Russian hackers reportedly stole classified NSA cyberweapons from the home computer of one of the agency’s contractors, after the unspecified contractor removed the classified data and stored it one his personal computer. The theft reportedly took place in 2015 and was discovered in 2016.
According to a report by the Wall Street Journal, the attackers stole the NSA’s confidential data by exploiting Kaspersky’s anit-virus software, which the NSA contractor was using. The Journal reported that the stolen files include details of the NSA‘s offensive and defensive hacking tools as well as the computer code it uses for spying. IT security experts commented below.
Piers Wilson, Head of Product Management at Huntsman Security:
“In some ways it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently. However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner. In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported – yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen.
These failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent. We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down. Ultimately, without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen.”
Lee Munson, Security Researcher at Comparitech.com:
“So, the NSA has been caught out by the internal threat and a lack of basic security hygiene in recent years.
That Snowden was able to go to great lengths to exfilitrate data in ingenious ways is, perhaps, forgivable but after that event, how was another contractor allowed to get classified data onto his own personal machine, especially after Harold Martin was arrested for the exact same thing?
That question begs a response from the National Security Agency around its own physical security defences and the mind-set of the people it works with, rather than an unwarranted backlash against Kaspersky Lab which seems to be motivated by the fact that its owner is Russian, rather than any actual evidence.
In a world of hi-tech hacking tools and mass data collection programs, it seems the NSA actually needs to get back to basics, starting with security awareness training for its highly skilled people – who really ought to know better.”