WASHINGTON (Reuters) - Russian government-backed hackers in 2015 stole U.S. secrets on how to penetrate foreign computer networks and protect against cyberattacks after a National Security Agency contractor put highly classified information on his home computer, The Wall Street Journal reported on Thursday, citing unidentified sources.
The contractor used a popular antivirus software by Russia-based Kaspersky Lab that may have made it possible for the hackers to identify and target the contractor’s files, multiple sources told the Journal.
Experts consider the theft, which was not discovered until the spring of 2016, one of the most significant security breaches of recent years, the newspaper said, including details of how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the United States, the sources told the Journal.
Kaspersky Lab could not immediately be reached for comment. The Wall Street Journal quoted the firm as saying it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
The National Security Agency did not return a call for comment from Reuters.
U.S. Senator Ben Sasse, a member of the Armed Services Committee, chastised the spy agency in a statement: “It’s a lot harder to beat your opponent when they’re reading your playbook, and it’s even worse when someone on your team gives it to them. If these reports are true, Russia has pulled that off,” he said.
“...The NSA needs to get its head out of the sand and solve its contractor problem.”
The revelation comes amid increased scrutiny of Russian hacking of U.S. targets since the 2016 presidential election and the American intelligence community’s finding that Russians hacked Democratic groups’ computers and tried to sway the outcome in favor of Republican President Donald Trump.
Kaspersky Lab reaches 400 million customers globally and has vigorously denied it spies for the Russian government. The Journal said it was the first known incident of Russian hackers using Kaspersky software to spy on Washington.
The Department of Homeland Security on Sept. 13 banned Kaspersky products in federal networks and the U.S. Senate approved a bill to ban them from use by the federal government, citing concerns the company may be a pawn of the Kremlin and poses a national security risk.
DHS did not immediately return a request for comment.
Reporting by Dustin Volz, Jim Finkle, Warren Strobel; writing by Doina Chiacu; Editing by Cynthia Osterman