Report: Russian hackers target secrets taken by NSA worker
By DEB RIECHMANN
October 06, 2017 08:53 AM
WASHINGTON (AP) — Hackers allegedly working for the Kremlin stole details about how the U.S. infiltrates foreign networks and defends against cyberattacks after a National Security Agency contractor took the classified material home and put it on a personal computer, according to a news report published Thursday.
The Wall Street Journal reported the breach of classified information. It's the third time since 2013 that a theft of sensitive information involving an NSA contractor has become publicly known.
The newspaper, citing multiple unnamed individuals with knowledge about the theft, said the hackers apparently targeted the NSA contractor after identifying the sensitive material through his use of antivirus software by Kaspersky Lab. The Russian company denied involvement in the theft, which the newspaper said occurred in 2015, but was not discovered until last spring.
The NSA declined to respond to the news report, saying it has a policy not to comment on personnel matters or investigations that might or might not be occurring.
But the NSA said Director Adm. Mike Rogers has worked to make information security a priority since he took his post in 2014. The newspaper, citing people familiar with the issue, said Rogers has received a letter of reprimand from his superiors.
"NSA operates in one of the most complicated information technology environments in the world," the agency said in a statement provided to The Associated Press. "Over the past several years, we have continued to build on internal security improvements, while carrying out the mission to defend the nation and our allies."
The name of the contractor is not publicly known. It's unclear if he has been dismissed or charged in the incident, which is still being investigated.
In 2013, former NSA contractor Edward Snowden leaked classified material exposing U.S. government surveillance programs. In August 2016, Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car.
Kaspersky said it has not been provided with any evidence substantiating the company's involvement in the incident. "It is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company," Kaspersky said in a statement provided to the AP.
Last month, the U.S. banned federal agencies from using computer software supplied by Kaspersky Lab because of concerns about the company's ties to the Kremlin and Russian spy operations. As it did then, the company insisted that it does not have inappropriate ties to any government, including Russia. The company said it appears to be caught in the middle of a "geopolitical fight."
"The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests," Kaspersky Lab said. "It's also important to note that Kaspersky Lab products adhere to the cybersecurity industry's strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world."
The chief executive of the software company, Eugene Kaspersky, is a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense. His critics say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.
News of the breach alarmed former NSA workers.
"Kaspersky copying NSA information from an NSA person's computer? That's shocking," said Blake Darche, a former agency worker who is now chief security officer for Area 1, based in Redwood City, California.
He said it's possible the contractor was working to develop malicious code for the NSA, which could have triggered an alarm at Kaspersky, which then looked at that data.
"Does the Russian government have direct access to Kaspersky data? I don't know," Darche said, but speculated that companies could be compelled to share such information with the Russian government.
At a Senate intelligence committee hearing in May, top U.S. officials were asked whether they would be comfortable with Kaspersky software on their computers.
"No" was the reply given by then-acting FBI Director Andrew McCabe, CIA Director Mike Pompeo, National Intelligence Director Dan Coats, NSA Director Rogers, National Geospatial-Intelligence Agency Director Robert Cardillo and former Defense Intelligence Agency Director Lt. Gen. Vincent Stewart.
After the news report, Sen. Jeanne Shaheen, D-N.H., who has led efforts in Congress to ban use of Kaspersky Lab software across the federal government, wrote a letter to the leadership of the Senate Armed Services Committee requesting a hearing on the matter.
"This development should serve as a stark warning, not just to the federal government, but to states, local governments, and the American public, of the serious dangers of using Kaspersky software," Shaheen said. "The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time.
"It's astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States. It's unfortunate that there has not been a more expedited and coordinated effort at the federal level to remove this glaring national security vulnerability."
The breach comes as congressional committees and officials in the government are investigating Russia's meddling in the 2016 presidential election.
AP Technology Writer Matt O'Brien in Providence, Rhode Island, contributed to this report.
By DEB RIECHMANN
Updated: October 06, 2017 08:53 AM
Copyright 2017 The Associated Press. All rights reserved.