A US government hacker who lost National Security Agency malware after stashing it on his home computer had himself been hacked when he downloaded pirate software, Kaspersky Lab has suggested.
An internal investigation at the Russian anti-virus company into allegations that its software was used to steal NSA hacking tools has uncovered evidence corroborating parts of those reports but also proving the firm's innocence, according to the company.
Kaspersky Lab has been at the centre of controversy in the US, where it has been banned from government networks amid media reports claiming its software could be used by the Kremlin for espionage.
The company has consistently denied the allegations and announced a transparency drive and internal investigation would take place to comfort customers and uncover the truth.
In his first interview with the media since the claims were made, the company's chief executive and namesake Eugene Kaspersky told Sky News it was "very possible" his company's software detected NSA malware.
The company has now stated that it's anti-virus product did detect new samples of NSA malware, with the software sending suspicious code to Kaspersky Lab's experts for analysis.
After this detection took place, Kaspersky Lab said the user "appears to have downloaded and installed pirated software on his machine, as indicated by an illegal Microsoft Office activation key generator… which turned out to be infected with malware."
To install and run the pirated software, the user would have had to have disabled the Kaspersky products on his machine, said the company – although it added it could not tell when it would have been disabled.
"The user was infected with this malware for an unspecified period, while the product was inactive. The malware [his computer was infected with] was a full blown backdoor which may have allowed third parties access to the user's machine," the firm said.
Eventually the user seemed to recognise that his computer was infected and he reenabled Kaspersky's anti-virus software, running multiple scans "which resulted in detections of new and unknown variants" of NSA malware.
Kaspersky Lab said that among the suspicious items identified was a 7zip archive, which an analyst found to contain multiple samples and source code for NSA hacking tools.
"After discovering the suspected [NSA] malware source code, the analyst reported the incident to the CEO," stated the company.
"Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties."
The company said it was planning to share "full information about this incident, including all technical details with a trusted third party" as part of its transparency initiative.