[BreachExchange] Report: NSA Secrets Stolen From Computer Using Kaspersky Software

Audrey McNeil audrey at riskbasedsecurity.com
Thu Oct 5 19:24:18 EDT 2017


https://www.bankinfosecurity.com/report-nsa-secrets-stolen-
from-computer-using-kaspersky-software-a-10359

Agents tied to the Kremlin breached a home computer of a National Security
Agency contractor that ran anti-virus software from Russian-owned Kaspersky
Labs, pilfering details on how the U.S. penetrates networks and defends
against cyberattacks, according to the Wall Street Journal. The contractor
had removed the highly classified material and put it on his home computer,
the newspaper reports.

The hackers appear to have targeted the contractor after identifying the
files on the home computer through the contractor's use of Kaspersky
security software, sources with knowledge of the matter told the newspaper.

The breach occurred in 2015 but wasn't uncovered until this past spring,
according to the news report, which added that the stolen data included
specifics about how the NSA infiltrates foreign IT networks, the computer
code it uses for such spying and how it defends networks inside the U.S.

Three weeks ago, the Trump administration ordered U.S. federal executive
branch agencies to remove Kaspersky anti-virus software from their
computers within 90 days (see Kaspersky Software Ordered Removed From US
Gov't Computers). At the time, the Department of Homeland Security issued a
statement that said Kaspersky security products pose a risk to federal
information systems because they provide broad access to files and elevated
privileges on the computers where they're installed that could be exploited
by malicious cyber actors to compromise those IT systems. A bill funding
the military that the Senate passed last month would ban use of Kaspersky
software in the armed services.

Kaspersky Denies Report

In a statement to the Journal, Kaspersky Lab said it "has not been provided
any information or evidence substantiating this alleged incident, and as a
result, we must assume that this is another example of a false accusation."

Company CEO Eugene Kaspersky characterized the Journal story as a "new
conspiracy theory. ... We make no apologies for being aggressive in the
battle against cyberthreats."

Kaspersky has long maintained it does not do work for any government,
including Russia's (see Kaspersky Lab Debate: Put Up or Shut Up) .

'Data Goes Back to Russia'

Earlier this week, speaking at a cybersecurity forum sponsored by the
Washington Post, White House Cybersecurity Coordinator Rob Joyce hinted
about how the Russian government could exploit Kaspersky software.

Joyce pointed out that anti-virus software runs at the very lowest level of
the operating system. "It's designed to scan every file on your computer,"
he said. "It scans those files looking for things based on a series of
commands that come from the company. That company is a Russian company. ...
That data comes off your machine and goes back to Russia; it's vulnerable
and available."

Sen. Jeanne Shaheen, D-N.H., who has backed the U.S. government's move to
ban Kaspersky software from government computers, said in a tweet the
administration should be more transparent regarding the ban: "This should
serve as a stark warning. Trump admin should declassify info on Kaspersky
Labs to raise awareness."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171005/91c30ab0/attachment.html>


More information about the BreachExchange mailing list