Russians Allegedly Used Kaspersky Software to Hack NSA Data
By Chris Strohm
Russian hackers obtained classified information about National Security Agency cybersecurity programs after breaching a personal computer used by an agency contractor in 2015, according to a person familiar with the matter.
The contractor, who wasn't identified, took the classified material home, where Russian hackers stole it by exploiting vulnerabilities in Kaspersky Lab Inc. software that he had on his computer, according to the person, who asked not to be identified.
The breach, first reported by The Wall Street Journal, is the latest to plague the NSA involving the use of government contractors. Harold Martin, who was contracted to work at the NSA, was arrested last year and told investigators that he knowingly took home documents and digital files that contained highly classified information.
Martin's case followed the 2013 revelations of Edward Snowden, who fled his job as an NSA contractor in Hawaii for Hong Kong and then Russia after stealing and releasing a trove of data on classified U.S. data-collection programs. While both Martin and Snowden were employed by Booz Allen Hamilton Holding Corp., the official wouldn't say who employed the contractor in the latest breach.
The NSA, which monitors, collects and processes the most classified communications data for national security purposes, wouldn't confirm or deny that the incident occurred but said in a statement that it has taken steps to improve its security.
"For the past several years we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock," the NSA said. "We're not relying on only one initiative. Instead, we've undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community."
The U.S. government last month banned all use of Kaspersky Lab software in federal information systems, citing concerns about the Moscow-based security firm's links to the Russian government and espionage efforts.
According to a Homeland Security Department directive, all U.S. agencies were required to identify any Kaspersky products they have used within 30 days and to develop plans to discontinue their use.
"This action is based on the information security risks presented by the use of Kaspersky products," the DHS said in a statement at the time. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
Kaspersky denied "inappropriate ties with any government" and criticized the U.S. decision to ban its software as "based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies."
Responding to the NSA breach on Thursday, Kaspersky said in a statement on its website that it "has not been provided any evidence substantiating the company's involvement in the alleged incident."
(c)2017 Bloomberg News