Sources: hackers stole NSA data on US offensive and defensive cyber capabilities from a contractor's laptop in 2015, likely via Kaspersky software
This Time with Kaspersky's Help Associated Press : Report: Russian hackers target secrets taken by NSA worker Steven Musil / CNET : Russian hackers reportedly stole NSA cyber secrets in 2015 Gareth Halfacree / bit-tech.net : Kaspersky denies involvement in alleged Russian NSA breach Patrick Semansky / Nextgov : Kaspersky software provided an inroad for Russian hackers … William Gayde / TechSpot : Russia stole classified NSA cybersecurity data through Kaspersky software installed on home PC Joe Uchill / The Hill : Russian hackers stole NSA tools using Kaspersky antivirus: report Philip Ewing / NPR : Report: Hackers Stole NSA Cybertools In Another Breach Via Another Contractor Inés Casserly / The Next Web : Hackers may have stolen NSA data via Russian-owned antivirus software Rhett Jones / Gizmodo : Kaspersky Under Scrutiny in New Revelations About NSA Security Breach Maya Kosoff / Vanity Fair : Russians Reportedly Used Anti-Virus Software to Steal U.S. Cyber-Weapons Karissa Bell / Mashable : Russian hackers reportedly used popular antivirus software to steal NSA data Mallory Locklear / Engadget : Russian hackers reportedly stole NSA cyber defense material Iain Thomson / The Register : Russian spies used Kaspersky AV to hack NSA contractor, swipe exploit code - new claim Muhammad Jarir Kanji / Neowin : Report: Russian hackers stole sensitive NSA information on US cyber defense Russell Brandom / The Verge : Russian hackers used Kaspersky software to find vulnerable NSA docs, says report Stephanie Condon / ZDNet : WSJ: Kaspersky software likely used in Russian-backed NSA breach Chris Mills / BGR : Russian government hackers stole the NSA cyber defense plan, report claims Jonah Bennett / The Daily Caller : Russian Hackers Breached The NSA Through Russian-Made Antivirus Software Michael Harthorne / Newser : NSA Contractor Brought Classified Info Home. Russians Got It: Report Devin Coldewey / TechCrunch : Russian intelligence reportedly breached the NSA in 2015, stealing cybersecurity strategy Shannon Vavra / Axios : Report: Russia stole data from NSA on U.S. cyber defense, capabilities Tweets: Nicholas Thompson / @nxthompson : The NSA should just be renamed as National Secrets Available. http://www.wired.com/... @wired : 3 times in 3 years, one of the world's most secretive and powerful agencies has been undone by its own employees http://www.wired.com/... Kim Zetter / @kimzetter : After NSA/gov talked about great harm from Snowden leaks, contractor who was helping them recover that harm took tools home and got hacked https://twitter.com/... Yashar Ali / @yashar : 3. Kaspersky tweeted this out before the story came out. http://twitter.com/... Joseph Cox / @josephfcox : The NSA contractor in the Kaspersky story is the same mysterious one reported earlier this year. Vietnamese TAO https://www.washingtonpost.com/ ... pic.twitter.com/418VpkX3Qu Eugene Kaspersky / @e_kaspersky : New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats Marc Ambinder / @marcambinder : Journalists who think their personal computers are safe need to understand the risks too. Foreign governments target you, too. #ascj http://twitter.com/... Carol Lee / @carolelee : “The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks” http://twitter.com/... Natasha Bertrand / @natashabertrand : .@BenSasse on Russia's NSA hack: “The NSA needs to get its head out of the sand and solve its contractor problem.” http://www.wsj.com/... http://twitter.com/... Thomas Rid / @ridt : That story on *a third* major NSA contractor leak is big. And it raises more questions than it answers — http://www.wsj.com/... Shane Harris / @shaneharris : NEW: Russian gov't hackers exploited Kaspersky to steal highly-classified info from an NSA contractor. https://www.wsj.com/... Kevin Beaumont / @gossithedog : For record, there's again no evidence re Kaspersky. It is evidence NSA continues to practice poor security+ doesn't realise data is leaking. Kim Zetter / @kimzetter : Note that story doesn't say Kaspersky helped Russian hackers — just that hackers leveraged the software to find valuable files on computer https://twitter.com/... @emptywheel : Also consider the implications of the story, as told. Kaspersky knew NSA had a leak TWO YEARS before NSA did. Oh, okay then. @emptywheel : Manning leak: BLAME MANNING Snowden leak: BLAME SNOWDEN Hal Martin breach: BLAME MARTIN Conveniently leaked breach: BLAME KASPERSKY Matthew Green / @matthew_d_green : Based on the DoDs actions recently they clearly either believe Kaspersky did this, or they're straight up maliciously lying to hurt them. Pwn / @pwnallthethings : But if it's just signatures on NSA implants and NSA exploits, then this is Kaspersky just doing its job, and not at all a Kaspersky-Russia thing. Pwn / @pwnallthethings : OK there are a lot of major stories buried in this major story https://www.wsj.com/... @brianhonan : Interesting to see @kaspersky implicated in this https://twitter.com/... Kim Zetter / @kimzetter : So now we know why the US gov has banned Kaspersky software on gov laptops - http://on.wsj.com/2z0AtgV pic.twitter.com/L1BgT3YnHh Greg Greene / @ggreeneva : It's like an ongoing data-security Chernobyl these days in the U.S., and nobody knows what the eff to do. https://www.wsj.com/... Pwn / @pwnallthethings : The key question is what triggered the Kaspersky APT investigation. Was it bc he's an NSA employee? Looking at docs? If so, Kaspersky is toast. Kim Zetter / @kimzetter : Also note @taviso has found multiple vulns in Kaspersky antivirus software as well as av software of other firms - http://bit.ly/2fNthMU https://twitter.com/... Pierre Omidyar / @pierre : Shocking that two years after major leaks security wasn't tighter. Also shocking an agent would trust a malware scanner on same computer. https://twitter.com/... Dave Kennedy / @hackingdave : Article not fully explaining - were they able to pull + retrieve files off of said computer without user interaction or through normal scan? Dan Guido / @dguido : KAV exfils a list of files, which are reviewed by an automated process or a team of humans looking for classified info. pic.twitter.com/a1ApnOXuAj Dan Guido / @dguido : A short time later, KAV “wakes up” and starts sucking up all the classified docs on the contractor's home PC. pic.twitter.com/rOix37VzAL Natasha Bertrand / @natashabertrand : This tweet makes far more sense now. WSJ reports Kaspersky software was exploited by Russian hackers to spy on NSA https://www.wsj.com/... https://twitter.com/... Pwn / @pwnallthethings : Tbh, this sounds less like Kaspersky doing surveillance for the Russian government, and more like them doing basic tracking of APTs. Nicole Perlroth / @nicoleperlroth : For such a skeptical community, Infosec people were willing to keep an open mind re Kaspersky because of high caliber researchers. It's done https://twitter.com/... Chris Bing / @bing_chris : -NSA contractor brings classified docs home -Is running Kaspersky, so docs are picked up from PC -Russia gets docs https://www.wsj.com/...