The Russian government used a popular antivirus software to secretly scan computers around the world for classified US government documents and top-secret information, modifying the program to turn it into an espionage tool, the Wall Street Journal reports, citing current and former US officials with knowledge of the matter.
The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software.
But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of US government programs, these people said.
The Wall Street Journal reported last week that Russian hackers used Kaspersky’s software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program.
The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. An NSA spokesman didn’t comment on the breach.
But the use of the Kaspersky program to spy on the US is broader and more pervasive than the operation against that one individual, whose name hasn’t been publicly released, current and former officials said.
Kaspersky Lab, founded by an engineer trained at a KGB technical school, has long insisted that it doesn’t assist the Russian government with spying on other countries. But many US officials now think the evidence the US has collected shows the company is a witting partner, said people familiar with the matter.
“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” said a former US official with knowledge of information gleaned in 2015 about how the software was used to search for American secrets.
He said the nature of the software is such that it would have had to be programmed to look for specific keywords, and Kaspersky’s employees likely would have known that was happening, this former official said.