Russia steals U.S. cyber capabilities via antivirus software - media
Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter, according to the Washington Post.
The employee had taken classified material home to work on it on his computer, and his use of Kaspersky Lab antivirus software enabled Russian hackers to see his files, the individuals said. The case, which dates to 2015 and has not been made public, remains under investigation by federal prosecutors, WP reports.
The employee involved was a U.S. citizen born in Vietnam and had worked at Tailored Access Operations, the elite hacking division of the NSA that develops tools to penetrate computers overseas to gather foreign intelligence, said the individuals, who spoke on the condition of anonymity to discuss an ongoing case. He was removed from the job in 2015, but was not thought to have taken the materials for malicious purposes such as handing them to a foreign spy agency, they said.
Read alsoReuters: Russia may have tested cyber warfare on Latvia, Western officials sayThe theft of the material enabled the Russian government to more easily detect and evade U.S. government cyberespionage operations, thwart defensive measures and track U.S. activities, the individuals said. It is the latest in a series of damaging breaches of the NSA in recent years and is among the first concrete indications of why the U.S. intelligence community believes that Kaspersky Lab software operates as a tool for Russian espionage.
Kaspersky Lab said in a statement that it "does not have inappropriate ties to the Russian government."
Read alsoU.S. government agencies ordered to remove Kaspersky software - RFE/RLLast month, the U.S. government moved to ban the use of Kaspersky security software by federal agencies over concerns it had ties to Kremlin cyberespionage activities.
Read alsoUkraine "playground" for Russian cyberattacks - mediaAll antivirus products, including Kaspersky's, run in similar fashion. The product is placed on a client's computer to detect malicious software. To keep the detection capability up to date, the software routinely connects to the antivirus company. That connection is a double-edged sword. It allows the software to be updated, but it also provides an opportunity for the company to inspect files on the computer — and to remove them.
The company's founder, Eugene Kaspersky, graduated from a KGB-supported cryptography school and had worked in Russian military intelligence.