The concerns about Kaspersky Lab date back many years, in part because its founder, Eugene Kaspersky, attended a K.G.B. technical college and served in military intelligence. Tim Evans, a former National Security Agency lawyer, said that in 2008 he was dispatched by the agency to the United States Patent Office to retrieve every patent application filed by Kaspersky so that the agency could study the names of its employees for known officers of the F.S.B., the K.G.B.’s successor.
“This is an old question for N.S.A.,” said Mr. Evans, now with Adlumin, a cybersecurity contractor.
While federal prosecutors in Maryland are handling the case, the agency employee who took the documents home does not appear to have been charged. In the past, taking classified information from agency premises and storing it on an insecure computer has been considered a prosecutable offense. John M. Deutch, who served as director of the C.I.A. in 1995 and 1996, was investigated after classified information was found on his unclassified laptops. He agreed to plead guilty to a misdemeanor but was pardoned by President Bill Clinton.
The breach is only the latest blow to the National Security Agency, which for decades has broken foreign codes and eavesdropped on telephone and other communications. Today it devotes a huge effort as well to penetrating computer networks overseas to gather information.
In 2013, Edward J. Snowden, an agency contractor in Hawaii, took hundreds of thousands of classified documents, flew to Hong Kong and turned the material over to journalists. Last year, another contractor, Harold T. Martin III, was discovered to have taken an even larger quantity of agency data to his Maryland home, where he stored it in his car and in a shed in his yard. About the same time Mr. Martin was arrested, the unidentified Shadow Brokers began to post some of the agency’s most guarded software tools on the web.
“They just keep getting hammered,” said Robert S. Johnston, the president of Adlumin and another former agency officer. “N.S.A. used to say they’d never had a spy. That’s totally changed since 2013.”
Several former agency officers said the breach might not necessarily require complicity on the part of Kaspersky Lab. Antivirus software routinely scans files to hunt for malware and even uploads files to the cloud for particular study. By redirecting data between the contractor’s computer and Kaspersky back to their own servers, via a “man in the middle attack,” or hacking Kaspersky’s software and adding a back door, Russian operators could have potentially downloaded the contractor’s files without Kaspersky’s knowledge.
“Antivirus software could totally be used for espionage,” said Jake Williams, a former officer at the agency and the founder of Rendition Infosec, a cybersecurity contractor. “It looks damning for Kaspersky, but we don’t yet know the whole story.”
Continue reading the main story