Russian Hackers Used Kaspersky Software to Steal NSA Data on U.S. Cyber Defense

An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs / Getty Images

 

Russian hackers stole data belonging to the National Security Agency about America’s cyber defense from the home computer of a U.S. government contractor, according to people familiar with the matter.

The material was highly classified and was identified by the hackers since the contractor was using Russian Kaspersky Lab antivirus software, the Wall Street Journal reports. Continue reading →

N.S.A. Contractor Arrested in Possible New Theft of Secrets

WASHINGTON — The F.B.I. secretly arrested a National Security Agency contractor in recent weeks and is investigating whether he stole and disclosed highly classified computer code developed to hack into the networks of foreign governments, according to several senior law enforcement and intelligence officials.

The arrest raises the embarrassing prospect that for the second time in three years, an insider has managed to steal highly damaging secret information from the N.S.A. In 2013, Edward J. Snowden, who was also a contractor for the agency, took a vast trove of documents that were later passed to journalists, exposing N.S.A. surveillance programs in the United States and abroad.

The contractor was identified as Harold T. Martin III, 51, of Glen Burnie, Md., according to a criminal complaint filed in late August. He was charged with theft of government property, and unauthorized removal or retention of classified documents. During an F.B.I. raid of his house, agents seized documents and digital information stored on electronic devices. A large percentage of the materials found in his house and car contained highly classified information.

Continue reading →

How Russian Hackers Stole the Nasdaq

In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading →