According to The Wall Street Journal, Russian hackers stole confidential documents from the U.S. National Security Agency through a contractor’s home computer that was using antivirus software from the Moscow-based Kaspersky.
However, it hasn’t been confirmed and the article is based on unnamed sources.
“Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” said a NSA’s spokesman.
The sources claim that the hack occurred in 2015, but wasn’t discovered until the spring of last year.
“The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. Kaspersky says it has more than 400 million users world-wide,” writes WSJ. “The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government.”
Eugene Kaspersky denied that the company had anything to do with the breach and said the allegations sound “like the script of a C movie.”
“We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done,” said Kaspersky.
He then pointed blame elsewhere by implying that the Russian government hacked his lab.
“Even though we have an internal security team, and do bug bounties, we can’t give 100% guarantee that there are no security issues in our products, name another security software vendor who can!” said Kaspersky.
President Donald Trump has directed that federal government agencies no longer use Kaspersky’s products.
In September, the Department of Homeland Security said that is was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”.
Kaspersky denied being in collusion with the Russian government.
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” said the company in a statement.
Although the WSJ report indicates that Kaspersky’s software was comprised by hackers, this particular incident doesn’t connect the lab with the Russian government.
Author’s note: Since this article doesn’t name any sources and the NSA can’t comment on its legitimacy, it’s hard to say that there is some truth to this story. But if Kaspersky software is being exploited and hacked by the Russians to steal government secrets, these products should have been banned from federal agencies a long time ago. This is another example of a cybersecurity failure by the Obama administration.
Editor’s note: In light of this and the Equifax and Yahoo data breaches, the cyber security industry is due for a shake up. We are not yet sure who the winners and losers are, but it might be time to ease out of these stocks until to see a clear opportunity.