Kaspersky Explains Why It Uploaded Confidential US Government Files

kaspersky russia
2017: Firm Publishes a Detailed Report to Refute Claims It Helped Russian Hackers | Photo: Ulyana Basova

Last month Kaspersky first admitted to having uploaded confidential National Security Agency files and tools from a contractor’s computer during a routine antivirus analysis. This continued to happen for over two months according to the company’s latest report published earlier today.

A company analyst had manually reviewed the uploaded data and had contacted Eugene Kaspersky, founder and chief executive, after realizing that it was confidential material. According to the Moscow based antivirus firm, it deleted all material except for malware. "The reason we deleted those files and will delete similar ones in the future is two-fold," Kaspersky Lab said in the latest report.

Related StoryRafia Shaikh
Kaspersky Announces Stopping All Work with European Cybercrime Initiatives In Response to Potential EU Ban

"We don’t need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials. Assuming that the markings were real, such information cannot and will not [be] consumed even to produce detection signatures based on descriptions."

The firm also modified its software to prevent it from copying the file in question again.

This concern was later translated into a policy for all malware analysts which are required to delete any potential classified materials that have been accidentally collected during anti-malware research or received from a third party. Again to restate: to the best of our knowledge, it appears the archive files and documents were removed from our storage, and only individual executable files (malware) that were already detected by our signatures were left in storage.

Today's 13-page report is the latest effort from the company to respond to allegations that the Russian state sponsored hackers used and potentially modified the antivirus program to actively look for confidential NSA material. In response to those allegations, the United States took an unprecedented decision of putting a blanket ban on the firm's products from all government agencies. Earlier this week, the Department of Homeland Security presented a review to the Congress suggesting that many agencies were proactively removing the firm's products ahead of their December 12 deadline.

The report tries to assuage the government's concerns by saying that:

  1.  The software "did not" do anything that was unintended and wasn't "outside of this scope to either pull back additional files that did not fire on a malware signature or were not part of the archive that fired on these signature."
  2. All confidential data was removed except some traces, including "statistics and some metadata"
  3. The firm cannot be held responsible for whether this data was "handled appropriately" since Kaspersky's "analysts have not been trained on handling US classified information, nor are they under any legal obligation to do so."

The company adds that the incident happened between September 11, 2014 and November 17, 2014. It is unlikely that the US government would rollback its ban on the firm since the company is yet to respond to questions of how does (or would) it deal with demands from the Russian government if it orders the company to perform actions that the firm is currently being accused of. Would it say no to the President even though the firm is based in Russia and the country hasn't been very kind to tech companies not giving up user data or meeting its demands?

Kaspersky, however, hopes that the new report would shed "some long-overdue light to the public and allows people to draw their own conclusions based on the facts presented" today.

Related StoryRafia Shaikh
Europe Considers Following Trump’s Example of Banning Moscow-Based Kaspersky

Technical analysis is available here (PDF) and here

WccfTech Tv
Filter videos by