In 2015, hackers working for the Russian government stole a trove of National Security Agency hacking tools and other highly classified files, according to a Wall Street Journal report published Thursday. A government contractor moved the materials to a personal computer (a clear violation of security procedure) and then apparently used popular antivirus scanning software from Kaspersky Lab, a Moscow-based security firm. That apparently allowed Russian government-linked hackers to find the classified files. Though the intrusion occurred two years ago, the U.S. government didn’t discover what happened until this spring, the Journal says.
The stolen files included details about how the NSA breaks into foreign computer networks in its cyber espionage and cyber defense operations. That means the Russian government might now possess the keys to infiltrate U.S. government computer networks and perhaps even know how to defend itself against U.S. intelligence operations.
This hack marks the third NSA contractor since Edward Snowden’s massive document leak in 2013. In 2016, Harold Martin allegedly took a massive amount of data from the agency back to his house. Earlier this year, Reality Winner, a linguist working at the NSA on contract, reportedly smuggled documents out of the NSA that she stuffed inside her pantyhose. The report Winner stole was about Russian hacking of the 2016 election.
In 2016, soon after the Kaspersky-linked hack was discovered, the agency was also dealing with leaks from a hacking group called the Shadow Brokers. That group published a collection of hacking tools from the NSA, including a number of zero-day exploits, which are vulnerabilities in software, hardware, or even a whole computer network that have never been previously discovered. The Shadow Brokers are believed to be linked a Russian intelligence agency. The Wall Street Journal says that this latest known hack is unrelated to Harold Martin, at least, but it’s still not clear whether there’s any connection to the Shadow Brokers.
It’s also not clear whether Kaspersky was working with the Russian government or whether it was itself hacked. When antivirus software scans for malicious code, it compares what it finds on the computer to a list managed by the antivirus company. But as the Wall Street Journal reports, “that scanning also gives makers of the software an inventory of what is on the computer,” which could have tipped Russian hackers to the presence of NSA documents. And since Kaspersky is a Russian company, there’s a chance its antivirus scan was monitored by Russian-government linked hackers.
Kaspersky denies that the evidence thus far implicates the security firm. “The company actively detects and mitigates malware infections regardless of the source and we have been proudly doing it for 20 years,” it said in a statement.
Whether or not Kaspersky was aware of this particular incident, the Department of Homeland Security issued a directive in September banning the U.S. government from using any cybersecurity software from Kaspersky Lab. “The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS said.
This news comes amid a flood of concern about the many ways the Russian government tampered with the U.S. election, including the posting of manipulative ads on Facebook micro-targeted to U.S. voters and the weaponization of Twitter bots that promote divisive and counterfactual narratives. And the CIA concluded that before the 2016 election, Russian government-backed hackers were responsible for stealing emails and documents from the Democratic National Convention with the intent of undermining Hillary Clinton’s presidential campaign.
Despite the fact that Russia is reportedly to blame for this latest NSA hack, the fact that the nation’s top surveillance agency seems to have such poor security itself is extremely unsettling. Not only because the agency holds the keys to our national security, but also because the NSA collects data on millions of people around the world in its dragnet global surveillance operation. That likely includes all kinds of personal communications, too, like text messages, emails, location data, and browsing habits collected from innocent people without a warrant. (The NSA is not supposed to collect Americans’ data knowingly, but numerous news reports and leaks have revealed that the agency has been intercepting Americans’ digital communications since at least 2001.) And if the NSA can’t keep its most valuable hacking tools under lock and key, there’s little reason to suspect the NSA keeps the trove of personal data it has on other people very secure, either.