Pentagon
Computers & Electronics

Russians used Kaspersky program to steal secret materials of US NSA

Russian hackers exploited anti-virus software made by Kaspersky Labs to steal top secret materials of the US National Security Agency off an NSA contractor’s computer, the Wall Street Journal reported Thursday.

In an incident that appeared to be the third breach of NSA security in the past four years by an intelligence contractor, the Journal said the 2015 hack led to the Russians obtaining information on how the NSA itself penetrates foreign computer networks and protects itself from cyberattacks.

The episode, which was discovered last year, could explain the recent US ban on government agencies using the popular virus protection software by the Moscow-based company.

 On September 13 the Department of Homeland Security ordered US agencies using Kaspersky products to remove and replace them with other approved software within 90 days.

“Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems,” DHS said at the time.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies.”

An NSA spokesman had no official reaction on the Journal report.

But an official familiar with the case said the report was at least partially correct, without being specific.

The Journal said the contractor apparently brought the highly classified NSA computer files home and transferred them to his personal computer, which was running Kaspersky software.

Citing unnamed sources, the Journal said the hackers appear to have targeted the contractor after using the Kaspersky program to identify the files.

The report said the contractor was not intending to steal or leak the materials, but likely broke a law in taking the files home.

In a statement, Kaspersky Labs said there is no evidence in the story showing the company colludes with Russian intelligence.

Founder Eugene Kaspersky suggested that the software may have been performing its job, to identify malware and similar threats, and automatically reported back to the company the NSA files as suspicious, as it does with all cyber threats.

He also posited that it would be theoretically possible that his company could be infiltrated by “one or two” people spying for the Russian government.

But he said internal controls and security would not have allowed that to last long. And he vehemently denied working for the Russian government.

“Any of our experts would consider it unethical to abuse user trust in order to facilitate spying by any government,” he said.

Interestingly, on Twitter Eugene Kaspersky retweeted the message of a Johns Hopkins University cryptography professor that read: “Kaspersky may not have colluded with [Russian] gov; just maybe their product may be horrendously compromised.”

Kaspersky’s business in the United States has severely shrunk since security officials last year began to raise questions about the company.

Its software, widely respected for its virus-catching effectiveness, is used on millions of computers around the world.