A report by the Wall Street Journal suggests that Russian hackers used Kaspersky software to identify sensitive NSA files -- which they then stole.
The security breach dates back to 2015, and it was made possible when a National Security Agency contractor copied sensitive files to his own computer. Hackers were then able to identify these files because of the contractor's use of Kaspersky software.
The Wall Street Journal reports that the stolen documents contain information about penetrating foreign computers, as well as how to protect against cyberattacks. The NSA has declined to comment on the matter beyond saying its policy is "never to comment on our affiliates or personnel issues."
The story has also been covered by the Washington Post which said the contractor worked for the NSA's elite hacking Tailored Access Operations unit. The report also says the matter is under federal investigation at the moment and that the stolen material was used by Russia to detect and avoid counterespionage carried out by the US.
Kaspersky Labs has already found itself at the center of controversy after it was previously suggested that the company was connected to the Russian government. The firm had denied the allegations, but this was not enough to stop Kaspersky software from getting banned from US government computers last month.
Kaspersky Lab strenuously denies the involvement in or knowledge of the story put forward by the Wall Street Journal:
Kaspersky Lab has not been provided any evidence substantiating the company's involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company.
As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.
We make no apologies for being aggressive in the battle against malware and cybercriminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It's also important to note that Kaspersky Lab products adhere to the cybersecurity industry's strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.