Last month, American Genius reported that the U.S. House of Representatives had passed a bill backing up a Department of Homeland Security directive ordering all U.S. government and military agencies to stop using Moscow-based Kaspersky antivirus software.
Although there has never been any hard proof that using Kaspersky software puts U.S. networks at risk, the supposed meddling of Russian hackers in last fall’s U.S. presidential election have created an environment of mistrust and suspicion that extends beyond the country’s government, leaking over into business relations.
Now, a new report implicates Kaspersky in one of the most damaging NSA leaks to date.
This past Thursday, the Wall Street Journal ran an article alleging that in 2015, hackers working for the Kremlin had stolen NSA data, identifying said data through a Kaspersky scan of an NSA contractor’s home computer.
The stolen data may have included information such as U.S. spy codes and details about how the U.S. defends against cyber attack.
The Wall Street Journal identifies only “multiple people with knowledge of the matter” as its sources and provides no direct evidence that Kaspersky was involved in the hack. Because the sources are anonymous, the story cannot be independently verified by other journalists.
Even if it could be proven that the NSA files were identified because of Kaspersky software, this doesn’t necessarily prove that Kaspersky was at fault or knowingly cooperated with the hackers or the Russian government.
While some experts suspect that Kaspersky uploads data from scans to its cloud, then uses that data to find classified files, others argue that the hackers could have simply found a vulnerability in Kaspersky software, and that Kaspersky Lab’s hands are clean.
What is indisputable is that the NSA contractor should not have been allowed or able to remove classified material from NSA networks and put them on his personal computer. This is the third incident in four years in which insider information was leaked from the NSA, the most famous case being that of Edward Snowden.
Kaspersky Labs continues to point out that there has been little hard evidence to prove that they are involved in Kremlin hacking, instead insisting that their company is “caught in the middle of a geopolitical fight.”
Nonetheless, these unsubstantiated stories have had a major impact on Kaspersky, and the software company may not be able to recover its U.S. market.
Earlier this year, even before the U.S. Department of Homeland Security banned Kaspersky from government agencies, the FBI had warned private companies about the dangers of using Russian-made software, and electronics giant Best Buy had stopped selling Kaspersky.