For a while now, the US has claimed that Kaspersky was a tool of the Russian secret services and ordered the av software to be taken off government servers.
However, it has now been revealed that the 2016 arrest of a former National Security Agency contractor charged with a massive theft of classified data began thanks to a Kaspersky tip.
Kaspersky Lab turned Harold T. Martin III in to the NSA after receiving strange Twitter messages in 2016 from an account linked to him.
Kaspersky passed the US government five messages from an anonymous Twitter account named @HAL999999999 to two researchers at the company. The first message, sent August 15, 2016, requested that a researcher facilitate a conversation with "Yevgeny," the given name of Kaspersky Lab founder and CEO Eugene Kaspersky. "So, figure out how we talk... With Yevgeny present," the message read. The second message: "Shelf life, three weeks."
The messages came just 30 minutes before someone calling themselves Shadow Brokers dumped a link to a collection of NSA tools in a Tumblr post and announced additional tools would be auctioned off for 1 million Bitcoin.
After responding to the messages, both Kaspersky researchers were promptly blocked by the @HAL999999999 account, according to Politico's sources. Analysis of the account by Kaspersky researchers linked it to Martin and work he did for the US intelligence community. That prompted Kaspersky employees to reach out to the NSA, as they believed it might be connected to the Shadow Brokers case.
If the story is true, then it means that the company dubbed as the “greatest threat to US security” was doing the NSA’s job and spotting security threats against Russian interest.
The US government’s own internal monitoring systems and investigators had little to do with catching Martin, who prosecutors say took home an estimated 50 terabytes of data from the NSA and other government offices over a two-decade period, including some of the NSA's most sophisticated and sensitive hacking tools.