Worker who snuck NSA malware home had his PC backdoored, Kaspersky says

Enlarge (credit: Kaspersky Lab)

A National Security Agency worker who reportedly sneaked classified materials out of the agency stored them on a home computer that was later infected by a malicious backdoor that allowed third parties to remotely access the machine, officials with Moscow-based antivirus provider Kaspersky Lab said.

The NSA worker—described in some published reports as a contractor and in others as an employee—installed the backdoor after Kaspersky AV had first detected never-before-seen NSA malware samples on his computer. The backdoor was part of a pirated software package that the worker downloaded and installed. To run the pirated software, he first had to disable the AV program on his computer. After being infected, the worker re-enabled the AV program and scanned his computer multiple times, resulting in Kaspersky developing detections for new and unknown variants of the NSA malware.

The NSA worker’s computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.