The NSA suffered a serious breach in 2015, exposing the agency’s cyberwarfare strategy, including its own defenses and methods of attacking foreign networks, reports The Wall Street Journal today. Russian intelligence is said to be behind the attack, and software from Russia-based Kaspersky labs is suggested to have been their vector.
Amazingly, the data in question is reported to have been taken home by an NSA contractor, who was somehow compromised through their use of Kaspersky’s antivirus software. How exactly this would work is not explained, although it is speculated that it may be related to the practice of downloading and storing files it thought were suspicious (e.g. malware executables) on its servers. We’ve contacted the company for more information.
Kaspersky Labs has come under fire this year as fears of Russian interference in U.S. affairs were stoked by innumerable cybersecurity incidents and alleged links to the present administration. Just last month the company’s software was banned from use in both the executive branch and parts of Congress. Kaspersky denies “inappropriate ties with any government” and maintains that the allegations are unfounded.
While the methods are unclear, that there was a breach is much more certain. The WSJ reports that breach was major enough to be given a code name and to have prompted admonition from the highest levels of the agency. The material stolen is said to include not just descriptions of how the NSA conducts its operations, but some actual code used to attack and defend.
The breach was never disclosed; it occurred some time in 2015 but was only discovered in Spring of 2016. That certainly would have given Russian intelligence a head start during an election year destined to be marred by serious cybersecurity incidents.