You are here

Putin Strikes Again: Russian Hackers Reportedly Stole NSA Data On Cyber Defense

Looks like Russian President Vladimir Putin is back at it.

The Wall Street Journal reported Thursday that hackers working for the Russian government have stolen data describing how US intelligence agencies infiltrate foreign computer networks and how they defend against cyberattacks. The data were stolen after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to WSJ’s anonymous sources.

News of the hack, which hasn’t been exposed previously, explains the federal government’s abrupt crackdown on Moscow-based security firms Kaspersky Labs. As WSJ explains, the contractor may have been targeted after hackers identified the files thanks to the contractor’s use of a popular antivirus software created by Kaspersky.

According to WSJ, the hack is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits the widely available software products. It appears to be one of the most harmful infiltrations of government servers since hackers purportedly sponsored by the Chinese military stole records about US intelligence assets from the Office of Personnel Management’s servers.  

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter. If the report is accurate, the breach would be the first known incident of Kaspersky software being exploited by Russian hackers for the purposes of espionage. The company, which sells its antivirus products in the US, had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide, though it’s about to lose all of its customers from the US government.

The NSA wouldn’t confirm, or deny, the story

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

As WSJ points out, this would be the third breach at the NSA involving a contractor’s access to a huge trove of highly classified materials – or the third to be publicly disclosed, at least. The breach prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said. It’s unclear as of yet how this hack stacks up to the theft of files detailing legally questionable mass-surveillance tactics committed by fugitive Edward Snowden, who has been granted asylum by Russia. The other incident, which resulted in the arrest last year of another NSA contractor, Harold Martin, involved the removal of classified information by the contractor, who stored it at his home. However, it’s believed no malicious actors obtained the files exposed by Martin. The Kaspersky incident predates the Martin breach.

Like Martin, people familiar with the matter said the unnamed contractor involved in the Kaspersky breach took documents and other NSA files home with him, presumably to complete more work on his or her own time. The man isn’t believed to have wittingly worked for a foreign government, but knew that removing classified information without authorization is a violation of NSA policies. The incident is being investigated by federal law enforcement.

As WSJ points out, nearly two dozen US government agencies were once authorized to use Kaspersky software, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

However, NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against employees using the software at home, the agency told WSJ that it had warned employees not to.

One former NSA employee told WSJ that users of Kaspersky’s software essentially “sign away their privacy”, enabling the firm’s aggressive hunting of malware.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

 

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

 

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

 

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

Experts said the software may have found samples of malicious code in the contractors’ files, alerting the agency to the trove of NSA data.

The revelation presumably explains efforts by the Trump administration and Congress to remove Kaspersky software from government computers. Last month, the Department of Homeland Security in an unprecedented move directed all federal agencies to scan their networks for Kaspersky security software and begin removing it within 90 days. Meanwhile, the Senate passed a bill that would ban the use of products from the Moscow-based firm by the federal government, citing national security risks. That vote was included as an amendment to an annual defense policy spending bill approved by the Senate on the same day.

So, is this another example of a Putin-directed attempt to undermine US security? Or is the Trump administration cynically trying to undercut a foreign company that competes with many US technology firms?

For what it’s worth, Kaspersky denied the allegations. We now await a response from the Russian government, which has previously criticized the Trump administration's efforts to ban the software.