U.S. government sources, quoted in news reports, suggested the Moscow-based company colluded with the hackers to steal classified documents or tools from the worker's machine, or at least turned a blind eye to this activity. The Department of Homeland Security banned Kaspersky products from civilian government systems, and Best Buy has removed the software from computers it sells based on concerns that the software can be used to spy on customers.
But a closer look at the allegations and technical details of how Kaspersky's products operate raises questions about the accuracy of the narrative being woven in news reports and suggests that U.S. officials could be technically correct in their statements about what occurred, while also being incorrect about collusion on the part of Kaspersky.
Initial reports suggested the Russian hackers siphoned the files by hijacking Kaspersky software installed on the NSA employee's machine — without the antivirus firm's knowledge. But subsequent stories in the New York Times and Wall Street Journal include assertions or suggestions that the company was complicit.
"There is no way, based on what the software was doing, that Kaspersky couldn't have known about this," an anonymous former U.S. official told the Journal. The software "would have had to be programmed to look for specific keywords, and Kaspersky's employees likely would have known that was happening," the source said, calling the company a "witting partner."