Report: Russian hackers stole NSA data with help from Kaspersky products

A bombshell report from the Wall Street Journal says Russian hackers discovered NSA hacking tools through a contractor's use of Kaspersky products.

Russian state-backed hackers stole tools used by the National Security Agency from a contractor after he put the tools on a personal computer, the Wall Street Journal reports.

The theft, which took place in 2015 and was discovered in 2016, was reportedly enabled after the hackers identified code using Kaspersky Lab antivirus software. The Moscow-based cybersecurity firm has been under intense scrutiny of late, including a Department of Homeland Security order banning the company’s products from being used on most federal government machines.

In the lead up to the story’s publication on Wednesday, CEO Eugene Kaspersky took to Twitter to call the upcoming report a “conspiracy theory” and criticized that it relied on “anonymous sources.”

“Note we make no apologies for being aggressive in the battle against cyberthreats,” he tweeted.


A Kaspersky spokesperson told CyberScoop that the company “has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on Oct. 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company.”

“We make no apologies for being aggressive in the battle against malware and cybercriminals,” a Kaspersky statement read. “The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”

The WSJ report marks the third recent breach for the NSA, including the arrest of contractor Hal Martin for keeping classified material on his personal computer.

The intelligence agency has also been dealing with the Shadow Brokers, an unidentified group that has been leaking stolen NSA hacking tools online. Those tools have been co-opted into various cyberattacks since their leak. At this point, it’s unclear if any of these breaches overlap or are independent of one another.

Sen. Jeanne Shaheen, D-N.H., called on the Trump administration to “take further steps, including declassifying information on Kaspersky lab to raise awareness.”


Shaheen advocated banning Kaspersky from federal machines last month.

“This development should serve as a stark warning, not just to the federal government, but to states, local governments, and the American public, of the serious dangers of using Kaspersky software,” she said in a statement.

Sen. Ben Sasse, R-Neb., focused on the issue of repeated leaks from NSA contractors.

“The men and women of the U.S. Intelligence Community are patriots,” he wrote, “but, the NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.”

Latest Podcasts