WSJ: Kaspersky software likely used in Russian-backed NSA breach

Hackers working for the Kremlin reportedly found sensitive information on the home computer of an NSA contractor who was using Kaspersky antivirus software.
Written by Stephanie Condon, Senior Writer

Outside the NSA headquarters in Fort Meade

(Image: stock image)

The Russian government stole valuable information about National Security Agency surveillance and cyberdefense programs, after apparently hacking a contractor with the help of Kaspersky antivirus software, The Wall Street Journal reports, citing unnamed sources familiar with the matter.

Hackers working for the Kremlin specifically stole information revealing how the NSA penetrates foreign computer networks and the computer code it uses to do so, the Journal reports. They also reportedly stole information on how the NSA defends networks inside the US.

The reported breach occurred in 2015, when an unidentified NSA contractor transferred highly classified material to his home computer, on which he was using Kaspersky software. The incident was discovered the spring of 2016, the Journal says.

Last month, the US government banned all federal agencies from using Kaspersky software over concerns with the Russian-based company's ties to the Kremlin. The government has yet to answer repeated questions regarding the basis for that concern. While the Journal reports that Kaspersky software was likely used in this particular instance to identify the sensitive data on the contractor's computer, there's no evidence given that Kaspersky actively facilitated the breach.

The Journal characterizes the breach as "one of the most significant security breaches in recent years" and writes that it "offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US."

In a statement, Kaspersky Lab told the Journal in a statement that it "has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation." The company added that it "does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts."

The NSA did not immediately respond to a request for comment from ZDNet and told the Journal it does not comment on affiliate or personnel matters. A spokesman for the Russian government did not directly respond to the Journal's question about whether it stole NSA information.

The reported breach would amount to the third known incident involving an NSA contractor in which large amounts of highly classified information were exposed. Earlier this year, former NSA contractor Harold Martin was indicted over an alleged 20-year campaign to steal classified government documents. Meanwhile, former contractor Edward Snowden in 2013 leaked a trove of confidential government documents to the media to expose the US' mass surveillance programs.


PledgeMusic exposed accounts by letting anyone log in without a password

The site boasted three million users last year.

FDIC hit with more than 50 security breaches over two years

A new report from the Office of Inspector General has brought another wave of cybersecurity woes to the Federal Deposit Insurance Corp.

This sneaky phishing attack hijacks your chats to spread malware

Organisations around the world have fallen victim to a highly-targeted phishing campaign which intercepts ongoing email threads to customise messages and spread malware.

Editorial standards