The Department of Homeland Security recently barred federal agencies from using Kaspersky Lab products due to security concerns but has been tight-lipped about what intelligence linked the popular, Moscow-based computer security firm to specific intelligence operations.
Kaspersky Lab denied any knowledge of any role in the attack, but decried “news coverage of unproven claims continu[ing] to perpetuate accusations about the company” in a written statement.
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” the company said. More here.
photo with more detail at this link
Russian hackers stole classified data from NSA contractor
Russian government hackers stole data about how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed highly classified material and stashed it on his home computer, a new report said Thursday.
The hackers apparently targeted the contractor after identifying the files through the contractor’s use of an anti-virus software made by the Russia-based Kaspersky Lab, The Wall Street Journal reported, citing sources familiar with the hacking.
Experts told the paper the hack was one of the most serious security breaches in years, and that it provided insight into how Russian intelligence exploits commercial software products to spy on the US.
The incident occurred in 2015 but wasn’t discovered until spring of last year, the sources told the WSJ.
The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for that kind of spying and how it defends American networks, the sources said.
The information could help the Russians guard their own networks, making it more difficult for American spooks to surveil Russia.
The breach was believed to be the first time that Kaspersky software, which is sold in the US, was exploited by Russian hackers as they spied on the US.
The revelation comes as special counsel Robert Mueller is investigating Russian meddling in the US election and possible collusion with the Trump campaign.
The president has called Russian hacking a “hoax” and “fake news” and slammed Mueller’s probe as a “witch hunt.”
A spokesman for the NSA would not comment on the security breach.
“Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” the spokseman told the paper.
In a statement, Kaspersky said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
The NSA contractor in the Kaspersky incident was not known, and the company he worked for was not identified.
Sources told The Journal he is believed to have taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.
The man apparently did not knowingly work for a foreign government, but knew that removing classified information without authorization was a violation of NSA policies and potentially a criminal act, the sources said.