Cybersecurity

Russian hackers stole NSA tools using Kaspersky antivirus: report

by Joe Uchill

Russian state hackers stole a collection of National Security Agency (NSA) hacking tools and other documents from the personal computer of an agency contractor who had taken the classified documents home from work, reports The Wall Street Journal.

The reported breach took place in 2015 but wasn’t discovered until spring of last year. 

The Journal reports that the hackers identified the documents through Kaspersky Lab antivirus software. The Department of Homeland Security recently barred federal agencies from using Kaspersky Lab products due to security concerns but has been tight-lipped about what intelligence linked the popular, Moscow-based computer security firm to specific intelligence operations.

{mosads} 

White House cyber czar Rob Joyce has, however, repeatedly said that the Kaspersky Lab software’s ability to access files on systems could be a potential way to compromise a system. 

Kaspersky Lab denied any knowledge of any role in the attack, but decried “news coverage of unproven claims continu[ing] to perpetuate accusations about the company” in a written statement.  
 
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” the company said.
 
A spring discovery would mean the NSA became aware of the breach just weeks before two other significant security incidents for the agency: A cryptic group known as the ShadowBrokers starting to leak alleged NSA hacking tools online and contractor Hal Martin III was arrested for hoarding classified information on his home computer.

The Journal story says the breach is unrelated to the Martin incident and it is unclear if the event is related to the ShadowBrokers. The ShadowBrokers releases, however, appear to be of files from 2013 and earlier, two years before the alleged Russian hacking incident.

In a statement on the breach, Sen. Ben Sasse (R-Neb.) said the NSA should re-examine its use of contractors. Contractors have been the apparent sources of a number of intelligence leaks, dating back to Edward Snowden. 

“The men and women of the U.S. Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.”

“This development should serve as a stark warning, not just to the federal government, but to states, local governments, and the American public, of the serious dangers of using Kaspersky software,” said Sen. Jeanne Shaheen (D-N.H.) in a statement on Thursday.

Shaheen has been actively involved in efforts to reduce Kaspersky Lab’s footprint, including a September opinion piece in The New York Times railing against government use.

“The recent order to remove Kaspersky from all federal infrastructure is absolutely necessary, however, the Trump administration should take further steps, including declassifying information on Kaspersky Lab to raise awareness. It’s a disservice to the public and our national security to continue withholding this information,” she later added.

This story was updated at 2:20 p.m.

Cybersecurity