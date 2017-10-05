Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com) 61
An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
Idiot Contractor (Score:5, Insightful)
The problem here isn't Kaspersky and Russian hackers, they're just being opportunistic.
The REAL problem here is a dumb @$$ contractor who stole classified information and brought it home.
Why isn't the contractor, both company and employee, being punished for breach of secure information? Any other countries' spooks would want this info, including our allies.
Ahh that's right, let's just take this as an opportunity to bash Russia some more while our real enemy China is cleaning out both our industrial trade and military secrets!
/sarcasm
Re: (Score:3, Informative)
Do you have a copy of the terms of the contract that dictates what the contractor is and is not allowed to do? Can you provide information on relevant law governing information access? Can you cite what level of clearances are involved?
From TFA:
"An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer...
As you can see in the above text, I've highlighted the areas that might help pull your head out of your ass.
"Home" computers are not something that is authorized for storing or transmitting highly classified information. Not to mention "home" building codes lacking SCIF-level TEMPEST protections. Regardless of my lack of access to specific contractual details, I'd say there's about a 0.0000001% chance that this bullshit was authorized in any way.
Sure, it's all spelled out in the NISPOM:
https://en.wikipedia.org/wiki/... [wikipedia.org]
The most relevant section is Chapter 5:
http://www.dss.mil/documents/o... [dss.mil]
Nobody can take classified material home, ever. Nobody can put classified material onto an unapproved computer, ever. These are not things that change from contract to contract.
The problem here isn't Kaspersky and Russian hackers, they're just being opportunistic.
The REAL problem here is a dumb @$$ contractor who stole classified information and brought it home.
Why isn't the contractor, both company and employee, being punished for breach of secure information? Any other countries' spooks would want this info, including our allies.
Ahh that's right, let's just take this as an opportunity to bash Russia some more while our real enemy China is cleaning out both our industrial trade and military secrets!
/sarcasm
Re: (Score:2)
As Comey noted, all the Top Secret was from PUBLIC SOURCES (newspapers).
The mere fact it was in the public domain did not reduce the classification
That said, unless you can prove she KNEW it was classified material, from the PUBLIC SOURCES, no case, no crime
Sleep with the bear, get flees (Score:2)
Only the utterly stupid would think that. Do you really think a f****** Government agency can run a successful software company? Also, malware samples are shared all the time between AV companies and agencies tasked with keeping a country safe do also get them. That sharing is likely all that happened here.
Why was he allowed to take the docs home?! (Score:2)
Although doesn't this:
Note we make no apologies for being aggressive in the battle against cyberthreats.
Sound like a tacit admission?
Re: (Score:3)
Although doesn't this:
Note we make no apologies for being aggressive in the battle against cyberthreats.
Sound like a tacit admission?
No, it does not. It merely says that if the Kaspersky scanner detected files it suspected of being malware but did not know yet (e.g. because the identification was via suspicious behavior pattern, not code signature), it phones home. That is standard behavior and no secret. In fact, you agree to that in the license and it can, I believe, be switched off.
So what likely happened here is that the Kaspersky product was configured to send suspected, but yet unknown, malware files to Kaspersky and it did correct
It does not explain how it got OUT of Kapersky's labs and into the hands of Russian hackers.
So essentially - any antivirus program will essentially spy on you and upload any personal documents it claims looks "suspicious".
It's like having the TSA installed on your computer.
I can almost guarantee that no contractor is "allowed to take classified documents home" much less have them stored on a computer that was connected to the internet...
Apparently though, Being secretary of state gets you around those rules, so I can understand being confused.
Paranoids burying the lede (Score:4, Insightful)
The idiot Hal Smith, former NSA employee, apparently put stuff that shouldn't have been seen outside a SCIF on his home system. His content was exfiltrated, presumably by Russians. But now it's the vector of the exfiltration's fault that classified material was stolen.
News flash: the system was broken the moment the stuff saw a computer outside of an airgapped network. For that matter, Mr. Smith put himself in criminal jeopardy at that moment.
If the guy had been using Avast or Bitdefender, would that have made you feel better? Do you really think the Russians couldn't penetrate the firms providing those products? Think again.
While we're at it, do you really think that the Russians are the only people soaking up data from the US like a sponge? Why so much focus on their activities? You'd think people had a political axe to grind, almost...
It's a great story. It never gets old.
True dat.. Been going on for almost 80 years now...
Well, given that the NSA spies worldwide (Score:2)
And very likely with pretty much the methods described, I think this cannot get much more hypocritical. And while we _know_ the NSA does this, we only have a scare-story that may turn out to be a complete fantasy on the Russians and Kaspersky.
Is it so easy to bring home classified stuff? (Score:3)
I’m a bit puzzled: aren’t highly confidential documents stored, viewed and edited only on secured computers? Is it really that easy for a contractor (or even an employee) to grab a copy and leave with it, entirely unnoticed?
Re: Is it so easy to bring home classified stuff? (Score:2)
Sadly, yes it is.
Many years ago when I was doing the Navy thing, I would find classified stuff just laying about, unsecured in staterooms.
( Security patrols in case you're wondering why I was even in Officer's Country )
The vast majority of it was documentation of various things found on a ship that was tossed onto a table or rack ( bed ) in a stateroom. Easy to spot due to the color of the cover sheets. ( blue, red, orange, etc )
Apparently the junior officers thought closing the door to their stateroom wa
"If you want something made public just provide the information to the government to keep it safe and secure."
Quite possibly business as usual... (Score:2)
1) Any intelligence agency that doesn't look for exploits in commonly used tools isn't doing their job.
2) Kaspersky is a great target for exploit research no matter who you are.
3) Its common practice to keep identified exploits secret for high value zero day attacks JUST like this.
4) Also standard practice to request (or steal) source from domestic (or vulnerable) corps to make exploit location easier.
Not to defend Kaspersky (cause who knows?) but this just sounds like a normal day at the office for this pr
The real problem here (Score:2)
is the fact the employee brought home classified documents which somehow found their way onto their home ( read that: Unlikely certified to handle classified information ) computer.
Normally, I would consider this unlikely, but apparently keeping classified info on private systems / servers is all the rage these days
:|
is the fact the employee brought home classified documents which somehow found their way onto their home ( read that: Unlikely certified to handle classified information ) computer.
Normally, I would consider this unlikely, but apparently keeping classified info on private systems / servers is all the rage these days
:|
I understand the confusion.. Apparently if you don't "intend" to mishandle classified, you can do what you want, including sending it via E-mail to everybody and their brother in unencrypted form. Just be sure to "wipe" that server "with a cloth" should you get questioned on this...
James Comey said so!
"An NSA contractor brought home highly classified documents"
^^^ THIS
What contracting company. (Score:2)
Booz Allen had been running up a nice streak but lost that with reality winner, so have that pushed forward and tried to start streak two?
