Russian Hackers Penetrated Elite NSA Hacking Division
Updated: October 18, 2017 12:00PM UTC
By David Jones
Date: Saturday, October 07, 2017
Russian hackers exploited a vulnerability in Kaspersky Lab's software to steal sensitive cyberdefense data from a United States National Security Agency contractor, The Wall Street Journal reported Thursday.
The incident, which occurred in 2015, involved a contractor who loaded classified information onto his personal computer in order to work at home. The information included hacking tools and other sensitive data that the NSA used to gather intelligence overseas.
The contractor worked in the NSA's Tailored Access Operations unit, an elite hacking division in the agency. There is no evidence the contractor planned to release the information to any foreign governments or spies, according to Journal report.
Although he would not comment on the specific personnel issues involved, an NSA spokesman who asked not to be identified told TechNewsWorld that the agency took a layered approach to security.
The NSA is part of the Department of Defense, which has a longstanding public contract with security software developer Mcafee, the spokesman noted.
During the tenure of Director Michael Rogers, the U.S. Navy admiral who leads the NSA, IT security has been considered a top priority at the agency, he said, adding that its staff works in one of the "most complicated IT environments in the world."
Asked about the protocols that govern work with contractors, the spokesman told TechNewsWorld that when they "work within the agency, they work on our systems."
The Department of Homeland Security last month announced it would phase out the use of Kaspersky Lab software, he noted.
Further, during a Senate Intelligence Committee this spring, the spokesman said, Sen. Marco Rubio asked several U.S. intelligence chiefs whether they would use Kaspersky software on their computers, and Rogers, Director of National Intelligence Dan Coats, CIA Director Mike Pompeo and others said they would not.
Kaspersky Lab on Thursday issued a statement in response to The Wall Street Journal article, denying any "inappropriate" links to the Russian government, and maintaining that the publication had failed to hand over any evidence to substantiate what Kaspersky called "unproven" claims.
"However, as the trustworthiness and integrity of our products are fundamental to our business, we are seriously concerned about the article's implications that attackers may have exploited our software," the company said. "We reiterate our willingness to work alongside U.S. authorities to address any concerns they may have about our products and respectfully request any relevant information that would enable the company to begin an investigation at the earliest opportunity."
The incident is far from the first time that questions have been raised about Kaspersky Lab software, which some cybersecurity experts have suspected of Russian intelligence links for years.
In last month's order directing all federal executive branch departments and agencies to discontinue using Kaspersky Lab software, Acting DHS Secretary Elaine Duke noted that Kaspersky antivirus products provided "broad access to files" and "elevated privileges" on computers where the software was installed.
"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," she said.
The DHS said it would give Kaspersky an opportunity to respond in writing to the order, to address or mitigate the agency's concerns.
"This development should serve as a stark warning not just to the federal government, but to states, local governments and the American public, of the serious dangers of using Kaspersky software," said Sen. Jeanne Shaheen, D-N.H. "The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well documented for some time."
It is "astounding and deeply disturbing" that the Russian government continues to have this tool at their disposal to harm the U.S., she added, and it is "unfortunate" that there hasn't been a more "expedited and coordinated" effort at the federal level to remove this "glaring national security vulnerability."
Best Buy confirmed that it no longer sells Kaspersky software but declined to comment on any specifics, saying it does not comment on vendor contracts.
The company pointed to a previous report in the Minneapolis StarTribune, which said that while Best Buy did not conduct its own internal investigation of the software, it made the decision after government officials took several steps to curtail the use of Kaspersky and raised additional lquestions about whether the software could be exploited.
Governments in general are in trouble, due to the existence of an advanced persistent threat (APT) of cyberspies who basically have nothing else to do but figure out ways of penetrating security systems, observed Kenneth Geers, senior research scientist at Comodo.
"They've got nothing but time to figure out the people and devices for any target," he told TechNewsWorld.
Geers was a bit harsher regarding the circumstances of the alleged attack on the contractor, as the Tailored Access Operations has an almost "fabled or mythic existence" within the world of espionage, he said.
"It seems so incredibly sloppy," Geers remarked. "You'd think a place like the TAO would have a high enough bar."
Regarding Kaspersky's involvement, it's possible that the company has been victimized by players and events beyond its ability to handle, Geers said, noting that many such firms have spies embedded within them. "There's every chance that Kaspersky didn't fully understand what was going on."