Rus­sian hack­ers ex­ploited an­tivirus soft­ware

U.S. cy­ber ca­pa­bil­i­ties stolen from NSA em­ployee’s home com­puter

The Mercury News Weekend - - NEWS - By Ellen Nakashima and Jack Gil­lum

Rus­sian govern­ment hack­ers lifted de­tails of U.S. cy­ber ca­pa­bil­i­ties from a Na­tional Se­cu­rity Agency em­ployee who was run­ning Rus­sian an­tivirus soft­ware on his com­puter, ac­cord­ing to sev­eral in­di­vid­u­als fa­mil­iar with the mat­ter.

The em­ployee had taken clas­si­fied ma­te­rial home to work on his com­puter, and his use of Kasper­sky Lab an­tivirus soft­ware en- abled Rus­sian hack­ers to see his files, the in­di­vid­u­als said. The case, which dates to 2015 and has not been made public, re­mains un­der in­ves­ti­ga­tion by fed­eral pros­e­cu­tors.

The NSA de­clined to com­ment on the breach, which was first re­ported by the Wall Street Jour­nal.

The em­ployee in­volved was a Viet­namese na­tional who had worked at Tai­lored Ac­cess Op­er­a­tions, the elite hack­ing divi­sion of the NSA that de­vel­ops tools to pen­e­trate com­put- ers over­seas to gather for­eign in­tel­li­gence, said the in­di­vid­u­als, who spoke on con­di­tion of anonymity to dis­cuss an on­go­ing case. He was re­moved from the job in 2015, but was not thought to have taken the ma­te­ri­als for­ma­li­cious pur­poses such as hand­ing them to a for­eign spy agency, they said.

The theft of the ma­te­rial en­abled the Rus­sian govern­ment to more eas­ily de­tect and evade U.S. govern­ment cy­beres­pi­onage op­er­a­tions, thwart de­fen­sive mea­sures and track U.S. ac­tiv­i­ties, the in­di­vid­u­als said. It is the lat­est in a se­ries of dam­ag­ing breaches of the NSA in re­cent years and is among the first con­crete in­di­ca­tions of why the U.S. in­tel­li­gence com­mu­nity be­lieves that Kasper­sky Lab soft­ware op­er­ates as a tool for Rus­sian es­pi­onage.

The breach “serves as a stark warn­ing - not just to the fed­eral govern­ment, but to states, lo­cal gov­ern­ments and the Amer­i­can public - of the se­ri­ous dan­gers of us­ing Kasper­sky soft­ware,” said Sen. Jeanne Sha­heen, D-N. H., a vocal critic of Kasper­sky who has pushed for the soft­ware’s ban in fed­eral net­works.

The ma­te­rial the em­ployee took in­cluded hack­ing tools he was help­ing to de­velop to re­place oth­ers that were con­sid­ered com­pro­mised fol­low­ing the breach of NSA ma­te­rial by for­mer con­trac­tor Ed­ward Snow­den, said one in­di­vid­ual fa­mil­iar­with the­mat­ter.

The Wash­ing­ton Post re­ported in­Novem­ber that the the em­ployee was re­moved in 2015.

The in­ci­dent un­der­scores the risks of us­ing prod­ucts as seem­ingly in­nocu­ous as an­tivirus soft­ware, which can be ex­ploited for na­tional se­cu­rity pur­poses.

No­tably, the breach did not in­volve for­mer NSA con­trac­tor Harold Martin, who was ar­rested last year af­ter car­ry­ing out­what is said to be the largest theft of clas­si­fied in­for­ma­tion in U.S. his­tory, the in­di­vid­u­als said. Martin pleaded not guilty this year to vi­o­lat­ing the Es­pi­onage Act and is await­ing trial.

The in­tel­li­gence com­mu­nity has long as­sessed that Kasper­sky has ties to the Rus­sian govern­ment. A Rus­sian law re­quires telecom­mu­ni­ca­tions com­pa­nies in the coun­try to pro­vide ac­cess to their net­works. Kasper­sky servers are lo­cated in Moscow, which means that cus­tomer data flow­ing through their servers passes through those same tele­com providers’ net­works, a per­son fa­mil­iar with the mat­ter told The Post.

Kasper­sky Lab said in a state­ment it “does not have in­ap­pro­pri­ate ties to the Rus­sian govern­ment.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.