sb-eu logo
Story image

Russian hackers steal from US government again – expert says US at fault

06 Oct 2017

Sensitive US cyber-defence data has been stolen from the National Security Agency (NSA) yet again.

First reported by the Wall Street Journal, Russian hackers stole classified data regarding NSA cybersecurity programs after breaching a personal computer used by an agency contractor in 2015.

According to reports, the breach seems to have been made possible through flaws in the Kaspersky anti-virus system that were taken advantage of to enable hostile actors to evade surveillance by the US government.

The contractor took the classified material home where Russian hackers promptly pilfered it by exploiting vulnerabilities in Kaspersky Lab software that was on his computer.

Last month the US government banned all use of Kaspersky Lab software in federal information systems as they reported there to be concerns about the Moscow-based security company’s ties to the Russian government.

Kaspersky rubbished these claims, denying ‘inappropriate ties with any government’ and stated the US government’s decision to be ‘based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.’

Despite these muddy waters, it is clear that regardless of an organisation’s policies, if an insider can still circumvent them whether intentionally or not, data will still be placed at serious risk.

Of course it was only last year that Harold Martin, a contractor for the NSA, was arrested after he knowingly took home documents and digital files that contained highly sensitive information. And before that we had Edward Snowden, who disappeared from his job as an NSA contractor in Hawaii only to reemerge in Hong Kong and then Russia after stealing and releasing a mountain of data on classified US data collection programs.

Head of product management at Huntsman Security, Piers Wilson says that in some ways, it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently.

“However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner,” says Wilson.

“In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported - yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen.”

Wilson says at the very least, these failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent.

“We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down,” Wilson says.

“Ultimately, without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen.”

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Lazarus Group linked to phishing attacks on cryptocurrency sector
In this case, the attacks were launched through a phishing document sent via LinkedIn to employees at the targeted organisation. This phishing document was styled to look like a job advertisement for a role in a blockchain company.More