Kaspersky has blamed a National Security Agency (NSA) contractor using pirated Office software for the leak of classified documents to their Moscow servers.
The US government had banned Kaspersky security software after classified files were uploaded to the Russian company. It’s alleged those documents where passed to the Kremlin.
Now Kaspersky has responded with their explanation of what happened back in 2014. In brief:
- An NSA contractor installed a key generator program. This makes fake Product Keys that activate Office without paying Microsoft.
- The ‘keygen’ program included a ‘backdoor’ program called ‘Equation’. That allowed hackers to access the computer. To assist the keygen installation, anti-virus software was temporarily disabled by the user.
- When the Kaspersky software was restarted it detected the Equation infection and determined it was a new variation.
- Because it was new to Kaspersky, the infected files including some documents were uploaded to the security company’s servers for analysis.
- After analysis, Kaspersky says it deleted the contractors files. The company says that nothing was shared with third-parties.
Kaspersky’s explanation is, at least, plausible. Whether you believe them, or the US government is another matter.
What’s alarming is the amount of private information available to the anti-virus software which is then uploaded to the company. That data is important for tracking infections and updating the AV software for all users but it’s also a security breach for anyone working with private info.
It’s surprising that a government contractor dealing with classified information is allowing information to be uploaded to any anti-virus vendor, let alone one based in a foreign country.
The danger of using ‘key generator’ software has been known for a long time. Too often these tempting money saving tools include unwanted ‘extras’.
Our advice on security software remains unchanged. Windows Defender in Windows 10 and Windows 8 is more than enough for most users. No additional security software is necessary not worth paying for. As long as you keep Windows Defender up to date, which it will by default. Defender has some options for limiting the information sent back to Microsoft, though some details might still be sent to Redmond.