ShareThis Page

Report: Russian hackers target secrets taken by NSA worker

| Thursday, Oct. 5, 2017, 8:39 p.m.
Eugene Kaspersky, founder of Kaspersky Lab,  graduated from a KGB-supported cryptography school and worked in Russian military intelligence.
Eugene Kaspersky, founder of Kaspersky Lab, graduated from a KGB-supported cryptography school and worked in Russian military intelligence.

WASHINGTON — Hackers allegedly working for the Kremlin stole details about how the U.S. infiltrates foreign networks and defends against cyberattacks after a National Security Agency contractor took the classified material home and put it on a personal computer, according to a news report published Thursday.

The Wall Street Journal reported the breach of classified information. It's the third time since 2013 that a theft of sensitive information involving an NSA contractor has become publicly known.

The newspaper, citing multiple unnamed individuals with knowledge about the theft, said the hackers apparently targeted the NSA contractor after identifying the sensitive material through his use of antivirus software by Kaspersky Lab. The Russian company denied involvement in the theft, which the newspaper said occurred in 2015, but was not discovered until last spring.

The NSA declined to respond to the news report, saying it has a policy not to comment on personnel matters or investigations that might or might not be occurring.

But the NSA said the director, Adm. Mike Rogers, has worked to make information security a priority since he took his post in 2014. The newspaper, citing people familiar with the issue, said Rogers has received a letter of reprimand from his superiors.

“NSA operates in one of the most complicated information technology environments in the world,” the agency said in a statement. “Over the past several years, we have continued to build on internal security improvements, while carrying out the mission to defend the nation and our allies.”

The name of the contractor is not publicly known. It's unclear if he has been dismissed or charged in the incident, which is still being investigated.

In 2013, former NSA contractor Edward Snowden leaked classified material exposing U.S. government surveillance programs. In August 2016, Harold Thomas Martin III, 51, of Glen Burnie, Md., was arrested by the FBI after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car.

Kaspersky said it has not been provided with any evidence substantiating the company's involvement in the incident. “It is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company,” Kaspersky said in a statement provided to the AP.

Last month, the U.S. banned federal agencies from using computer software supplied by Kaspersky Lab because of concerns about the company's ties to the Kremlin and Russian spy operations. As it did then, the company insisted that it does not have inappropriate ties to any government, including Russia. The company said it appears to be caught in the middle of a “geopolitical fight.”

“The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests,” Kaspersky Lab said. “It's also important to note that Kaspersky Lab products adhere to the cybersecurity industry's strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”

The chief executive of the software company, Eugene Kaspersky, is a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense. His critics say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.

News of the breach alarmed former NSA workers.

“Kaspersky copying NSA information from an NSA person's computer? That's shocking,” said Blake Darche, a former agency worker who is now chief security officer for Area 1, based in Redwood City, Calif.

He said it's possible the contractor was working to develop malicious code for the NSA, which could have triggered an alarm at Kaspersky, which then looked at that data.

“Does the Russian government have direct access to Kaspersky data? I don't know,” Darche said, but speculated that companies could be compelled to share such information with the Russian government.

At a Senate intelligence committee hearing in May, top U.S. officials were asked whether they would be comfortable with Kaspersky software on their computers.

“No” was the reply given by then-acting FBI Director Andrew McCabe, CIA Director Mike Pompeo, National Intelligence Director Dan Coats, NSA Director Rogers, National Geospatial-Intelligence Agency Director Robert Cardillo and the former Defense Intelligence Agency director, Lt. Gen. Vincent Stewart.

After the news report, Sen. Jeanne Shaheen, D-N.H., who has led efforts in Congress to ban use of Kaspersky Lab software across the federal government, wrote a letter to the leadership of the Senate Armed Services Committee requesting a hearing on the matter.

“This development should serve as a stark warning, not just to the federal government, but to states, local governments, and the American public, of the serious dangers of using Kaspersky software,” Shaheen said. “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time.

“It's astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States. It's unfortunate that there has not been a more expedited and coordinated effort at the federal level to remove this glaring national security vulnerability.”

The breach comes as congressional committees and officials in the government are investigating Russia's meddling in the 2016 presidential election.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.