Cyber: Russians have succeeded in the impossible, stealing US classified information directly from the NSA
Two prominent American newspapers wrote on Thursday that in 2015, Russian hackers stole U.S. cyber secrets directly from the National Security Agency (NSA) after an employee had placed information on their home computer.
As the Wall Street Journal previously reported, citing unidentified sources, the theft included information on foreign cyber network penetration and cyber attack protection and is likely to be regarded as one of the most significant security breaches ever suffered.
In a subsequent story, the Washington Post said the employee had worked at the NSA's Tailored Access Operations unit, dedicated to elite hackers before being fired in 2015.
The NSA declined to comment, citing that the agency's policy is "never to comment on its affiliates' and personnel matters".
If confirmed, the attack would have marked the latest in a series of data breaches classified by the secret intelligence agency, including data leaks on US surveillance programs by the infamous Edward Snowden in 2013.
Another person, Harold Martin, is awaiting trial for bringing home classified NSA materials. The Washington Post reported that Martin was, however, not involved in the case just denounced.
US Republican Senator Ben Sasse, a member of the senate's services committee, said that if the statement learned from the newspapers had been confirmed, the details and devastating scenarios for national security would emerge.
"The NSA has to keep its head in the sand and solve the problem," Sasse said. “Russia is a clear opponent in cyberspace and we cannot afford these kinds of incidents.
Tensions are already high in Washington over US accusations against Russians about increased violations of the system that monitors American targets. Intervention in state electoral agencies and hacking of Democratic Party computers in an attempt to influence the outcome of the 2016 presidential election in favor of Republican Donald Trump has been announced.
Citing unidentified sources, both the Journal and the Post also reported that the employee used antivirus software from Moscow on the Kaspersky Lab platform, the company whose products were banned from U.S. government networks last month due to suspicions about the help it would provide to the Kremlin. Kaspersky Lab has strongly denied the allegations.
Russian government officials could use some bugs in Kaspersky software to attack the machine in question, security experts said at Reuters. They would also intercept traffic from the platform to Kaspersky computers.
Kaspersky said in a Thursday statement that he only found himself in the midst of a geopolitical struggle.
"Kaspersky Lab has not been provided with any evidence demonstrating the company's involvement in the alleged incident reported by the Wall Street Journal." "It is shocking that only on the basis of unproven clues we continue to blame society, causing it evident damage".
The Department of Homeland Security banned Kaspersky products on federal networks on September 13, and the US Senate passed a bill to ban use by the federal government, citing concerns that the company could be a pawn from the Kremlin.
James Lewis, a cyber expert, along with Washington's Center for Strategic and International Studies, said the report of the breach seemed credible even though he had no first-hand information on what had happened.
"The puzzling part is that the fired NSA employee managed to get material out of the building while using Kaspersky." In this regard, intelligence agencies have considered that Kaspersky products are a source of very high risk.
Democratic Senator Jeanne Shaheen, who led the congressional efforts to eliminate Kaspersky Lab's products from public networks, called on the Trump administration last Thursday to declassify information about the damage that Kaspersky Lab would have done.
"It is in the national interest to know what really happened," said Shaheen.
Source Reuters