Report: Kaspersky Lab helped nab alleged classified data thief

Russian cybersecurity firm Kaspersky Lab was instrumental in helping capture Hal Martin, a former intelligence subcontractor currently on trial for hoarding classified data at his home, reports Kim Zetter at Politico.

Why it matters: It's a sympathetic twist for beleaguered Kaspersky Lab. U.S. lawmakers regularly accuse the antivirus firm of assisting Russian spies stealing classified intelligence data, and the Department of Homeland Security and Congress separately banned Kaspersky products from federal systems for security concerns.

Details: According to Politico, just half an hour before hackers known as the Shadow Brokers offered to auction off NSA hacking tools, a Twitter account tied to Martin sent cryptic messages to two Kaspersky Lab researchers. The messages led the Kaspersky employees to contact the NSA.

• Two direct messages from that Twitter account were referenced (sans recipients) in court documents last week — an offer to talk to "Yevgeny," taken to mean Kaspersky Lab founder Eugene Kaspersky; and a note that the "shelf life" of what they had to talk about was only "three weeks," which, given the Shadow Brokers' penchant for leaking documents, may have implied a connection to that case.
• Martin is not currently believed to have been involved in the Shadow Brokers incident. But during the investigation into the Shadow Brokers, investigators found a massive trove of classified data on Martin's home computer — the largest collection of improperly removed NSA data in history.

Kaspersky Antivirus, according to media reports, may have separately been wittingly or unwittingly involved in incidents of Russian spies stealing classified data. The virus scan tool was allegedly used to search for classified information in addition to viruses — which Kaspersky denies.

• If true, that could mean an active decision by Kaspersky to steal U.S. secrets. It could also mean that spies compromised Kaspersky infrastructure without the company's knowledge.