Suspected Russian hackers breached the home computer of an NSA contractor in 2015 to steal sensitive and classified programmes belonging to the NSA.
The NSA has suffered various data breaches at the hands of third-party contractors who have not followed strict cyber security policies.
Within days after the U.S. government banned the use of Kaspersky Lab products by federal agencies, news has arrived that Russian hackers exploited flaws in the same products in 2015 to steal sensitive details belonging to the NSA.
The stolen cyber security programmes belonged to the NSA but were carried home by a third party contractor in violation of cyber security practices being enforced by the agency.
According to The Wall Street Journal, Harold Martin, the contractor in question, had Kaspersky Lab software installed on his home computer and by exploiting flaws within the software, Russian hackers were able to steal classified NSA documents and programmes.
Even though the NSA has neither confirmed nor denied the incident, it said in a statement that it has been upgrading and improving its security over the years.
“For the past several years we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock.
We’re not relying on only one initiative. Instead, we’ve undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community,” the agency said.
The NSA’s practice of creating cyber weapons and storing them on their servers for future use has also impacted several nations and large enterprises since hackers eventually found ways to steal such malicious firmware.
Following the WannaCry ransomware attacks, Microsoft said that it was strange that instead of reporting cyber-weapons or building antidotes, security agencies chose to store them for use in future operations. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” the company said.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” it added.
Commenting on the Russian cyber-attack that compromised classified NSA programmes, Piers Wilson, Head of Product Management at Huntsman Security, said that such failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent.
‘Without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen,’ he warned.