SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Russian hackers steal from US government again – expert says US at fault
Fri, 6th Oct 2017
FYI, this story is more than a year old

Sensitive US cyber-defence data has been stolen from the National Security Agency (NSA) yet again.

First reported by the Wall Street Journal, Russian hackers stole classified data regarding NSA cybersecurity programs after breaching a personal computer used by an agency contractor in 2015.

According to reports, the breach seems to have been made possible through flaws in the Kaspersky anti-virus system that were taken advantage of to enable hostile actors to evade surveillance by the US government.

The contractor took the classified material home where Russian hackers promptly pilfered it by exploiting vulnerabilities in Kaspersky Lab software that was on his computer.

Last month the US government banned all use of Kaspersky Lab software in federal information systems as they reported there to be concerns about the Moscow-based security company's ties to the Russian government.

Kaspersky rubbished these claims, denying ‘inappropriate ties with any government' and stated the US government's decision to be ‘based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.'

Despite these muddy waters, it is clear that regardless of an organisation's policies, if an insider can still circumvent them whether intentionally or not, data will still be placed at serious risk.

Of course it was only last year that Harold Martin, a contractor for the NSA, was arrested after he knowingly took home documents and digital files that contained highly sensitive information. And before that we had Edward Snowden, who disappeared from his job as an NSA contractor in Hawaii only to reemerge in Hong Kong and then Russia after stealing and releasing a mountain of data on classified US data collection programs.

Head of product management at Huntsman Security, Piers Wilson says that in some ways, it is genuinely shocking that the NSA has allowed a contractor to expose vital US cyber-defence data like this, albeit apparently inadvertently.

“However despite its focus on security it seems to be a perennial risk, even after Snowden and Reality Winner,” says Wilson.

“In any organisation, let alone the NSA, it would be nice to think that such sensitive information is being closely monitored when it is used, accessed, processed and exported - yet time and again businesses and government agencies allow data to walk out the door, and in this case turn up on a home computer from where it got stolen.

Wilson says at the very least, these failures should be a reminder to all organisations how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent.

“We can only reiterate that it is vital to have better visibility into what staff and contractors are doing with sensitive material, at all security levels from the NSA down,” Wilson says.

“Ultimately, without systems in place that can identify things like someone extracting sensitive information, irresponsible use of removable media or email, large scale exports of data and immediately flag it up to security analysts who are able to take action, these types of breaches will continue to happen.