Story image

Russian hackers steal from US government again – expert says US at fault

06 Oct 17

Sensitive US cyber-defence data has been stolen from the National Security Agency (NSA) yet again.

First reported by the Wall Street Journal, Russian hackers stole classified data regarding NSA cybersecurity programs after breaching a personal computer used by an agency contractor in 2015.

According to reports, the breach seems to have been made possible through flaws in the Kaspersky anti-virus system that were taken advantage of to enable hostile actors to evade surveillance by the US government.

The contractor took the classified material home where Russian hackers promptly pilfered it by exploiting vulnerabilities in Kaspersky Lab software that was on his computer.

Last month the US government banned all use of Kaspersky Lab software in federal information systems as they reported there to be concerns about the Moscow-based security company’s ties to the Russian government.

Kaspersky rubbished these claims, denying ‘inappropriate ties with any government’ and stated the US government’s decision to be ‘based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.’

Despite these muddy waters, it is clear that regardless of an organisation’s policies, if an insider can still circumvent them whether intentionally or not, data will still be placed at serious risk.

Of course it was only last year that Harold Martin, a contractor for the NSA, was arrested after he knowingly took home documents and digital files that contained highly sensitive information. And before that we had Edward Snowden, who disappeared from his job as an NSA contractor in Hawaii only to reemerge in Hong Kong and then Russia after stealing and releasing a mountain of data on classified US data collection programs.

Head of product management at Huntsman Security, Piers Wilson says that in some ways, it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently.

“However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner,” says Wilson.

“In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported - yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen.”

Wilson says at the very least, these failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent.

“We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down,” Wilson says.

“Ultimately, without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.