View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 6, 2017

Russian hackers allegedly steal NSA programs via Kaspersky vulnerability

With a string of cybersecurity incidents hitting the National Security Agency, is this proof that no organisation is safe?

By Tom Ball

Russian hackers have allegedly stolen NSA cybersecurity programs by infiltrating the personal computer of a contractor.

The NSA contractor exposed the valuable information by taking it home, with the hackers then able to leverage Kaspersky vulnerabilities to steal the cybersecurity programs.

This cybersecurity incident, first reported by The Wall Street Journal, adds to a chain of events to hit the NSA since the notorious leak of classified information caused by Edward Snowden in 2013.

Comparable to this instance, a government contractor to the NSA, Harold Martin, also took valuable documents home and was subsequently arrested last year.

Piers Wilson, Head of Product Management at Huntsman Security, said: “In some ways it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently. However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner.

With the access point on the contractor’s personal computer having been a weakness in Kaspersky software, this case resurfaces the recent FBI probe of Kaspersky, and a call from U.S. senators to ban the military use of Kaspersky Lab’s offerings.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK
British AI jobs boom but skills to fill them lacking – Indeed
Yahoo hack revelation: ALL accounts affected in 2013 breach
NCSC bombarded by cyberattack reports in first year of operation

“In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported – yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen,” said Wilson.

Cybersecurity is constantly proving to be less high-tech than typically thought, with human errors often contributing to serious breaches and attacks.

Wilson said: “These failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent. We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down.

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU