Russian Hackers ‘Used Antivirus Software’ To Steal NSA Data

Russian hackers reportedly used Kaspersky Lab security products in a a highly damaging theft of US National Security Agency (NSA) data.

The ‘Russian government-backed hackers’ allegedly stole highly classified NSA secrets in 2015, after an NSA contractor put information on his home computer.

The Russians were reportedly able to steal information about the NSA’s ability to penetrate foreign computer networks and its protection measures against cyber attacks.

NSA Hacked?

The allegations that the Russians were able to hack the NSA was reported by two newspapers, firstly by the Wall Street Journal, and then the Washington Post, both of whom citing several individuals familiar with the matter.

It seems that the NSA contractor had taken classified material home to work on it on his home computer.

According to the reports, his home computer was running Kaspersky’s AV software, flaws in which apparently enabled the Russian government-backed hackers to see his files. This case apparently took place in 2015 and was not made public at the time. It is still being investigated by federal prosecutors.

The NSA has reportedly declined to comment on the breach but the contractor at the heart of this story is said to be a US citizen born in Vietnam working at the NSA’s Tailored Access Operations, an elite hacking division of the NSA that develops tools to penetrate computers overseas to gather foreign intelligence.

The contractor was ‘removed’  from his job after the hack was discovered, but he is not thought to have acted maliciously (i.e like a spy), although taking highly sensitive material home was unlikely to have been sanctioned by NSA officials.

Where there is no doubt is that the theft of the NSA data was highly damaging, as it apparently allowed the Russian government to more easily detect and evade US government cyber-espionage operations, thwart defensive measures and track US activities.

Fuel To The Fire

The alleged use of Kaspersky’s antivirus software adds fuel to an ongoing dispute between it and the US government. The company’s products are not allowed on systems belonging to the US Department of Homeland Security (DHS) and the US military amid national security concerns.

Kaspersky Lab for its part has always adamantly denied working with or for the Russian government and CEO Eugene Kaspersky has offered to give American authorities access his company’s source code in an attempt to dispel rumours about ties to the Russian government.

“Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company,” a Kaspersky Lab spokesperson told Silicon.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Eugene Kaspersky himself has described the allegations as “sensationalist” and akin to the “script of a C movie.” In a blog post defending his company and its commitment to protecting users from cyberthreats, he said it would be impossible for any rogue employee to infiltrate the company without being noticed.

He said that Kaspersky Labs’ internal security team, along with bug bounty programmes, aimed to find flaws in its software, acknowledging that software can have mistakes and that no security vendor can guarantee there are no issues.

But if there was a vulnerability in its code, Kaspersky asked why the NSA didn’t report it when it was discovered.

“If we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?” he queried.

“We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I can’t imagine an ethical justification for not doing so.”

What do you know about cybersecurity 2017? Try our quiz!