Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    WSJ Report Says Russian Hackers Stole Cyber-Defense Details from NSA

    By
    Wayne Rash
    -
    October 6, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Word Flaw Cyber-Spy

      The Wall Street Journal has reported that Russian hackers were able to steal highly classified secrets disclosing how the U.S. government hacks into foreign networks, how it protects itself against cyber-attacks and what hacking tools it uses.

      The information reportedly came from a National Security Agency contractor who had taken the material home. The existence of the information may have been revealed through the contractor’s use of Kaspersky Lab security software.

      According to the report the theft happened in 2015, shortly before the hacking group Shadow Brokers began leaking similar information on the internet and before an NSA contractor, Harold Martin, was arrested for taking a massive supply of classified NSA documents home so he could work on them. At this point, there’s no clear link between any of these incidents beyond their timing and the nature of the information that was leaked.

      The apparent use of Kaspersky antivirus software may be significant, although it’s not clear what its role was in the data theft. The company has said that it has not, and would never, help any government, including the Russian government, hack into its customers computers.

      However, it’s possible that Kaspersky itself was compromised. In addition, when Kaspersky software runs an antivirus check, its aggressive approach to fighting malware includes copying files or portions of files and sending them back to company servers for further analysis.

      This copying process may have been exploited by Russian hackers or it may have been security analysts at Kaspersky who alerted Russian security researchers about the existence of the NSA data. This practice and suspected deeper connections to Russian intelligence services were the reason for the Department of Homeland Security banning the use of Kaspersky software throughout the government.

      However, DHS has not banned government employees or their families from using Kaspersky products at home and in this case the leak came from a home computer that the NSA files had been stored on and that also contained the Kaspersky software.

      There are several important things to know about this incident, assuming it happened as the Wall Street Journal said it did. First, the Kaspersky AV software does not appear to have played a role in the actual exfiltration of the classified data.

      Instead what appears to have happened is that the AV software indicated the existence of the NSA secret data, which told the Russian hackers what computer to penetrate and where to look. But the Russian hackers still had to break in to the computer and steal the data.

      There’s no reason to believe that Kaspersky was the only security software being compromised by Russian or other nation-state sponsored hackers. Because of the depths to which security software may go to search for malware, it’s entirely possible that similar software from other companies has also been compromised.

      But as worrying as these revelations are, the next question is whether they really affect you. The disturbing answer is that they likely do. Even if you’re not a government agency or even a contractor for one, it’s important to know that state-sponsored hackers will go to astonishing lengths to steal your data they’re very patient. In addition, they can find patterns in seemingly irrelevant data that can help them reach their goal.

      That means that if you run a small business, perhaps a dry cleaners or a hardware store, you can also be part of a state-sponsored hacker’s route for attacking its ultimate target. Just because you don’t do business with a government agency doesn’t protect you.

      You might handle the dry cleaning and laundry for the spouse of a government employee and a hack of your records can yield financial information such as credit card numbers. It can also provide information on the activities of that spouse that can yield intelligence benefits when combined with other information from elsewhere.

      If you do business with the government, then you’re a potential pathway for hacking into that agency and a possible route for exfiltration. Unless your connection to your government customer is secure enough, you could be the weak link that lets the bad guys in.

      As you might expect, it can get worse. A breach of your own customer records is a problem that concerns you directly. Whether it’s a breach of convenience while the hackers are going after the next step up the line, your customer records, credit card numbers and have still been compromised. Or it may be that the breach is being used to cover up the larger breach of your government customer.

      There are things you can do. One is to keep your customer data divided into different databases, so that no single breach will yield everything. Another is to require higher level of permissions to access certain types of data, such as credit card numbers.

      You can also encrypt as much of the data as possible. At the very least, the wide use of properly configured encryption will slow the hackers down enough that they’ll be encouraged to go elsewhere.

      And going elsewhere may be the best you can hope for. It’s unlikely that a commercial enterprise can stand forever against the concerted attacks by a state sponsored hacker, but at least you can send them to some other company. That might give you time to get out an alert, and to further lock down your files—and that’s far better than nothing.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×