Home Governance US NSA contractor under radar over pilferage; Russia denies involvement

US NSA contractor under radar over pilferage; Russia denies involvement


Days after the U.S. Senate barred the federal agencies from using products from Kaspersky Lab, Russian hackers have reportedly stolen data from the country’s National Security Agency (NSA) contractor’s home computer, according to a Wall Street Journal report.

The contractor, who has not been named yet, reportedly downloaded a cache of classified information from his workplace and loaded it onto a personal computer at home, even though he was aware of the consequences that moving such a classified and confidential data without approval is not only against NSA policy, but also comes under criminal offence. His personal computer was equipped with Kaspersky Antivirus.

This is the third such incident, when an NSA employee has come under the radar of either exposing or leaking the classified information. The first case goes back to the high-profile and infamous case of Edward Snowden, who was accused of data theft in 2013 and second case is of the recent arrests of contractor Harold Martin and Reality Winner, who were accused of physically removing classified information from NSA facilities.

Following the pilferage, the federal government has already initiated the investigation. Some experts suspect that this leak may be directly linked to the mysterious Shadow Brokers group.

According to the WSJ report, “But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programmed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.”

While explaining NSA contractor’s machine compromise, Joe Stewart, a security researcher with Cymmetria, said, “Any time you’ve got a situation where software running on a machine has an update process, it can be compromised.”

Kaspersky denies wrongdoing

In a statement, Kaspersky Lab rejected the report and said, “Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company. As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

The company statement further said, “The company actively detects and mitigates malware infections, regardless of the source.  Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”

In September 2017, the U.S. Department of Homeland Security banned the Moscow-based cyber security firm Kaspersky Lab, citing concerns the company may be linked to Kremlin and Russian spy agencies.