Mr. Wardle’s curiosity was piqued by recent news that Russian spies had used Kaspersky antivirus products to siphon classified documents off the home computer of an N.S.A. developer, and may have played a critical role in broader Russian intelligence gathering.
“I wanted to know if this was a feasible attack mechanism,” Mr. Wardle said. “I didn’t want to get into the complex accusations. But from a technical point of view, if an antivirus maker wanted to, was coerced to, or was hacked or somehow subverted, could it create a signature to flag classified documents?”
That question has taken on renewed importance over the last three months in the wake of United States officials’ accusations that Kaspersky’s antivirus software was used for Russian intelligence gathering, an accusation that Kaspersky has rigorously denied.
Last month, Kaspersky Lab sued the Trump administration after a Department of Homeland Security directive banning its software from federal computer networks. Kaspersky claimed in an open letter that “D.H.S. has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company.”
For years, intelligence agencies suspected that Kaspersky Lab’s security products provided a back door for Russian intelligence. A draft of a top-secret report leaked by Edward J. Snowden, the former National Security Agency contractor, described a top-secret, N.S.A. effort in 2008 that concluded that Kaspersky’s software collected sensitive information off customers’ machines.
The documents showed Kaspersky was not the N.S.A.’s only target. Future targets included nearly two dozen other foreign antivirus makers, including Checkpoint in Israel and Avast in the Czech Republic.
At the N.S.A., analysts were barred from using Kaspersky antivirus software because of the risk it would give the Kremlin broad access to their machines and data. But excluding N.S.A. headquarters at Fort Meade, Kaspersky still managed to secure contracts with nearly two dozen American government agencies over the last few years.
Last September, the Department of Homeland Security ordered all federal agencies to cease using Kaspersky products because of the threat that Kaspersky’s products could “provide access to files.”
A month later, The New York Times reported that the Homeland Security directive was based, in large part, on intelligence shared by Israeli intelligence officials who successfully hacked Kaspersky Lab in 2014. They looked on for months as Russian government hackers scanned computers belonging to Kaspersky customers around the world for top secret American government classified programs.
In at least one case, United States officials claimed Russian intelligence officials were successful in using Kaspersky’s software to pull classified documents off a home computer belonging to Nghia H. Pho, an N.S.A. developer who had installed Kaspersky’s antivirus software on his home computer. Mr. Pho pleaded guilty last year to bringing home classified documents and writings, and has said he brought the files home only in an attempt to expand his résumé.
Kaspersky Lab initially denied any knowledge or involvement with the document theft. But the company has since acknowledged finding N.S.A. hacking software on Mr. Pho’s computer and removing it, though the company said it had immediately destroyed the documents once it realized they were classified.
The company also said in November that in the course of investigating a surveillance operation known as TeamSpy in 2015, it had tweaked its antivirus program to scan files containing the word “secret.” The company said it had done this because the TeamSpy attackers were known to automatically scan for files that included the words “secret,” “pass” and “saidumlo,” the Georgian translation for the word secret.
Kaspersky continues to deny that it knew about the scanning for classified United States programs or allowed its antivirus products to be used by Russian intelligence. Eugene Kaspersky, the company’s chief executive, has said he would allow the United States government to inspect his company’s source code to allay distrust of its antivirus and cybersecurity products.
But Mr. Wardle discovered, in reverse-engineering Kaspersky antivirus software, that a simple review of its source code would do nothing to prove its products had not been used as a Russian intelligence-gathering tool.
Mr. Wardle found that Kaspersky’s antivirus software is incredibly complex. Unlike traditional antivirus software, which uses digital “signatures” to look for malicious code and patterns of activity, Kaspersky’s signatures are easily updated, can be automatically pushed out to certain clients, and contain code that can be tweaked to do things like automatically scanning for and siphoning off classified documents.
In short, Mr. Wardle found, “antivirus could be the ultimate cyberespionage spying tool.”
Mr. Wardle said it was relatively easy to use a vulnerability in Microsoft’s Windows software to manipulate the Kaspersky software. Because officials routinely classify top secret documents with the marking “TS/SCI,” which stands for “Top Secret/Sensitive Compartmented Information,” Mr. Wardle added a rule to Kaspersky’s antivirus program to flag any documents that contained the “TS/SCI” marker.
He then edited a document on his computer containing text from the Winnie the Pooh children’s book series to include the marking “TS/SCI” and waited to see whether Kaspersky’s tweaked antivirus product would catch it.
Sure enough, as soon as the Winnie the Pooh text was saved to his machine, Kaspersky’s antivirus software flagged and quarantined the document. When he added the same TS/SCI marker to another document containing the text “The quick brown fox jumps over the lazy dog,” it, too, was flagged and quarantined by Kaspersky’s tweaked antivirus program.
“Not a whole lot of surprise that this worked,” Mr. Wardle said, “but still neat to confirm that an antivirus product can be trivially, yet surreptitiously, used to detect classified documents.”
The next question was: What happens to these files once they are flagged? Mr. Wardle stopped short of hacking into Kaspersky’s cloud servers, where suspicious files are routinely uploaded.
However, he noted that antivirus customers, including Kaspersky’s, agreed by default to allow security vendors to send anything from their machine back to vendors’ servers for further investigation.
There are legitimate reasons for this: By uploading these items to Kaspersky’s cloud, security analysts can evaluate whether they pose a threat, and update their signatures as a result.
Kaspersky Lab said Mr. Wardle’s research did not reflect how the company’s software works.
“It is impossible for Kaspersky Lab to deliver a specific signature or update to only one user in a secret, targeted way because all signatures are always openly available to all our users; and updates are digitally signed, further making it impossible to fake an update,” the company said in a statement.
The company added that it applied the same security standards and maintained the same levels of access as other security vendors, and reiterated that it was willing to make its source code, threat detection rules and software updates available for audit by independent experts.
But, as Mr. Wardle’s research demonstrated, an untrustworthy vendor, or hacker or spy with access to that vendor’s systems, can abuse its deep access to turn antivirus software into a dynamic search tool, not unlike Google, to scan customers’ computers for documents that contain certain keywords.
“And no one would ever know,” he added. “It’s the perfect cybercrime.”