Russian Hackers Exploited Kaspersky AV to Hack into NSA Contractor

Michele Moreno
October 7, 2017

Hackers backed by the Russian government stole highly classified cyber secrets in 2015 after an NSA contractor placed the information on his home computer, according to The Wall Street Journal.

Russian hackers managed to steal National Security Agency (NSA) data on how the USA hacks into foreign networks by making use of the Russian-made antivirus software Kaspersky.

According to the report the theft happened in 2015, shortly before the hacking group Shadow Brokers began leaking similar information on the internet and before an NSA contractor, Harold Martin, was arrested for taking a massive supply of classified NSA documents home so he could work on them.

Now, it is yet unclear how Kaspersky identified the files, or its role in the incident.

Sensitive US cyber-defence data has been stolen from the National Security Agency (NSA) yet again.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a US special counsel's investigation into whether Donald Trump's presidential campaign sought or received assistance from the Russian government.

According to anonymous sources, a malicious code let hackers steal classified code, documentation and some other sensitive data.

Kaspersky appears to be saying that its software picked up on the NSA's malware tools, which is what it's supposed to do.

At the time, the Department of Homeland Security said it "is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks".

Kaspersky AV found the NSA exploit while scanning the machines.

The U.S. government last month banned all use of Kaspersky Lab software in federal information systems, citing concerns about the Moscow-based security firm's links to the Russian government and espionage efforts. The software was then used as a vulnerability by Russian individuals or organizations who stole the confidential data.

"As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russian Federation, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts", Kaspersky Lab said in a statement. Kaspersky says it has more than 400 million users world-wide. The breach seems to have been made possible through flaws in the Kaspersky anti-virus system, according to reports, and could enable hostile actors to evade surveillance by the United States government. He did, however, note the Defense Department does not use any anti-virus software developed by Kaspersky.

"We make no apologies for being aggressive in the battle against malware and cybercriminals".

Republican Senator Ben Sasse (NE) said that it is more hard "to beat your opponent when they're reading your playbook", according to the Post. Once they got that warning signal, the hackers purged the computer for the key NSA spy tools.

Other reports by Insurance News

Discuss This Article