Jump to content

Russian hackers reportedly stole NSA data in 2015, likely via Kaspersky software


Petrovic

Recommended Posts

Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.


As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.


In a later story, The Washington Post said the employee had worked at the NSA’s Tailored Access Operations unit for elite hackers before he was fired in 2015.
The NSA declined to comment, citing agency policy “never to comment on our affiliates or personnel issues.” Reuters was not able to independently verify the reports.
If confirmed, the hack would mark the latest in a series of breaches of classified data from the secretive intelligence agency, including the 2013 leaks of data on classified U.S. surveillance programs by contractor Edward Snowden.


Another contractor, Harold Martin, is awaiting trial on charges that he took classified NSA material home. The Washington Post reported that Martin was not involved in the newly disclosed case.


Republican U.S. Senator Ben Sasse, a member of the Senate Armed Services Committee, said in a statement responding to the Journal report that, if true, the details were alarming.
”The NSA needs to get its head out of the sand and solve its contractor problem,“ Sasse said. ”Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.”


Tensions are already high in Washington over U.S. allegations of a surge in hacking of American targets by Russians, including the targeting of state election agencies and the hacking of Democratic Party computers in a bid to sway the outcome of the 2016 presidential election in favor of Republican Donald Trump.


Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.
Kaspersky Lab has strongly denied those allegations.


Russian government officials could have used flaws in Kaspersky software to hack into the machine in question, security experts told Reuters. They could also have intercepted traffic from the machine to Kaspersky computers.


Kaspersky said in a statement on Thursday that it found itself caught in the middle of a geopolitical fight.
“Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal,” it said. “It is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company.”


The Department of Homeland Security on Sept. 13 banned Kaspersky products in federal networks, and the U.S. Senate approved a bill to ban them from use by the federal government, citing concerns the company may be a pawn of the Kremlin and poses a national security risk.


James Lewis, a cyber expert with the Washington-based Center for Strategic and International Studies, said the report of the breach sounded credible, though he did not have firsthand information on what had transpired.


“The baffling parts are that he was able to get stuff out of the building and that he was using Kaspersky, despite where he worked,” Lewis said. He said that intelligence agencies have considered Kaspersky products to be a source of risk for years.


Democratic Senator Jeanne Shaheen, who led calls in Congress to purge Kaspersky Lab products from government networks, on Thursday called on the Trump administration to declassify information about threats posed by Kaspersky Lab.


“It’s a disservice to the public and our national security to continue withholding this information,” Shaheen said in a statement.

https://venturebeat.com/2017/10/05/russian-hackers-reportedly-stole-nsa-data-in-2015-likely-via-kaspersky-software/

 

 

Link to comment
Share on other sites


  • Replies 26
  • Views 2.3k
  • Created
  • Last Reply

Of cores they did!:tooth:

 

Quote

Kaspersky said in a statement on Thursday that it found itself caught in the middle of a geopolitical fight.

 

Link to comment
Share on other sites


1 hour ago, Petrovic said:

As reported first by The Wall Street Journal, citing "unidentified" sources...

 

1 hour ago, Petrovic said:

In a later story, The Washington Post said...

Very "Trusted" sources...:tooth:

Link to comment
Share on other sites


For the life of me what is wrong with governments around the world?

 

They allow lapse's in security by hiring complete morons to protect the state, not only by allowing them to take things home but protect the property we weak arse passwords.

 

The U.K. do the same crap, one of their employee's used the password (without quotes) password1 as the access key.

 

I have read about them using post codes, childrens names.

 

Passwords should be something like this T%  __&*98%TgTYYm7&  ____-90*64

Link to comment
Share on other sites


The way i see it!

It's all just politics nothing matters anymore.B)

Link to comment
Share on other sites


knowledge-Spammer

more bs  about Kaspersky one day real russian hackers will hack usa just to show  they say russia hackers all the times and yet no real proof again

 

 

Link to comment
Share on other sites


knowledge-Spammer
7 hours ago, 0bin said:

Time to end this bull.... about Kaspersky, how many times saved people PC from malware? This is scam campaign did by other AV companies.

its not just Kaspersky if its russian made usa will hit out at it

days ago google remove rt from utube i see soon russia will have its own utube 

it seems usa gov have all gone mad  buts its ok  let them play this game and see were it end

Link to comment
Share on other sites


knowledge-Spammer
7 hours ago, Petrovic said:

Kaspersky spies. it's a fact

Do you really read EULA ? ;)

Kaspersky spies for bad code or hacking tools 

the boss of Kaspersky  have said this time ago if u have Kaspersky  on pc and u have hacking tools or hacking code Kaspersky will take it as its bad code or bad hacking  he have said this on video for everyone  to understand   u have hacking tools Kaspersky   want to make sure its not bad for the users  i see no bad thing from that

Link to comment
Share on other sites


5 minutes ago, Petrovic said:

Kaspersky spies. it's a fact

Do you really read EULA ? ;)

 

I don't believe every thing i read just because it's writing somewhere :uhuh:

Link to comment
Share on other sites


39 minutes ago, Petrovic said:

Kaspersky spies. it's a fact

Do you really read EULA ? ;)

EULA is just a provision by Publishers to indemnify and to empower themselves by seeking Users' tacit agreement as a precondition, before one can use or even install the software, in question. ;)

Link to comment
Share on other sites


This info came from some unknown sources and Reuters could could even confirm it being true are not  i read the post in the WSJ  it says they said it but they never said who said it .. The DHS said they removed Kaspersky from  the Government mostly based on open source info in court but said they was not willing too discuss it all in the open but would discuss it in private .  The government don't have too provide no proof when it's a matter of National security  even because all that is classified.

 

 

1 hour ago, 0bin said:

Time to end this bull.

What you going do about it ?  besides complain about it .. You cant stop the mainstream media from reporting  the news regardless  if it true are not  . Even if no one bothers too post it here it will be posted in 1000s of other sites.  :P

Link to comment
Share on other sites


Dissecting the recent WSJ cybersecurity story: truth, lies and disturbing details by @e_kaspersky himself

 

We aggressively protect our users and we’re proud of it.

 

Another sensationalist media story was released today stating among other things that Kaspersky Lab helps a certain intelligence agency in getting their hands on sensitive data from another intelligence agency through the home computer of a contractor. Another accusation in the article is that we are very ‘aggressive’ in our methods of hunting for new malware.

 

The first statement sounds like the script of a C movie, and again – disclosed by anonymous sources (what a surprise). I can hardly comment on it besides the official statement.

 

However, I couldn’t agree more with the second claim about being aggressive in our hunt for malware. We absolutely and aggressively detect and clean malware infections no matter the source, and have been proudly doing so for 20 years. This is the reason why we consistently get top ratings in independent, third-party malware detection tests. We make no apologies for being aggressive in the battle against malware and cybercriminals – you shouldn’t accept any less. Period.

 

While protecting our customers, we do – as any other cybersecurity vendors – check the health of a computer. It works like an X-ray: the security solution can see almost everything in order to identify problems, but it cannot attribute what it sees to a particular user. Let me elaborate a bit more on what we do and what we don’t when protecting our users from cyberattacks:

 

What we do

 

Every day, we develop new heuristics and advanced detection mechanisms that flag suspected malware and send it to machine-learning-powered back-end for automatic analysis. These heuristics are designed in a way so that they focus only on a particular type of data – one that has characteristics potentially dangerous to computer health. And the data’s risk is the only feature the heuristics care about.

 

We focus on high-profile cyberthreats that have the potential to impact many users. Such threats are usually very sophisticated and may consist of multiple components – not necessary malicious at first glance. Please read our recent ShadowPad story as an example.

 

We hunt for and analyze all kinds of threats. We ignore none. We also invest a lot of resources into systems that protect our users from malware, make their computers more secure, and allow them to enjoy their user experience as opposed to worrying about it.

 

In the wake of this latest article I want to emphasize the following: if our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes all our customers – no matter who or where they are – receive protection from the threat. In the most serious cases – such as global malware outbreaks like WannaCry or sophisticated cyber-espionage platforms like Equation – our researchers analyze the threat deeply and publish the research with indicators of compromise openly, so not only our customers, but all other users and our colleagues in the cybersecurity industry can learn how to protect against the new threat. Customers’ security is our mission, and we’re committed to protect against all kinds of cyberthreats regardless their origin or purpose. This approach is the foundation of our business and is what our users pay for.

 

This is the one and only way of how we deal with cyberthreats. The new allegations look to me like this: someone just took this process of how we deal with a threat, added some fictional details, and here we go – the new C-movie script is ready.

 

What we don’t do

 

With big power comes big responsibility. We never betray the trust that our users place in our hands. If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business – and rightly so.

 

To understand why something like this would be impossible for Kaspersky Lab or any other reputable security company, one needs to understand how the cybersecurity industry works. In our industry there are mainly two types of folks: first, those who do offensive things: breaking software, creating espionage tools, exploits, and – to the extreme – helping governments with their spy efforts. And second, folks who fight for users, take their side, protect them from attacks, create software that defends computers, and cause all manner of headaches for spy agencies.

 

This is a fundamental separation, which expresses itself in many ways – from what is considered ethical by one category or the other, to reputation and separating right from wrong.

 

For 20 years, KL has been fighting for users. It’s pioneered many technologies, including machine learning and cloud security, created one of the world’s best security products, and strived to ONLY hire people who abide to the highest ethical standards.

 

Any of our experts would consider it unethical to abuse user trust in order to facilitate spying by any government. Even if, let’s say, one or two such people would somehow infiltrate the company, there are dozens of internal technological and organizational strategies to mitigate the risk. There are also 3000+ people working at Kaspersky Lab and some of them would notice something like that. It’s impossible to hide it from everybody.

 

Now to the complicated part

 

Even though we have an internal security team and run bug bounty programs, we can’t give a 100% guarantee that there are no security issues in our products; name another security software vendor that can! Software is made by people and people make mistakes – no getting round that.

 

Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us? We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I can’t imagine an ethical justification for not doing so.

 

In the end, I can’t shake off a disturbing thought: no matter how great security technologies and measures are, the security of millions can be easily compromised by the oldest threat actor there is – a $5 USB stick and a misguided employee.

 

< Here >

 

 

Link to comment
Share on other sites


 

Quote

 

The NSA Officially Has a Rogue Contractor Problem

 

 

The NSA is one of the world's most notoriously secretive and powerful government agencies, guarding its powerful hacking tools and massive caches of collected data under layers of security clearances and world-class technical protections. But it turns out that three times in three years, that expensive security has been undone by one of its own contract employees simply carrying those secrets out the door.

In 2013, an NSA contractor named Edward Snowden walked out of the agency's building in Oahu, Hawaii, carrying a USB drive full of thousands of top-secret documents. Last year, a 53-year-old Booz Allen contractor for the NSA named Hal Martin was arrested last year for taking 50 terabytes out of the agency over a period as long two decades. And Thursday, the Wall Street Journal reported that in 2015, a third contract employee of the NSA in as many years took home a trove of classified materials that included both software code and other information that the agency uses in its offensive hacking operations, as well as details of how it protects US systems from hacker adversaries.

That classified data, which wasn't authorized to be removed from the perimeter of the facility where that contractor worked, was then stolen from the contractor's home computer by Russian spies, who exploited the unnamed employee's installation of antivirus software from Kaspersky, a Russian company. And while that revelation has raised yet another round of serious concerns and unanswered questions about Kremlin spying and the role of Kaspersky's widely used commercial software, it also points to a more fundamental security problem for the NSA: The own-goals it has committed, as a series of its paid employees spill some of its most sensitive secrets—including its intensely guarded and dangerous hacking techniques.

While Kaspersky is one major—though possibly unintentional—culprit in this latest theft of secrets, the root cause of the breach is the deep negligence of the NSA employee who violated his security clearance by taking incredibly sensitive materials home, says Dave Aitel, a former NSA staffer who now runs the security firm Immunity Inc.

"What are the hell are these people thinking?" asks Aitel. "Leaving the NSA with top-secret documents and putting them on your home machine is the very first thing they tell you not to do. Why it keeps happening is a mystery to me, and probably to the management at NSA."
Going Rogue

The revelation of the latest unidentified contractor, whose employer also hasn't been publicly named, comes a year after Martin was caught leaving sensitive data on hard drives in his home and car, a collection that included 75 percent percent of the hacking tools used by the NSA's elite hacking team, known as Tailored Access Operations, according to the Washington Post. Prosecutors in Martin's case have said the data also contained the highly secret identities of undercover agents.

It's not yet clear if either Martin or the most recent contractor to breach the agency's secrecy rules had any intention of selling or exploiting the documents they took. The latest incident in particular seems to be a case of carelessness, rather than profit or malice, according to the Wall Street Journal's reporting. Both of those leaks contrast with the whistleblowing-motivated data thefts of Edward Snowden—another Booz Allen contractor—who stole his thousands of top secret files with the intention of giving them to media.

But in the wake of the leaks carried out by Snowden, this third contractor breach points to a continuing problem with the NSA's operational security and contractor management, one serious enough that NSA director Admiral Michael Rogers was officially reprimanded by his superiors, and some high-ranking officials suggested to President Obama he be removed from his position, according to some reports last year. Rogers nonetheless maintained control of the NSA under the Trump administration. An NSA spokesperson declined to comment on "personnel issues or ongoing investigations," but did defend the agency's security posture.

"Admiral Rogers has made security of information a top priority during his tenure. The NSA operates in one of the most complicated IT environments in the world," the spokesperson says. "Over the past several years, we have continued to build on internal security improvements while carrying out our mission to defend the nation and our allies around the clock. We are not relying only on one initiative. Instead we have undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community."

The NSA press office declined to elaborate on those measures, or provide more detail.
Leak Damage

The NSA's two most recent leaks may in fact have already had massively damaging, observable consequences: Many in the security community speculate—but have not confirmed—that the Shadow Brokers, a group of unidentified hackers who released a series of stolen NSA hacking tools over the last year, obtained that hacking arsenal from one of the two post-Snowden insider leaks. Those tools have already been reused by malicious criminal and state-sponsored hackers to spread the WannaCry ransomware worm as well as the NotPetya malware, to install crypto-currency mining malware on victims' machines, and to harvest usernames and passwords from high-value spying targets via hotel Wi-Fi.

And yet the leaks continue. That's possibly because as dangerous as the "insider threat" problem may be, it has no easy solution, says Susan Hennessey, a former NSA attorney who now serves as a fellow at the Brookings Institution. If someone wants to ferret secrets out of their own office, there are simply too many ways to do it, perhaps most straightforwardly on a USB drive in their pocket.

"You can’t run a large federal agency like an airport, where every single person is patted down and screened coming in and out," Hennessey says. "Hiring practices and clearance investigations and computer security can address some concerns, but at the end of the day intelligence agencies necessarily have to vest a lot of trust in their employees. So effective insider threat measures have to begin with a recognition that some risks can’t be eliminated, only managed."

But the NSA's cozy relationship with contractors bears much of the blame, too, says Tim Shorrock, the author of the book Spies for Hire, which focuses on corruption in the intelligence-contractor industry. He notes that contractors account for close to 30 percent of agency staff, and 60 percent of their budgets. He sees the three recent breaches as evidence that those massive payouts aren't accompanied by proper oversight. "They're leaving way too much authority to the contractors to police themselves and it’s clear that system is failing," Shorrock says. "There needs to be some kind of mechanism to police the contractors."

Shorrock also points to a lack of consequences for the companies who supplied the contractors behind the recent breaches. He argues that stems in part from the revolving door of officials between the intelligence agencies and the private sector; both the directors of national intelligence under Presidents Obama and George W. Bush had previously worked for Booz Allen, for instance.

But former NSA analyst Aitel believes the cultural issues at the NSA run deeper than contractors alone. He says it was common during his time at the agency to see core NSA staffers do work at home, too—albeit not with actual classified documents—reading news stories and public sources of information security reports, digging up technical information, and even talking on the phone with each other in vague or coded terms, which he considers especially unwise.

Aitel argues that the NSA's recent leaks stem from a more fundamental problem: The agency's sheer scale, and a structure that doesn't restrict its staffers often enough to information on a "need-to-know" basis. "There’s something structurally wrong here," Aitel says. "This is about scale and segmentation. It’s very hard to have a really big team where everyone’s read in on everything and not have it leak."

 

https://www.wired.com/story/nsa-contractors-hacking-tools/

 

Link to comment
Share on other sites


knowledge-Spammer

i think this was when it all started

US and British spy agencies worked to reverse-engineer antivirus software in order to "exploit such software and to prevent detection

Kaspersky  was a big challenge

 

Link to comment
Share on other sites


It's Really  not the 1st time Kaspersky  came up in the news as being hacked  long before  the USA Government ever removed it.

 

Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0

https://www.wired.com/2015/06/foxconn-hack-kaspersky-duqu-2/

Israel Used Same Duqu Malware To Hack Kaspersky, Spy On Iranian Nuclear Negotiations

http://www.ibtimes.com/israel-used-same-duqu-malware-hack-kaspersky-spy-iranian-nuclear-negotiations-1962567

So we know the malware exist out there to do this sort of thing but i guess if Kaspersky can be hacked most any of them has been hacked before.

Link to comment
Share on other sites


You would have be some kind of state hacker to have access too such . If normal Blackhats had anything  like this  it would not even be safe too buy anything  online  with security software installed . I know in the Linux Community  some ask about installing a Antivirus on Linux they said it best not too because you have give it root to you're system  and it  could cause you too get hacked . After what happen too CC Cleaner and none of the Anti-malware didn't detect it tell a month latter I'm really starting too wonder what good is it ?It can only detect non 0 days  witch you can run on demand and do this. If it were not  for some  websites being infected  with known malware   i would not use realtime at all .

Link to comment
Share on other sites


knowledge-Spammer

the usa fake news is geting  bigger all the time and yet trump understand whats real happen

soon people see what happens if keep saying bad for russia things putin is saying he will hit back at usa programs and news

 

Link to comment
Share on other sites


44 minutes ago, knowledge said:

trump understand whats real happen

This has nothing too do with Kaspersky. The Trump administration  had Kaspersky banned  themselves even  from things gathered by  intelligence agencies .  The reason Trump is trying to do this was over stuff written by media about the election .

 

Trump Administration Bans Federal Agencies From Using Russian-Owned Kaspersky Software

http://fortune.com/2017/09/13/kaspersky-lab-ban-dhs-trump/

 

Trump pushes for Senate intel panel probe of 'Fake News Networks' in U.S.

http://www.politico.com/story/2017/10/05/trump-fake-news-networks-senate-intelligence-committee-243480

 There not really not much they can do about it except clear Trump's name  witch hes looking out for himself here is all  . The Media  is not the Government they only sway public opinion of the government is all. The NSA  subject  is about Security  and privacy its been a hot topic since 2013  we know Whistle Blowers exist in the NSA. But that mess with Trump we don't know if  that was made up or not but data being stole from NSA  has nothing too with the Data they claim was stolen from the Democrats.  That's more about politics than anything . But they do need too get too the bottom of it .

 

But what  are politicians?  most are just lairs and never keep there word. So I don't have much faith in the Senate making matters better  after all there probing Trump to begin with and that's why he now wants the media probed .

Link to comment
Share on other sites


Guess USA doesnt worry about China hackers as all of the electronics are made or assembled in China.

Does USA gov ban the Qihoo 360 ? their anti virus programs, which last I looked actually used kaperski cloud defs. 

Link to comment
Share on other sites


47 minutes ago, mikie said:

Guess USA doesnt worry about China hackers as all of the electronics are made or assembled in China.

Does USA gov ban the Qihoo 360 ? their anti virus programs, which last I looked actually used kaperski cloud defs. 

What  do this  have too do with Kaspersky  do you have any proofs pointing too the USA government ever used Qihoo 360 ?  Or are you just posting to see yourself post ? Unlike Kaspersky   Qihoo 360 dont have much market in the USA  at all . I never herad of it  only on Forums like these and it has a big market in Asia mostly.

 

Another US-Listed Chinese Company Heads Home; Qihoo Is Latest, Largest to Delist

https://www.yicaiglobal.com/news/another-us-listed-chinese-company-heads-home-qihoo-latest-largest-delist

They Delisted from the New York Stock Exchange  they have no marketshare in the USA anymore they went private.

 

Everybody  makes a big deal about the USA  Government banning Kaspersky  but China's government ban both Kaspersky and Symantec.

Quote

 

China’s government procurement agency has removed Symantec and Kaspersky from its list of security software suppliers, ensuring that the state can only buy antivirus programmes from Chinese providers.

 

The move to block use of software made by Symantec, based in the USA, and Kaspersky, based in Russia, came to light following an announcement on the English-language Twitter feed of the state-owned People’s Daily newspaper.

 

People's Daily,China (@PDChina)

    Govt procurement agency has excluded Symantec & Kaspersky fm a security software supplier list, all 5 in are fm China pic.twitter.com/cSqCxVN0jI
    August 3, 2014
 

 

https://www.theguardian.com/technology/2014/aug/04/symantec-kaspersky-blocked-chinese-government

When China ban Kaspersky  this  forum must had forgot too read the news that day  !  So the US was not the 1st ones too do this even. Nothing is new under the sun what is old is new again  only the names of who did it changed .:lol:

 

China excludes Symantec, Kaspersky Lab from approved anti-virus vendors

http://www.zdnet.com/article/china-excludes-symantec-kaspersky-lab-from-approved-anti-virus-vendors/

No country needs proof  too do this they just vote and it's done .

Link to comment
Share on other sites


3 hours ago, steven36 said:

You would have be some kind of state hacker to have access too such . If normal Blackhats had anything  like this  it would not even be safe too buy anything  online  with security software installed . I know in the Linux Community  some ask about installing a Antivirus on Linux they said it best not too because you have give it root to you're system  and it  could cause you too get hacked . After what happen too CC Cleaner and none of the Anti-malware didn't detect it tell a month latter I'm really starting too wonder what good is it ?It can only detect non 0 days  witch you can run on demand and do this. If it were not  for some  websites being infected  with known malware   i would not use realtime at all .

 

Absolutely true, which is why I don't run any Anti Virus or Malware software on any of my systems.  EVERY piece of software you install on a system is a potential portal for a hacker to access the system.  Some firewalls make better access portals than they do firewalls.  Nothing is sacred, nothing is safe, unless you have the personnel to thoroughly audit the software installation and monitor your systems on a daily basis for both outbound and inbound connections.  It's a huge job, and not something a home user is capable of doing. There are valid security reasons for only running software in a VM or using portable software.  Then you only need the OS and a damn good firewall installed on it, and your virtualization software if you are going that route.  There has been much conversation about going to server based virtual systems where there would only be a terminal on each desk, much like the old IBM AS400 server systems.  No computer, no hard drives, no local storage, just a terminal box with a monitor, keyboard, and mouse plugged into it.  Makes security much easier since there is only one machine that needs to be protected, not 3000. (A small 90s era AS400 server the size of a tower had 32 CPUs and could run multiple server OSes.)  The main problem with going back to a system similar to that, only for Windows, is the expense of totally replacing the entire current system with new servers and terminals.  We didn't have the $30 Million extra to do it.

Link to comment
Share on other sites


Whoopenstein

Sometimes people who seem to be brilliant do some of the stupidest things. He should have been using MaCrappy uh I mean McAfee  AV.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...