Russian hackers allegedly steal NSA programs via Kaspersky vulnerability

Hackers linked to Moscow stole information on USA spying tools after a National Security Agency worker transferred the classified material to his home computer, unnamed intelligence officials said.

According to a report by the Wall Street Journal, the attackers stole the NSA's confidential data by exploiting Kaspersky's anit-virus software, which the NSA contractor was using.

According to the report the theft happened in 2015, shortly before the hacking group Shadow Brokers began leaking similar information on the internet and before an NSA contractor, Harold Martin, was arrested for taking a massive supply of classified NSA documents home so he could work on them. There were concerns the company may be used by the Kremlin.

The information could give Russian Federation a roadmap on how the US defends against cyber attacks, the Wall Street Journal suggested, and could hinder the NSA from functioning. However, despite United States authorities mounting concerns on Kaspersky and its alleged ties to the Kremlin, the USA government is yet to provide any tangible evidence backing its allegations against the Moscow-based cybersecurity firm.

According to anonymous sources, a malicious code let hackers steal classified code, documentation and some other sensitive data. Kaspersky has been accused of using very aggressive methods to hunt for and identify malware, creating actual copies of files they find to be "interesting". It also could give the Russians methods to infiltrate the networks of the US and other nations, these people said.

"If we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn't they report it to us?" he queried.

'As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russian Federation, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.

More news: Euro Papers: Everton target PSG's Edinson Cavani

The contractor used anti-virus software made by Kaspersky Lab, a Russian cybersecurity firm headquartered in Moscow.

At a Senate intelligence committee hearing in May, top USA officials were asked whether they would be comfortable with Kaspersky software on their computers. After Snowden and Booz Allen, this is the third instance of an unnamed NSA contractor breaching NSA security.

Kaspersky Lab, which has 400 million customers globally, has denied it spies for the Russian government.

Reports are claiming that it may have helped Russian spies in gaining access to some critical information.

US Senator Ben Sasse, a member of the Armed Services Committee, chastised the NSA in a statement. The men and women of the U.S. Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem.

"It's basically the equivalent of digital dumpster diving", said Blake Darché, a former NSA employee who worked in the agency's elite hacking group that targets foreign computer systems.

  • Adam Floyd