Russian hackers stole NSA files using Kaspersky, who deny the accusations

Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material, accessing the data on his home computer, according to multiple sources.

The WSJ report broke the news of the 2015 Russian government hack of an NSA contractor.

The paper reported on Thursday that the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home.

photo/ Gerd Altmann via pixabay

There, the contractor’s use of Kaspersky’s antivirus software “alerted Russian hackers to the presence of files that may have been taken from the NSA” and the Russian hackers infiltrated the files and obtained a significant amount of data, according to the paper.

Calling the allegations “like the script of a C movie”, Eugene Kaspersky, firm’s founder, gave his own explanation of what might have happened.

The Department of Homeland Security said it “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”.

In an official statement about the allegations, Kaspersky Lab said: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Kaspersky vehemently denied that his company had played any active role in the breach, noting: “We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done.”

Kaspersky implies, it may be the case that Kaspersky Lab’s own data was hacked by the Russian government. “Even though we have an internal security team, and do bug bounties, we can’t give 100% guarantee that there are no security issues in our products, name another security software vendor who can!”

Matthew Green, a cryptography professor at Johns Hopkins University, wrote: “Consensus on infosec Twitter is that Kaspersky may not have colluded with [the Russian government]; just maybe their product may be horrendously compromised.

“Not quite sure how that’s qualitatively different from the point of view of Kaspersky customers. But I guess it’s something.”

Dave Aitel, a former NSA hacker who is now CEO of penetration-testing firm Immunity, said the allegations aired on Thursday’s WSJ post are a plausible explanation.

“That’s exactly the kind of behavior that would cause the US government to do what they’re doing,” he told Ars. “There’s only one really big thing, which is they think [Kaspersky] is operating as an agent for a foreign government, most likely wittingly.”

photo/ Jan Alexander