For months, government agencies have been warning that popular antivirus software could be giving Russian intelligence agencies a back door into American computers and secrets. Now a new report says not only that it could happen, but that it already has, at least once.
The Wall Street Journal reports that hackers working for the Russian government were able to access “highly classified” National Security Agency documents after a worker for the agency opened them on a computer using Kaspersky products.
The theft actually happened in 2015 but wasn’t discovered until 2016, sources told the WSJ. The contractor opened work files — which included detailed data about how the NSA accesses and penetrates foreign computer networks — on his home PC, at which point the hackers were able to access them.
Kaspersky products have never been authorized inside of the NSA, the Journal notes. Employees and contractors were “advised” not to use them at home, but were not prohibited from doing so at the time of the 2015 incident. However, many other security-related agencies, including including the Army, Navy and Air Force and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice, and Treasury all used Kaspersky software at some point, the WSJ adds.
Until earlier this year, Kaspersky Lab for the most part largely enjoyed a very positive reputation in the United States.
The company, named for founder Eugene Kaspersky, began operations in Russia in 1997 and expanded its offerings to the U.S. in the years immediately after.
Its antivirus and security products have been consistently well-regarded since the early 2000s. Just last month, for example, PC Mag gave Kaspersky one of its “editors’ choice” stamps in its annual antivirus rankings roundup.
The company offers a full security suite of products for home, small business, and enterprise users, and also now offers mobile products as well. At this point, Kaspersky Lab is one of the largest cybersecurity and antivirus companies in the world, boasting about 400 million users.
And that was all well and good, for a while… and then 2017 happened.
Bloomberg actually reported on Kaspersky’s ties to Russian intelligence back in 2015. While those reports gained some attention among national security officials, they went by and large unremarked in the wider world.
Security expert Brian Krebs told NPR in 2015 that he personally used Kaspersky products, and thought the concerns about them were largely overblown.
“If Kaspersky Labs wanted to do something bad, there’s absolutely no question that they could,” he told NPR — perhaps prophetically — at the time.
But, he added, “if Kaspersky was somehow found to be acting at the behest of the Russian government to spy on its customers, I think they’d pretty much be out of business overnight.”
Here in 2017, however, concerns about Russian interference in American politics, intelligence, and affairs have been spiraling up in D.C. for months — and that includes Kaspersky.
This breach, the WSJ notes, is the first known instance of Russian entities actually using Kaspersky software to conduct espionage against the U.S. government. The suspicion that they could do so, however, has been slowly brewing for years and accelerating rapidly this year.
The company’s reputational downfall in the U.S. has been swift:
- May: The heads of several intelligence agencies tell the Senate Intelligence Committee that they have concerns about Kaspersky software.
- July: Bloomberg again reports that Kaspersky not only has loose ties to Russian intelligence, but in fact has been working with the FSB (Russia’s main intelligence agency).
On the same day, the federal government removes Kaspersky Lab from the list of approved vendors that U.S. agencies are allowed to do business with.
- August: The FBI reportedly approaches companies in the private sector and asks them to phase out any use of Kaspersky products.
- September: Best Buy stops selling any Kaspersky products either in stores or online.
A few days later, the Department of Homeland Security formally orders any federal agencies using Kaspersky software to stop, providing 30-, 60-, and 90-day windows for identifying what products are in use and figuring out how to replace them.
A spokesperson for the NSA declined to comment on the security breach to the WSJ, saying, “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters.”