An NSA contractor has had sensitive US cyber defence data stolen from his home computer by Russian hackers. The breach seems to have been made possible through flaws in the Kaspersky anti-virus system, according to reports, and could enable hostile actors to evade surveillance by the US government.
The breach happened despite the fact that US agencies have been banned from using Kaspersky over spying fears – demonstrating that, regardless of an organisation’s policies, if an insider can still circumvent them whether intentionally or not, data will still be placed at serious risk.
Responding to the NSA breach on Thursday, Kaspersky said in a statement on its website that it “has not been provided any evidence substantiating the company’s involvement in the alleged incident.”
>See also: Inside the mind of a state-sponsored hacker
According to a Bloomberg report, the contractor took the the classified material home. This was then stolen by Russian hackers who exploited vulnerabilities in Kaspersky Lab’s software.
Commenting on this, Piers Wilson, head of product management at Huntsman Security said: “In some ways it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently. However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner. In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported – yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen.”
“These failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent. We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down. Ultimately, without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen.”
The breach was first reported by the Wall Street Journal, and is the latest cyber security incident to impact the NSA involving the use of government contractors. Last year, Harold Martin – who was contracted at the NSA – was arrested after he took highly classified information home with him.
>See also: Russian-backed hacking group ‘targeting’ French Election runoff
This case followed the much-more-public 2013 revelation of Edward Snowden, who fled his job as an NSA contractor, stealing a treasure trove of classified information on US data-collection programs.
“For the past several years we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock,” the NSA said.
“We’re not relying on only one initiative. Instead, we’ve undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community.”
Responding to the NSA breach on Thursday, Kaspersky said in a statement on its website that it “has not been provided any evidence substantiating the company’s involvement in the alleged incident.”