U.S. officials believe that the Russian government used a popular antivirus software to scan computers around the world for classified U.S. information.
U.S. officials said that an adjustment to the program, which could only have been made with the company’s knowledge, allowed it to search for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of U.S. government programs.
It was also reported last week that Russian hackers used Kaspersky’s software in 2015 in a cyberattack targeting a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries.
These two revelations come after the U.S. banned federal agencies last month from using computer antivirus software supplied by Kaspersky Lab, due to concerns about the company’s ties to the Kremlin and Russian spy operations. Issued by Elaine Duke, acting secretary of the Department of Homeland Security (DHS), the directive comes in the wake of several open investigations regarding Russia’s interference in the 2016 presidential election.
While chief executive Eugene Kaspersky, an engineer trained at a KGB technical school, denies any wrongdoing, many U.S. officials believe the evidence against Kaspersky is proof the company has been working with the Russian government.
“This new report further underscores the overwhelming case against Kaspersky Lab,” said Senator Jeanne Shaheen (D., N.H.), who has redoubled her efforts in recent days to force the Trump administration to explain the potential damage caused by the use of Kaspersky in government computers. “These revelations should expedite efforts at the federal level to rid all federal infrastructure of Kaspersky Lab products,” she said.
And, notably, not all government officials worldwide agree with the U.S. assessment.
Germany’s BSI federal cyber agency said on Wednesday it had no evidence to back media reports that Russian hackers used Kaspersky Lab antivirus software to spy on U.S. authorities.
“There are no plans to warn against the use of Kaspersky products since the BSI has no evidence for misconduct by the company or weaknesses in its software,” BSI said in an emailed response to questions about the latest media reports. “The BSI has no indications at this time that the process occurred as described in the media.”