How the NSA's records were taken by Russian Hackers
Russian hackers stole details on US cybersecurity methods from a contractor who brought the files home to work from his personal computer where they accessed remotely through Kaspersky anti-virus software. According to the report from The Wall Street Journal’s sources claimed that NSA officials discovered the leak in spring of 2016
The NSA declined requests from comment, stating that agency policy does not allow them in disclose investigations or personnel matters, regardless of whether they are happening or not.
If these accounts are true, the leak is the third leak of confidential information from the NSA in the last five years preceded by Harold Martin, a contractor arrested in August, and Edward Snowden in 2013.
Information lifted from the computer held strategies for offensive and defensive hacking after leaks by Edward Snowden made the agency’s tactics public knowledge. Since the leak happened sometime in 2015 and wasn’t discovered until spring of 2016 means that US cybersecurity efforts would be left vulnerable to anyone with access to the leaked information.
Reactions from Kaspersky
Kaspersky, the Moscow-based antivirus software used by the contractor, is suspected to have alerted hackers to the files located. It is not known whether these hackers were acting independently or as agents of the Russian government. Eugene Kaspersky, founder of Kaspersky Labs denied any role in the breach in a post on his personal blog, stating: “if our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes all our customers – no matter who or where they are – receive protection from the threat.”
The contractor is reported to have worked for a group within the NSA called Tailored Access Operations who are known for their ability to gain access to large mainframe computers used by companies and universities, and even the microphones in certain smart TVs.
Politicians cast blame on Kaspersky and the NSA
In response to the leak, U.S. legislators blamed the NSA and Kaspersky’s software. Sen. Ben Sasse (R-Neb.) called for the NSA to “get its head out of the sand and solve its contractor problem.” Opponent of Kaspersky software’s use by government agencies, Sen. Jeanne Shaheen (D-N.H.) claimed that the leak is a warning to government agencies and the public of the “serious dangers of using Kaspersky software.”
This is not the first sign of distrust between the U.S. and Kaspersky Labs. In September, the Federal government banned the use of its software after an FBI investigation unveiled potential links to Russian security services. Elaine C. Duke, acting secretary of Homeland Security, required all federal agencies to prepare plans to eliminate their use of Kaspersky software in 90 days.