Spy war alert: Did Russian hackers steal US defence data from NSA laptop?

6 Oct 2017

The Kremlin, the seat of Russian power. Image: Zayne C/Shutterstock

A breach alleged to have come via Kaspersky software could enable Russia to evade NSA surveillance and more easily infiltrate US networks.

Hackers working for the Russian government are believed to have stolen NSA data on US offensive and defensive cyber capabilities from a contractor’s laptop.

The breach is understood to have occurred in 2015 and is alleged to have occurred via Kaspersky Lab software.

‘As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyber-espionage efforts’
– KASPERSKY LAB

It is believed the hackers targeted the contractor’s home computer after identifying the files through the contractor’s use of popular antivirus software made by Kaspersky Lab.

The contractor is understood to have taken work home with him and that is where the breach occurred.

According to The Wall Street Journal, the stolen material included details about how the NSA penetrates foreign computer networks, what code it uses for surveillance and how it defended networks within the US.

If this is true, not only will this optimise Russian defensive capabilities, but it also provides the Russian hackers with valuable insights into how to infiltrate the networks of the US and other nations.

Besieged Kaspersky Lab refutes allegations

The latest development could have a detrimental effect on the business of Moscow-headquartered Kaspersky Lab which in recent months has been staving off allegations that it has ties to Russian intelligence.

In July, CEO and founder of Kaspersky Lab Eugene Kaspersky defended his cybersecurity company against allegations of post-Cold War espionage.

“We stay on the bright side, and never, never go to the dark side,” he said.

According to IDC, Kaspersky has more than 400m users worldwide.

US suspicion of Eugene Kaspersky centres around the fact that he once studied at a programming school run by the KGB, now known as the FSB (Federal Security Service of the Russian Federation).

The CEO has vehemently denied any links with the Kremlin.

In July, Bloomberg reported that it saw a series of emails between Kaspersky Lab and the FSB, which indicate that the company worked with the latter on developing security products that the CEO “knew would be embarrassing if made public”.

The latest breach, which occurred in 2015 but was discovered in 2016, is understood to be the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the US government.

The revelation comes as tensions over alleged Russian tampering in last year’s US presidential elections has reached an all-time high. In recent weeks, Facebook and Twitter submitted data to Congress that suggests ads were used to misinform the electorate.

It has also been alleged that the Russian government endorsed the hacking of the state election-board systems and email networks of the Democratic party to damage the candidacy of Hillary Clinton in last year’s elections.

Suspicions about Kaspersky Lab prompted the US Department of Homeland Security to ban all US government departments and agencies from using Kaspersky products and services last month.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyber-espionage efforts,” Kaspersky Lab said in a statement.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com