Report: Russian Hackers Used Kaspersky Anti-virus to Steal NSA Hacking Tools
It’s not clear if Kaspersky knowingly assisted the theft.
Kaspersky software provided an inroad for Russian hackers to snatch details of National Security Agency offensive spying tools off an agency contractor’s personal computer, The Wall Street Journal reported Thursday.
The report offers the first confirmation—though not on the record—that Russian intelligence services are using Kaspersky software to steal sensitive U.S. information. It gives some clues to the background of a governmentwide Kaspersky ban announced by the Homeland Security Department last month.
The Journal story does not, however, provide any evidence that Kaspersky was complicit in the Russian hacking operation.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
A top Homeland Security official told lawmakers this week that the Kaspersky ban “was based on the totality of evidence including, for the most part, open source information,” likely referring to news reports about alleged ties between top Kaspersky executives, including founder Eugene Kaspersky, and Russian intelligence officials.
Kaspersky said in a statement that The Journal story was based on “unproven claims” and that the company had not been given any evidence substantiating those claims.
According to The Journal: Russian hackers accessed documents detailing NSA hacking tools after an NSA contractor accessed them on his home computer, which ran Kaspersky anti-virus. Removing the files from NSA property was both against agency policy and, possibly, a criminal act.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The Kaspersky anti-virus may have picked up the NSA hacking tools as part of a regular scan for cyber exploits. It’s not clear how the Russian hackers got the information from Kaspersky or if the anti-virus company cooperated, The Journal reported.
The incident happened in 2015 but was discovered in 2016, The Journal reported.
This is the third publicly reported breach of large amounts of NSA information following the major 2013 leak by contractor Edward Snowden and the indictment this year of Harold Martin, who is accused of taking reams of information off NSA property but not leaking or it or sharing it with U.S. adversaries.