Russian hackers used antivirus software to steal important NSA spying, defense tools

Saturday, 07 Oct, 2017

According to the Journal, an NSA contractor stole and downloaded onto his personal computer highly classified details about how the USA penetrates foreign computer networks and defends itself against cyberattacks.

Sources told the publication that the stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his come computer.

Comparable to this instance, a government contractor to the NSA, Harold Martin, also took valuable documents home and was subsequently arrested past year.

In a statement, Kaspersky CEO Eugene Kaspersky said his company "has not been provided any evidence substantiating the company's involvement in the alleged incident". The report also says the matter is under federal investigation at the moment and that the stolen material was used by Russian Federation to detect and avoid counterespionage carried out by the US.

Kaspersky denies any ties with Russian government and stated that the allegations have no basis.

According to anonymous sources, a malicious code let hackers steal classified code, documentation and some other sensitive data. Kaspersky operates in a more aggressive way than other antivirus systems by copying large amounts of your personal files to allow them to be scanned for possible malware. Kaspersky Lab may or may not have been involved in this breach, but it's absolutely clear that the NSA needs to get its crap together. According to a report from the time, Kaspersky said that its own systems were compromised by hackers in an attack that was created to spy on its newest technologies and "involved up to three previously unknown techniques" suggesting a state-sponsored actor may have been involved. Not only because the agency holds the keys to our national security, but also because the NSA collects data on millions of people around the world in its dragnet global surveillance operation. Months earlier, the General Services Administration removed Kaspersky from its list of approved vendors, suggesting a software vulnerability existed with Kaspersky that could give Moscow backdoor access to the very systems the company said it protects.

The breach happened despite the fact that USA agencies have been banned from using Kaspersky over spying fears - demonstrating that, regardless of an organisation's policies, if an insider can still circumvent them whether intentionally or not, data will still be placed at serious risk. The suspicion is that Kaspersky may have some coordination with Russian intel to look for data that specifically references intelligence operations and then directs them to that user for further penetration.

Kaspersky Lab is a Russian company with alleged ties to state-sponsored cyberespionage.

The information would help the Russian government protect its own networks and make it more hard for the NSA to conduct its work.