This article was published on October 6, 2017

Hackers may have stolen NSA data via Russian-owned antivirus software

Hackers may have stolen NSA data via Russian-owned antivirus software Image by: Shutterstock
Inés Casserly
Story by

Inés Casserly

Russian hackers stole cyber defense information from the NSA, including how the US infiltrates foreign computer networks and its strategies against cyberattacks.

Although the breach occurred in 2015, it was only discovered spring of last year.

The problem began when an NSA contractor extracted classified documents in order to work on them after hours. The contractor’s home computer relied on a Russian antivirus company, Kaspersky, which reportedly made the breach possible.

Blake Darché, ex employee of the NSA and expert on hacking foreign systems, told The Wall Street Journal that the software provided by the company is “aggressive” in its methods of hunting for malware. “They will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

It’s a matter of concern, as the stolen data includes code the NSA uses to infiltrate foreign computers, as well as how it defends against these intrusions.

The official response is still in question, as The Wall Street Journal reported the NSA has not yet confirmed the hack. Kaspersky Labs hasn’t confirmed its involvement either, even though its systems were exploited to steal the data.

The company told The Wall Street Journal it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

It’s not the first time that the software company has been put under the spotlight. Kaspersky has long been suspected of working hand-in-hand with the Kremlin, although it constantly deny the links, as it reconfirmed in their latest statement:

As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.

It’s clear that this type of breach only ups Russia’s espionage game – they now have a detailed explanation of how the US security networks work, as well as classified information that isn’t available to anyone outside the NSA.

The person responsible for this has not yet been named, and it is not known what charges they will be facing.

And that’s just one more reason you shouldn’t work overtime.

Get the TNW newsletter

Get the most important tech news in your inbox each week.