Report: NSA Secrets Stolen From Computer Using Kaspersky Software

Hack Reportedly Occurred in 2015, But Was Discovered This Spring
Report: NSA Secrets Stolen From Computer Using Kaspersky Software
Kaspersky Labs CEO Eugene Kaspersky characterizes the breach report as "a new conspiracy theory."

Agents tied to the Kremlin breached a home computer of a National Security Agency contractor that ran anti-virus software from Russian-owned Kaspersky Labs, pilfering details on how the U.S. penetrates networks and defends against cyberattacks, according to the Wall Street Journal. The contractor had removed the highly classified material and put it on his home computer, the newspaper reports.

See Also: ON-DEMAND WEBINAR: Secure Your Applications: Learn How to Prevent AI-Generated Code Risks

The hackers appear to have targeted the contractor after identifying the files on the home computer through the contractor's use of Kaspersky security software, sources with knowledge of the matter told the newspaper.

The breach occurred in 2015 but wasn't uncovered until this past spring, according to the news report, which added that the stolen data included specifics about how the NSA infiltrates foreign IT networks, the computer code it uses for such spying and how it defends networks inside the U.S.

Three weeks ago, the Trump administration ordered U.S. federal executive branch agencies to remove Kaspersky anti-virus software from their computers within 90 days (see Kaspersky Software Ordered Removed From US Gov't Computers). At the time, the Department of Homeland Security issued a statement that said Kaspersky security products pose a risk to federal information systems because they provide broad access to files and elevated privileges on the computers where they're installed that could be exploited by malicious cyber actors to compromise those IT systems. A bill funding the military that the Senate passed last month would ban use of Kaspersky software in the armed services.

Kaspersky Denies Report

In a statement to the Journal, Kaspersky Lab said it "has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation."

Company CEO Eugene Kaspersky characterized the Journal story as a "new conspiracy theory. ... We make no apologies for being aggressive in the battle against cyberthreats."

Kaspersky has long maintained it does not do work for any government, including Russia's (see Kaspersky Lab Debate: Put Up or Shut Up).

'Data Goes Back to Russia'

Earlier this week, speaking at a cybersecurity forum sponsored by the Washington Post, White House Cybersecurity Coordinator Rob Joyce hinted about how the Russian government could exploit Kaspersky software.

Joyce pointed out that anti-virus software runs at the very lowest level of the operating system. "It's designed to scan every file on your computer," he said. "It scans those files looking for things based on a series of commands that come from the company. That company is a Russian company. ... That data comes off your machine and goes back to Russia; it's vulnerable and available."

Sen. Jeanne Shaheen, D-N.H., who has backed the U.S. government's move to ban Kaspersky software from government computers, said in a tweet the administration should be more transparent regarding the ban: "This should serve as a stark warning. Trump admin should declassify info on Kaspersky Labs to raise awareness."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.