Hack Reportedly Occurred in 2015, But Was Discovered This Spring
Agents tied to the Kremlin breached a home computer of a National Security Agency contractor that ran anti-virus software from Russian-owned Kaspersky Labs, pilfering details on how the U.S. penetrates networks and defends against cyberattacks, according to the Wall Street Journal. The contractor had removed the highly classified material and put it on his home computer, the newspaper reports.
See Also: How to Scale Your Vendor Risk Management Program
The hackers appear to have targeted the contractor after identifying the files on the home computer through the contractor’s use of Kaspersky security software, sources with knowledge of the matter told the newspaper.
The breach occurred in 2015 but wasn’t uncovered until this past spring, according to the news report, which added that the stolen data included specifics about how the NSA infiltrates foreign IT networks, the computer code it uses for such spying and how it defends networks inside the U.S.
Three weeks ago, the Trump administration ordered U.S. federal executive branch agencies to remove Kaspersky anti-virus software from their computers within 90 days (see Kaspersky Software Ordered Removed From US Gov’t Computers). At the time, the Department of Homeland Security issued a statement that said Kaspersky security products pose a risk to federal information systems because they provide broad access to files and elevated privileges on the computers where they’re installed that could be exploited by malicious cyber actors to compromise those IT systems. A bill funding the military that the Senate passed last month would ban use of Kaspersky software in the armed services.
Kaspersky Denies Report
In a statement to the Journal, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
Company CEO Eugene Kaspersky characterized the Journal story as a “new conspiracy theory. … We make no apologies for being aggressive in the battle against cyberthreats.”
New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats
— Eugene Kaspersky (@e_kaspersky) October 5, 2017
Kaspersky has long maintained it does not do work for any government, including Russia’s (see Kaspersky Lab Debate: Put Up or Shut Up) .
‘Data Goes Back to Russia’
Earlier this week, speaking at a cybersecurity forum sponsored by the Washington Post, White House Cybersecurity Coordinator Rob Joyce hinted about how the Russian government could exploit Kaspersky software.
Joyce pointed out that anti-virus software runs at the very lowest level of the operating system. “It’s designed to scan every file on your computer,” he said. “It scans those files looking for things based on a series of commands that come from the company. That company is a Russian company. … That data comes off your machine and goes back to Russia; it’s vulnerable and available.”
Sen. Jeanne Shaheen, D-N.H., who has backed the U.S. government’s move to ban Kaspersky software from government computers, said in a tweet the administration should be more transparent regarding the ban: “This should serve as a stark warning. Trump admin should declassify info on Kaspersky Labs to raise awareness.”
This should serve as a stark warning to all. Trump admin should declassify info on Kaspersky Lab to raise awarenesshttps://t.co/fXMXS0Kdgy
— Sen. Jeanne Shaheen (@SenatorShaheen) October 5, 2017