Kaspersky Did Nothing Wrong: Thieving NSA JaMoke Self-Stooged

theintercept |  Kaspersky Lab said an individual, believed to be one identified as a National Security Agency worker in news accounts, triggered the company’s antivirus software and paved the way for it to upload classified NSA files from his computer when he tried to pirate Microsoft Office and ended up infecting himself with malicious software.

The piracy claim is included in a set of preliminary findings released by the Moscow-based company from an internal investigation into a byzantine spying scandal that didn’t seem like it could get any more bizarre. A series of news reports this month, citing U.S. intelligence sources, asserted that the files on the worker’s computer, which included source code for sensitive hacking tools he was developing for the spy agency, were uploaded by Kaspersky security software and then collected by Russian government hackers, possibly with the company’s knowledge or help. Kaspersky has denied that it colluded with Russian authorities or knew about the worker incident as it was described in the press.

Details from the investigation, including the assertion that Kaspersky’s CEO ordered the files deleted after they were recognized as potential classified NSA material, could help absolve the antivirus firm of allegations that it intentionally searched the worker’s computer for classified files that did not contain malware. But they also raise new questions about the company’s actions, the NSA worker, and the spying narrative that anonymous government sources have been leaking to news media over the last two weeks.

After facing increasingly serious allegations of spying, Kaspersky provided The Intercept with a summary of preliminary findings of an internal investigation the company said it conducted in the wake of the news reports.

In its statement of findings, the company acknowledged that it detected and uploaded a compressed file container, specifically a 7zip archive, that had been flagged by Kaspersky’s software as suspicious and turned out to contain malware samples and source code for what appeared to be components related to the NSA’s so-called Equation Group spy kit. But the company said it collected the files in the normal course of its operations, and that once an analyst realized what they were, he deleted them upon the orders of CEO Eugene Kaspersky. The company also insists it never provided the files to anyone else.

Kaspersky doesn’t say the computer belonged to the NSA worker in question and says the incident it recounts in the report occurred in 2014, not 2015 as news reports state. But the details of the incident appear to match what recent news reports say occurred on the worker’s computer.

The NSA could not be reached for comment.