

As for the insinuation that someone at the NSA not only walked highly classified software out of the building but put it on a computer running a bootleg version of Office, Williams called it "absolutely wild."

"It's hard to imagine a worse PR nightmare for the NSA," he said.

___

Online:

 

Kaspersky's timeline:

https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/

 

 

source:

http://www.bostonherald.com/news/international/2017/10/kaspersky_we_uploaded_us_documents_but_quickly_deleted_them

 

[knowledge-Spammer]

They immediately came to my office," Kaspersky recalled, "and they told me that they have a problem."

He said there was no hesitation about what to do with the cache.

"It must be deleted," Kaspersky says he told them

 so how did russians make this man download fake microsoft office  ?

but in this Kaspersky  helped stop it and removed it as it was fake  and yet Kaspersky  is the bad one ?

this is all just to funny to read  i have to stop

[steven36]

Bootleg don't  mean fake it means pirated   and the part in the OP  about a  office keygen sounds fabricated  everyone knows there is no such thing as a keygen that can activate office  maybe they meant KMS  or something.  

[knowledge-Spammer]

6 minutes ago, steven36 said:

Bootleg don't  mean fake it means pirated   and the part in the OP  about a  office keygen sounds fabricated  everyone knows there is no such thing as a keygen that can activate office  maybe they meant KMS  or something.  

y the nsa download pirated    microsoft office  them cant pay money for it  shame on them  all the money usa have and yet not want to pay for it  to funny for me to keep read this topic

[steven36]

15 minutes ago, knowledge said:

y the nsa download pirated    microsoft office  them cant pay money for it  shame on them  all the money usa have and yet not want to pay for it  to funny for me to keep read this topic

The fact still remains they  exposed  a  NSA group witch is all and well  if you are a Whistle Blower  but not so well as a vendor  this will never go over well with the USA Government you can get the death plenty in the USA for leaking state secrets    . If you expect too do business  with someone you must have there trust  and playing both sides  you will never achieve this .

 

DHS Statement on the Issuance of Binding Operational Directive 17-01

 

https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01

 

 

[tao]

Pirated software, key(gen) ... office activation ...  beyond funny (here).   

 

Kaspersky (KAV, KIS, KTS) keys -- oh, the irony!     

[knowledge-Spammer]

4 minutes ago, steven36 said:

The fact still remains they  exposed  a  NSA group witch is all and well  if you are a Whistle Blower  but not so well as a vendor  this will never go over well with the USA Government you can get the death plenty in the USA for leaking state secrets    . If you expect too do business  with someone you must have there trust  and playing both sides  you will never achieve this .

pls look again at the usa and as u say playing both sides   think 1st

were is Kaspersky  playing both sides its not its side is to stop virus and things like that  ? no matter if in usa or not 

much things i can say about playing both sides but ill not as we will just fight  about whats been said i am ok with what Kaspersky  did it helps stop virus and things like that its there job  so cant be mad at them for helping stop virus and things like that

usa are just mad  its all its all about  i think  and how did Kaspersky  exposed   what exposed    ? show me pls

[steven36]

11 minutes ago, knowledge said:

pls look again at the usa and as u say playing both sides   think 1st

were is Kaspersky  playing both sides its not its side is to stop virus and things like that  ? no matter if in usa or not 

much things i can say about playing both sides but ill not as we will just fight  about whats been said i am ok with what Kaspersky  did it helps stop virus and things like that its there job  so cant be mad at them for helping stop virus and things like that

usa are just mad  its all its all about  i think  and how did Kaspersky  exposed   what exposed    ? show me pls

You can look all you want  you're just wasting you're time . I don't think you understand  and you want as long as you look at it  from a  anti-malware  security standpoint  and not at a national security standpoint.  anti-malware  can be replaced  but if one day something leaks that cause  many people  to die . people cant be replaced .   If there is even a  small chance  of something breaching national security it should be resolved.

[tao]

As said time and time again (by a few) here, let's stop the political posts (which are a-okay with me).

And get back to technical ... 

 

 

 

[knowledge-Spammer]

22 minutes ago, steven36 said:

You can look all you want  you're just wasting you're time . I don't think you understand  and you want as long as you look at it  from a  anti-malware  security standpoint  and not at a national security standpoint.  anti-malware  can be replaced  but if one day something leaks that cause  many people  to die . people cant be replaced .   If there is even a  small chance  of something breaching national security it should be resolved.

what happened to the man who take the things to his own home and installed Kaspersky    y he do this for ?

what happened to him if this all was not for him never happen but still Kaspersky   the bad one   i am open to all things and no its not just about anti-malware   u  not understand i do very well

are u saying Kaspersky make this man do them things ?  again this all is real bs things  and yet from my understand it was a usa man from nsa who did this all not Kaspersky  russia russia all the time the bad guys yet this man from nsa do this on his own time and not Kaspersky

[knowledge-Spammer]

8 minutes ago, adi said:

As said time and time again (by a few) here, let's stop the political posts (which are a-okay with me).

And get back to keys... 

 

 

 

i hate political posts   but as its all about russia and bad things russia do or did ill backup the russians  and keep posting comments back as its just not fair for all the times its the russians did it all never someone new just russian things so bad  its a big joke to me  this site is going down hill fast and as u guys can see never mods or admins about y  them not care  i have said to admins y have this bs posts with fake news and they say news topics will happen no matter what  i have said to cc ill pay money to not see bs  fake topics  and fake news 

[steven36]

 

Shit like this  gives  me the creeps if they knew this guy was using  cracked office  they know what everyone is doing  It's not really in  a pirates  best interest  to use programs that spy on what  we do . Keep  using you're  cracked Windows and office  while all these vendors are watching  you. I will be sitting back on Linux laughing at you . When I read stuff  like this it makes  me want too uninstall  the Antivirus i have on my Windows installs .  You install spies  and give up you're privacy to protect yourself from malware  .

[tao]

Knowledge, I understand without you explaining (about political posts).

 

People who complain of (other's posting) "shit" should not post "shit"  themselves.  

 

Cheers!   

[knowledge-Spammer]

The fact still remains  this man from nsa take things home and installed Kaspersky   y he not use norton ? y he use Kaspersky   this i want to understand 

and  he download office  from pirated    maybe nsa not pay him money so he can buy it the right way ?  if nsa have people like him   maybe its the right thing to happen to him or nsa  not smart people working for nsa  and ill stop now as i see were this is going  been nice talk with u guys about this  i learned much things about how same people think  and its all crazy

[steven36]

8 minutes ago, knowledge said:

The fact still remains  this man from nsa take things home and installed Kaspersky   y he not use norton ? y he use Kaspersky   this i want to understand 

and  he download office  from pirated    maybe nsa not pay him money so he can buy it the right way ?  if nsa have people like him   maybe its the right thing to happen to him or nsa  not smart people working for nsa  and ill stop now as i see were this is going  been nice talk with u guys about this  i learned much things about how same people think  and its all crazy

He was  a contractor  witch means he was just a temporary worker . He was not even a real NSA agent  this goes  back too the person over  it hiring people  from the outside because there under staffed  ..   Snowden was  another contractor  who was not a real  NSA  agent  and he walked out  with tons of stuff  and leaked it too the press . If it were not for all the leaks  i doubt that  they would be trying  too overhaul  there security systems .

[steven36]

Kapersky didn't do themselves  any favor  by admitting  to  they had  anything too do with this contractor . Before  they said they did we didn't even know if  the Government workers that are  leaking stuff too the press  were just making stuff  up or not .  But they came out and admitted it. So now there is other leakers  in the Government talking too the press about things the DHS didn't want out to begin with and Kaspersky fell for it and confirmed   the leak . Only thing they done was help the press out,  because the Government is not going talk about it in the public  or even admit any of this is true.

[knowledge-Spammer]

4 minutes ago, steven36 said:

Kapersky didn't do themselves  any favor  by admitting  to  they had  anything too do with this contractor . Before  they said they did we didn't even know if  the Government workers that are  leaking stuff too the press  were just making stuff  up or not .  But they came out and admitted it. So now there is other leakers  in the Government talking too the press about things the DHS didn't want out to begin with and Kaspersky fell for it and confirmed   the leak . Only thing they done was help the press out,  because the Government is not going talk about it in the public  or even admit any of this is true.

the way i see it  Kapersky  cant win no matter what they do  if say no Kapersky  must be lies and if say yes its still lies  

u say Kapersky didn't do themselves  any favor   how  is that they tell the truth  no ? i see no ways to win this bs topic about this  people can think as they liike  usa will lie about all things  mad things like  area 51 not existe its a real crazy place we all in nowdays little of topic i no but truth

u say temporary worker . He was not even a real NSA agent  but he have hands on with things and is not real a  NSA agent ? seems funny to me as u talk about national security

[steven36]

1 hour ago, knowledge said:

the way i see it  Kapersky  cant win no matter what they do  if say no Kapersky  must be lies and if say yes its still lies  

u say Kapersky didn't do themselves  any favor   how  is that they tell the truth  no ? i see no ways to win this bs topic about this  people can think as they liike  usa will lie about all things  mad things like  area 51 not existe its a real crazy place we all in nowdays little of topic i no but truth

u say temporary worker . He was not even a real NSA agent  but he have hands on with things and is not real a  NSA agent ? seems funny to me as u talk about national security

You  would have too live here to understand   how this works ,  For years in  government   they hire contractors from private companies  to do jobs  for the Government  and they are giving the ones in the NSA   too much clearance too classified information  people like Snowden was just a IT his job was was too work on PCs .  They do background checks and things  but still moles get in the cracks. My family  and  stuff lives in the USA  so it's in my  best interest that  our national security stays  strong  but it's  also in my interest it  don't  take away our freedoms.

 

I worked in many places in the private sector  over the years and  all of have them had contracts some of the contracts were for  Uncle Sam  and i had to have clearance  to get on a government faculty  to do my job  because  the Government was paying the company  i worked for to do the job.  They done a background check  on me  even. You have many  non Government  Workers  everywhere  there is Government jobs . Even  in Russia the U.S. Embassy and Consulates in Russia hire  Russians to do many jobs . When they have too get rid of people the non Government workers are the 1st to go . 

 

When  i 1st started  doing  contractor work  for our government  they didn't even do a background  check   it was right before 9-11  happen they started  that in  2001 and national security  was code orange  they knew that they was going be    and attack they  just didn't know where  so i had had to have a background  check because were i worked at was very dangerous and things.

[Sylence]

somebody give that stupid cheap nsa spy the right address of ru-board.com to download his keygen

lmao

[steven36]

The thing is  most of these contractors  make more money  than if they hired  a full time federal  worker . 

 

This debate  has been going on every since Snowden  leaked  all that stuff just being  a IT

 

NSA Leaker's Six-Figure Pay Should Spark Debate: Why Are Federal Workers Being Replaced With Pricier Contractors?

 

Quote

 

It was not Edward Snowden’s intent to spark a debate on the high price of replacing federal employees with government contractors.  But it should.  Why is a 29-year-old high school drop-out making more as a low-level contractor than any senior manager in the federal government short of the President himself, and a very few other special category employees?

At a reported annual salary of $200,000, Mr. Snowden was making more than the highest-paid federal senior executive, more than District Court Judges ($174,000) or U.S. Court of Appeals Judges ($184,500), more than Congressmen and Senators and more even than the House and Senate Majority Leaders ($193,400).  Even Supreme Court Justices and Vice-President Biden barely make more than Mr. Snowden earned as an IT contractor.

 

 

full strory

 

https://www.forbes.com/sites/johngoglia/2013/06/10/leakers-six-figure-salary-should-also-force-public-debate-why-are-lower-cost-federal-employees-being-replaced-with-so-many-higher-priced-contractors/#7a19a02232dd

 

It just depends  on what you do  for the NSA  they  have  wide range  of pay scales . So unless  we know  what this contractor  done exactly we don't know how much he was paid.

 

How much does National Security Agency in the United States pay?

Quote

The average National Security Agency salary ranges from approximately $46,573 per year for Technician to $142,643 per year for Division Chief. Average National Security Agency hourly pay ranges from approximately $10.64 per hour for High School Teacher to $59.00 per hour for Program Manager.

 

https://www.indeed.com/cmp/National-Security-Agency/salaries

 

 

 

[vibranium]

Some rumors have been flying around for years.