U.S. imposes major sanctions on Russian oligarchs, officials

FILE PHOTO: Russian tycoon and President of RUSAL Oleg Deripaska listens during the "Regions in Transformation: Eurasia" event in Davos, Switzerland January 22, 2015. REUTERS/Ruben Sprich/File Photo

By Lesley Wroughton and Patricia Zengerle

WASHINGTON (Reuters) – The United States imposed major sanctions on Friday against 24 Russians, striking at allies of President Vladimir Putin in one of Washington’s most aggressive moves to punish Moscow for what it called a range of “malign activity,” including alleged meddling in the 2016 U.S. election.

The action, taken under pressure from the U.S. Congress, freezes the U.S. assets of “oligarchs” such as aluminum tycoon Oleg Deripaska, a close associate of Putin, and lawmaker Suleiman Kerimov, whose family controls Russia’s largest gold producer, Polyus.

The sanctions are largely a reply to what U.S. intelligence agencies say was Russian interference in the presidential election, although the Treasury Department painted them as a response to a series of adversarial actions by Moscow.

U.S. President Donald Trump has been under fire for not taking strong action against Russia after a series of diplomatic disputes reminiscent of the Cold War era and the sanctions could complicate his hopes for good relations with Putin.

The sanctions are aimed at seven Russian oligarchs and 12 companies they own or control, plus 17 senior Russian government officials. They freeze the U.S. assets of the people and companies named and forbid Americans in general from doing business with them.

Russian Security Council Secretary Nikolai Patrushev said, however, Moscow’s contacts with the U.S. government would not be brought to an end by the sanctions. Russia denies interfering in the U.S. election.

They could hurt the Russian economy, especially the aluminum, financial and energy sectors, and are a clear message to Putin and his inner circle of U.S. displeasure.

In announcing the sanctions, Treasury Secretary Steve Mnuchin said in a statement, “The Russian government operates for the disproportionate benefit of oligarchs and government elites.”

He said Moscow “engages in a range of malign activity around the globe, including continuing to occupy Crimea and instigate violence in eastern Ukraine, supplying the Assad regime with material and weaponry as they bomb their own civilians, attempting to subvert Western democracies, and malicious cyber activities.”

Shares in Russian aluminum producer Rusal were down 2.2 percent on Moscow’s exchange after the company was named on the sanctions list.

Russian state companies under the U.S. sanctions will receive additional government support, Russian Industry and Trade Minister Denis Manturov said, according to Interfax.

MUELLER INVESTIGATION

U.S. intelligence agencies last year accused Russia of using hacking and disseminating false information and propaganda to disrupt the 2016 elections and eventually try to ensure Trump defeated Democratic candidate Hillary Clinton.

Special Counsel Robert Mueller is investigating whether Trump’s election campaign colluded with Russia, something that Trump denies. Mueller has indicted 13 Russians and three organizations in his probe.

Elizabeth Rosenberg, a former senior U.S. Treasury Department official who is now a senior fellow at the Center for a New American Security think tank, said the sanctions were significant, although there is more to do.

“I’m impressed by how aggressive this is,” she said. “I thought it would be serious and this is certainly a very serious statement of U.S. policy.

“I would hasten to say that Russia hawks may welcome this but wouldn’t find it satisfying. And by no means would this be the sum total of what the U.S. government should do to advance its concerns.”

Trump has faced fierce criticism – including from fellow Republicans – for doing too little to punish Russia for the election meddling, aggression in Ukraine, and support of President Bashar al-Assad in Syria’s civil war.

He angered many members of Congress by failing for months to implement sanctions on Russia that lawmakers passed nearly unanimously last year.

But pressure for the United States to take action against Russia, especially from U.S. lawmakers, has been increasing.

Putin’s government has been blamed for the poisoning of a former Russian double agent living in Britain last month and the United States and several European states announced plans to expel more than 100 Russian diplomats in response.

In February, the White House blamed Russia for the international “NotPetya” cyber attack, which has been called the most destructive and costly in history.

On March 15, the Trump administration said it would impose sanctions on 19 people and five entities, including Russian intelligence services, for cyber attacks stretching back at least two years.

Friday’s sanctions were authorized by the Countering America’s Adversaries Through Sanctions Act, known as CAATSA, which Trump reluctantly signed into law in August.

Chris Painter, the former top cyber diplomat at the U.S. State Department, said the latest sanctions are unlikely to deter the Kremlin unless Trump formally condemns Putin.

Painter, who left government last year, criticized Trump’s rhetoric toward Putin – including a congratulatory call last month when Putin won another presidential term in a widely criticized election.

“We need the head of our country saying, ‘This is not going to happen,'” Painter said. “That’s a critical piece.”

(Reporting by Lesley Wroughton and Patricia Zengerle; Additional reporting by Doina Chiacu, Tim Ahmann and Susan Heavey; Writing by Alistair Bell; Editing by Yara Bayoumy and Bill Trott)

Facebook to change privacy controls in wake of data scandal

Figurines are seen in front of the Facebook logo in this illustration taken March 20, 2018. REUTERS/Dado Ruvic

By Julia Fioretti

BRUSSELS (Reuters) – Facebook announced a series of changes on Wednesday to give users more control over their data, after a huge data scandal which has wiped more than $100 billion from its stock market value.

The company has faced a global outcry after a whistleblower revealed, on March 17, that data from 50 million users was improperly harvested to target U.S. and British voters in close-run elections.

“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” Erin Egan, Vice President and Chief Privacy Officer, and Ashlie Beringer, Vice President and Deputy General Counsel at Facebook, wrote in a blog post.

“So in addition to Mark’s announcements last week – cracking down on abuse of the Facebook platform, strengthening our policies, and making it easier for people to revoke apps’ ability to use your data – we’re taking additional steps in the coming weeks to put people in more control over their privacy.”

The measures come ahead of a landmark European Union data protection law in May. The social network will add a new “Privacy Shortcuts” menu which will let users worldwide review what they’ve shared and delete it, as well as features enabling them to download their data and move it to another service.

Facebook shares have fallen almost 18 percent since March 17. Users’ data was improperly accessed by British political consultancy Cambridge Analytica, which was hired by Donald Trump’s 2016 presidential campaign.

The company’s CEO, Mark Zuckerberg, has repeatedly apologized and bought full-page advertisements in U.S. and British newspapers promising to do more to restrict access to users’ information.

While Facebook said on Wednesday the changes it was announcing had been in the works for some time, it said the events of the “past several days underscore their importance.”

The Privacy Shortcuts menu will allow users to control their data in a few taps, including by letting them add more protection to their account, like two-factor authentication.

“You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook,” Egan and Beringer wrote.

Users will also be able to manage the information Facebook utilizes to serve them ads and download the data they have shared with Facebook – including photos, contacts and posts – and move it to another service.

The EU General Data Protection Regulation enters into force on May 25 and requires companies to give people a “right to portability”, namely to take their data with them.

It also introduces hefty fines for companies breaking the law, running up to 4 percent of global revenues.

Lawmakers in the United States and Europe are demanding to know more about Facebook’s privacy practices and Zuckerberg is due to testify before the U.S. Congress.

(Reporting by Julia Fioretti; Editing by Elaine Hardcastle)

Fewer Russian spies in U.S. but getting harder to track

FILE PHOTO: A sign at the gated entrance of the Consulate General of the Russian Federation in Seattle, Washington, U.S., March 26, 2018. REUTERS/Lindsey Wasson/File Photo

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – The U.S. decision to expel 60 alleged spies is unlikely to cripple Russian spying in the United States because others have wormed and hacked their way into American companies, schools, and even the government, current and former U.S. officials said.

Moscow’s spy services still use the cover of embassies and consulates, as Washington does. But they also recruit Russian emigres, establish front companies, dispatch short-term travelers to the United States, recruit Americans, and penetrate computer networks, the officials said.

“Russia used to have one way of doing things. Now, Putin is – let a thousand flowers bloom,” a former senior U.S. official said in a recent interview, describing Moscow’s move to a more multifaceted approach under President Vladimir Putin, a former Soviet spy himself.

The FBI follows the movements and monitors the communications of suspected foreign spies, but the increased Russian presence and the advent of commercially available encrypted communications are an added challenge to the FBI’s counter-espionage force, said the officials, some of whom spoke on condition of anonymity to discuss the sensitive topic.

As one U.S. official put it when asked if Russian spying is a harder target: “It’s more complex now. The complexity comes in the techniques that can be used.”

While the CIA tracks foreign spies overseas and the National Security Agency monitors international communications, the FBI is responsible for spy-catching inside the United States.

The White House on Monday said it would expel 60 Russian diplomats, 12 of them at the U.N. mission, and close the Russian consulate in Seattle as part of a multi-nation response to the Kremlin’s alleged nerve agent attack on a former Russian spy in Britain.

Briefing reporters, a senior U.S. official said there were “well over” 100 Russian spies posing as diplomats in the United States before the expulsion order.

A veteran U.S. official charged with keeping tabs on Russian espionage said the administration downplayed the number of suspected Russian spies working under diplomatic cover to avoid giving the Russians a clearer picture of how many people are under surveillance.

The actual number varies over time, but “it averages more like 150 or so,” the official said.

“We’ve got a very, very, very good counter-intelligence apparatus,” said Robert Litt, a former general counsel for the U.S. Director of National Intelligence. “There are a lot of people in the FBI whose job it is to track these people – and they’re very good at it.”

TAKES TEN TO TANGO

Still, it can take 10 or more U.S. trained FBI and local law enforcement officers to keep tabs on one trained spy for a 24-hour period – covering back entrances to buildings and multiple elevators, and being alert for changes in clothes, cars and even hairpieces, the same official said.

One Russian tactic is sending a large number of people, including just one or two intelligence officers, streaming out of a diplomatic mission at once, making it harder for the FBI to decide whom to follow, said a former U.S. intelligence officer, also speaking on the condition of anonymity.

Microsoft Corp. was one target of the Russian espionage operation in Seattle, U.S. officials familiar with the expulsions said. One goal was identifying targets for recruitment in the company’s coding operations because the company’s products are used in so many applications, they said.

Microsoft declined comment.

In 2010, Alexey Karetnikov, a 23-year-old Russian spy who had worked at testing computer code in Microsoft’s Richmond, Wash., headquarters, was deported by an immigration judge.

Several of the officials traced the Kremlin’s more aggressive spying approach to Putin’s 2012 return to the presidency, and Moscow’s 2014 seizure of Crimea and intervention in eastern Ukraine.

“We observed a commensurate uptick in Russian intelligence and espionage activity in the U.S. and across Europe, although few analysts connected the dots,” said Heather Conley, a former State Department official now at the Center for Strategic and International Studies think tank.

Michael Rochford, a former FBI chief for espionage, said the mass expulsion of suspected spies posing as diplomats will affect Russia’s security services and dent morale at their Moscow headquarters.

After past expulsions, he said, Russian spies have handed their operations over to officers who remain behind, or to “illegals” – long-term agents with no demonstrable connections to the Russian government.

The risk, he said, is that when Moscow replaces the expelled personnel, it will not be clear who the new spies are.

“Sometimes it’s better to know who they are and follow them,” he said.

(Additional reporting by Jonathan Landay; Editing by Mary Milliken and James Dalgleish)

Malicious cyber activity cost U.S. economy $57 billion – $109 billion in 2016: White House report

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration -

WASHINGTON (Reuters) – A White House report estimated on Friday that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.

The estimate was contained in a report by the White House Council of Economic Advisers on the economic costs of cyber threats.

The report quoted the U.S. intelligence community as saying the main foreign culprits responsible for much cyber activity are Russia, China, Iran and North Korea.

(Reporting By Steve HollandEditing by Chizu Nomiyama)

‘Olympic Destroyer’ malware targeted Pyeongchang Games: firms

Performers appear during the opening ceremonies at the 2018 Winter Olympics at the Pyeongchang Olympic Stadium in Pyeongchang, South Korea February 9, 2018. REUTERS/Christof Stache/File Photo

By Jim Finkle

(Reuters) – Several U.S. cyber security firms said on Monday that they had uncovered a computer virus dubbed “Olympic Destroyer” that was likely used in an attack on Friday’s opening ceremony of the Pyeongchang Winter Games.

Games Organizers confirmed the attack on Sunday, saying that it affected internet and television services but did not compromise critical operations. Organizers did not say who was behind the attack or provide detailed discussion of the malware, though a spokesman said that all issues had been resolved as of Saturday.

Researchers with cyber security firms Cisco Systems Inc, CrowdStrike and FireEye Inc said in blog posts and statements to Reuters on Monday that they had analyzed computer code they believed was used in Friday’s attack.

All three security companies said the Olympic Destroyer malware was designed to knock computers offline by deleting critical system files, which would render the machines useless.

The three firms said they did not know who was behind the attack.

“Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony,” Cisco said in its blog.

The attack took the Olympics website offline, which meant that some people could not print out tickets and WiFi used by reporters covering the games did not work during the opening ceremony, according to Cisco.

The attack did not affect the performance of drones, which were initially scheduled to be included in the opening ceremony, but later pulled from the program, organizers said in a statement.

The drone light show was canceled because there were too many spectators standing in the area where it was supposed to take place, the statement said.

(Reporting by Jim Finkle in Toronto; Editing by David Gregorio, Andrew Hay and Cynthia Osterman)

Hackers halt plant operations in watershed cyber attack

Hackers halt plant operations in watershed cyber attack

By Jim Finkle

(Reuters) – Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.

FireEye Inc <FEYE.O> disclosed the incident on Thursday, saying it targeted Triconex industrial safety technology from Schneider Electric SE <SCHN.PA>.

Schneider confirmed that the incident had occurred and that it had issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including at nuclear facilities, and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cyber-security company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believe the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure, cyber experts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said.

Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cyber-security firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attacker’s actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation.

The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers intended to launch an attack that disrupted or damaged the plant, he said.

PUBLIC WARNINGS

The U.S. government and private cyber-security firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and others to attack companies that run critical infrastructure plants in what they say are primarily reconnaissance operations.

CyberX Vice President Phil Neray said his firm found evidence that the malware was deployed in Saudi Arabia, which could suggest that Iran may be behind the attack.

Security researchers widely believe that Iran was responsible for a series of attacks on Saudi Arabian networks in 2012 and 2017 using a virus known as Shamoon.

Schneider provided Reuters with a customer security alert, dated Wednesday, which said it was working with the U.S. Department of Homeland Security to investigate the attack.

“While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors,” the alert said.

Department of Homeland Security spokesman Scott McConnell said the agency was looking into the matter “to assess the potential impact on critical infrastructure.”

The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was discovered last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

(Reporting by Jim Finkle in Toronto; Editing by Susan Thomas)

UK shipping firm Clarkson reports cyber attack

UK shipping firm Clarkson reports cyber attack

(Reuters) – British shipping services provider Clarkson Plc <CKN.L> on Wednesday said it was the victim of a cyber security hack and warned that the person or persons behind the attack may release some data shortly.

The company’s disclosure, while a relatively rare event in Britain, follows a series of high-profile hacks in corporate America.

Clarkson is one of the world’s main shipbrokers, sourcing vessels for the world’s largest producers and traders of natural resources. It also has a research operation which collects and analyses data on merchant shipping and offshore markets.

The London-headquartered company said it had been working with the police on the incident but did not provide any details about the scale or type of data stolen.

“As soon as it was discovered, Clarksons took immediate steps to respond to and manage the incident,” the company said.

“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled.”

The company said it is in the process of contacting potentially affected clients and individuals directly, and that it has been working with data security specialists to probe further.

(Reporting by Rahul B in Bengaluru; Editing by Maju Samuel and Patrick Graham)

Nepal bank latest victim in heists targeting SWIFT system

Nepal bank latest victim in heists targeting SWIFT system

By Gopal Sharma

KATHMANDU (Reuters) – A bank in Nepal is the latest victim in a string of cyber heists targeting the global SWIFT bank messaging system, though most of the stolen funds have been recovered, two officials involved in the investigation confirmed on Tuesday.

Hackers last month made about $4.4 million in fraudulent transfers from Kathmandu-based NIC Asia Bank to countries including Britain, China, Japan, Singapore and the United States when the bank was closed for annual festival holidays, according to Nepal media reports.

All but $580,000 of the funds were recovered after Nepal asked other nations to block release of the stolen money, Chinta Mani Shivakoti, deputy governor of the Central Nepal Rastra Bank (NRB), told Reuters.

Brussels-based SWIFT said last month that security controls instituted after last year’s $81 million theft from Bangladesh’s central bank helped thwart some recent hacking attempts, but it warned that cyber criminals continue to target SWIFT customers.

SWIFT or the Society for Worldwide Interbank Financial Telecommunication is a co-operative owned by its user banks. It declined to comment on the NIC Asia Bank hack, saying it does not discuss specific users.

Representatives with NIC Asia Bank, one of dozens of private banks in Nepal, were not available for comment.

The chief of Nepal’s Central Investigation Bureau, Pushkar Karki, confirmed to Reuters that his agency was investigating the theft.

KPMG is also involved in the investigation, according to Nepali media reports. KPMG representatives could not immediately be reached for comment.

The central bank intends to release guidelines on how to thwart such incidents after investigations are completed, according to Shivakoti.

“The incident showed there are some weaknesses with the IT department of the bank,” Shivakoti said.

SWIFT said in a statement on Tuesday that it offers assistance to banks when it learns of potential fraud cases, then shares relevant information with other clients on an anonymous basis.

“This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves,” it said.

“We have no indication that our network and core messaging services have been compromised,” SWIFT added.

(Reporting by Gopal Sharma, additional reporting by Jeremy Wagstaff in Singapore and Jim Finkle in Toronto; Editing by Richard Balmforth and Matthew Lewis)

Global Banks fearing North Korea hacking, prepare defenses

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017.

By Jim Finkle and Alastair Sharp

WASHINGTON/TORONTO (Reuters) – Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded $81 million, according to Dmitri Alperovitch, chief technology officer at cyber security firm CrowdStrike.

Alperovitch told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s &lt;6758.T&gt; Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the U.S. government that it has carried out cyber attacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cyber security expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between U.S. President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former U.S. assistant attorney general, told the Reuters summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?'” said Carlin, chair of Morrison &amp; Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about U.S. retaliation.

Representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, declined to comment. Both have ramped up cyber security oversight in recent years.

 

 

(Reporting by Jim Finkle in Washington and Alastair Sharp in Toronto; additional reporting by Dustin Volz in Washington; editing by Grant McCool)

 

Kaspersky says it obtained suspected NSA hacking code from U.S. computer

Kaspersky says it obtained suspected NSA hacking code from U.S. computer

By Joseph Menn

SAN FRANCISCO (Reuters) – Moscow-based Kaspersky Lab on Wednesday acknowledged that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.

The admission came in a statement from the embattled company that described preliminary results from an internal inquiry it launched into media reports that the Russian government used Kaspersky anti-virus software to collect National Security Agency technology.

While the explanation is considered plausible by some security experts, U.S. officials who have been campaigning against using Kaspersky software on sensitive computers are likely to seize on the admission that the company took secret code that was not endangering its customer to justify a ban.

Fears about Kaspersky’s ties to Russian intelligence, and the capacity of its anti-virus software to sniff out and remove files, prompted an escalating series of warnings and actions from U.S. authorities over the past year. They culminated in the Department of Homeland Security last month barring government agencies from using Kaspersky products.

In a statement, the company said it stumbled on the code a year earlier than the recent newspaper reports had it, in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.

While reviewing the file’s contents, an analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the company’s copy of the code be destroyed, the company said.

“Following a request from the CEO, the archive was deleted from all our systems,” the company said. It said no third parties saw the code, though the media reports had said the spy tool had ended up in Russian government hands.

The Wall Street Journal said on Oct. 5 that hackers working for the Russian government appeared to have targeted the NSA worker by using Kaspersky software to identify classified files. The New York Times reported on Oct. 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Kaspersky did not say whether the computer belonged to an NSA worker who improperly took home secret files, which is what U.S. officials say happened. Kaspersky denied the Journal’s report that its programs searched for keywords including “top secret.”

The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there.

The new 2014 date of the incident is intriguing, because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project.

Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.

Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.

It also did not say how often it takes uninfected, non-executable files, which normally would pose no threat, from users’ computers.

Former employees told Reuters in July that the company used that technique to help identify suspected hackers. A Kaspersky spokeswoman at the time did not explicitly deny the claim but complained generally about “false allegations.”

After that, the stories emerged suggesting that Kaspersky was a witting or unwitting partner in espionage against the United States.

Kaspersky’s consumer anti-virus software has won high marks from reviewers.

It said Monday that it would submit the source code of its software and future updates for inspection by independent parties.

(Reporting by Joseph Menn in San Francisco; Editing by Jim Finkle and Eric Auchard)