The Moscow-based company Kaspersky Lab has acknowledged that its antivirus software took source code for a secret U.S. hacking tool from a personal computer in the United States.
The admission came in an October 25 statement on the preliminary results of an internal inquiry that the company launched after media reported that the Russian government used its antivirus software to collect U.S. National Security Agency (NSA) technology.
Concerns about Kaspersky's activities prompted the U.S. Department of Homeland Security last month to bar government agencies from using the company’s products.
Kaspersky said that in 2014, the consumer version of its popular product analyzed questionable software from a computer in the United States -- which media reports said belonged to an NSA worker -- and found a zip file that was flagged as malicious.
While reviewing the file's contents, an analyst discovered it contained the source code for a hacking tool.
The statement said that the matter was reported to Kaspersky CEO Yevgeny Kaspersky, who ordered that the company's copy of the code be destroyed, and that after that “the archive was deleted from all our systems."
The statement came after The Wall Street Journal reported on October 5 that the Russian government was able to modify Kaspersky software to turn it into an espionage tool.
And on October 10, The New York Times reported that Israeli intelligence officials have determined that Russian government hackers have used Kaspersky's software for espionage.
The Kremlin described the reports indicating that Kaspersky has been used as a conduit for Russian espionage as "absurd."