Eugene Kaspersky - Co-founder and CEO, Kaspersky Lab. Photo via ARN
Moscow-based anti-virus software maker Kaspersky Lab said on Wednesday that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.
In September, U.S. officials ordered Kaspersky's products removed from government computers, saying the firm was vulnerable to Kremlin influence and that using the software could jeopardise national security.
After that announcement, the Wall Street Journal reported on 5 October that hackers working for the Russian government appeared to have targeted a National Security Agency (NSA) worker by using Kaspersky software to identify classified files in 2015.
The New York Times reported on 10 October that Israeli officials reported the operation to the United States after they hacked into Kaspersky's network.
The Russian government has denied any involvement.
Kaspersky began an internal inquiry in a bid to restore trust. On Wednesday, it said it had stumbled on the code in 2014 when the consumer version of its popular software flagged a zip file as malicious on a U.S. computer.
While reviewing the file's contents, a Kaspersky analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The software removed the file and the analyst reported the matter to CEO Eugene Kaspersky, who ordered that the copy of the code be destroyed, the company said.
Kaspersky said it assumed the 2014 source code episode was connected to the NSA's loss of files described in media reports.
"We deleted the archive because we don't need the source code to improve our protection technologies and because of concerns regarding the handling of classified materials," said Kaspersky spokeswoman Sarah Kitsos.
Source code, which is normally hidden and gives instructions to computers, would have posed no danger to the Kaspersky customer.
Former employees told Reuters in July that the company had on rare occasions removed uninfected files. Kaspersky spokeswoman Yuliya Shlychkova on Wednesday said removals of such uninfected material happen "extremely rarely."
Kaspersky said no third parties saw the code, though the media reports said the spy tool had ended up in the hands of the Russian government.
Kaspersky denied the Journal's report that its programs searched for keywords including "top secret."
The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American's computer through a back door it later spotted there.
The NSA declined to comment on Kaspersky's review.
Sign up for Computerworld eNewsletters.