Report: Russia hacked NSA documents with aid from antivirus software

The Wall Street Journal reported that Russia obtained classified information about how the U.S. military protects its computer networks and conducts electronic spying. The breach occurred when data was stolen by an NSA contractor, then hacked by Russia. Hari Sreenivasan speaks with The Wall Street Journal’s Shane Harris.

Read the Full Transcript


    There is new information today about Russia obtaining highly classified information about how the U.S. military protects its computer networks and how it conducts electronic spying.

    Hari Sreenivasan has that story.


    The Wall Street Journal reports on a web of breaches.

    First, classified material was stolen from the National Security Agency by a contractor. His computer was then hacked, and Russia took the sensitive data. The article doesn't say who the contractor was, but that he used Kaspersky Lab antivirus software, which is believed to be compromised by Russian intelligence.

    For more on all of this, we turn to Shane Harris, who broke the story, covering national security and intelligence issues for The Wall Street Journal.

    Shane, what do we know that was compromised? What do the Russians have?

  • SHANE HARRIS, The Wall Street Journal:

    Well, what we are told this is that was information that describes or deals with offensive and defensive computer network operations at NSA, so, basically the tools and techniques, the codes that the NSA would use to hack into foreign computer systems and the tools and techniques they use to protect computer networks inside the United States.

    This is very critical information that goes to what intelligence agencies call sources and methods, and it's the kind of thing that is most jealously guarded inside the NSA and is extremely classified.


    And the Kaspersky Lab software, that wasn't at his desktop at the NSA. This was at his home.



    What happened was the contractor removed this classified information unauthorized from his workplace and took it home, we are told, to work on it there, is what authorities believe, and loaded it on to a personal computer.

    And that computer was running the Kaspersky antivirus product. This is a commercially available antivirus product. Probably many watching this tonight may have it on their own home computers.

    And what authorities believe is that that system was then used to alert hackers in Russia to the files that were on his machine, which were then removed from it by Russia.


    So the software that is scanning his computer, looking for sensitive files, sends a message to Russia saying, hey, here is a sensitive file, and since they have some sort of a backdoor, they can access it?


    Well, there is a sequence here that we're still not entirely sure, but, essentially, yes, this is the idea, that it alerts people back in Russia, who are then able to take advantage, knowing what they know, from the software, then home in on this individual's computer and obtain this information.

    Now, it is important to say that Kaspersky says they do not provide any kind of access that is unauthorized or illegal, and they do not participate in computer operations of this nature, cyber-spying on behalf of governments.

    So there still is some question about the sequence of events. But what officials have concluded is that, if not for this Kaspersky product, they do not believe that this information would have been obtained.


    Now, just a couple of weeks ago, we had members of the Intelligence Committees — members of intelligence community sitting in front of the Senate panel. And when they were asked whether or not they would put this kind of software on their own computers, they unanimously said no.

    And it looks like the government's already taking steps to try to make sure that this software is not available to government agencies, right?


    That's right.

    In fact, last month, the Homeland Security Department issued a directive prohibiting all federal departments and agencies in the U.S. government from either buying these products and services from Kaspersky or using them. And they were told to get rid of them if they were using them.

    That is an extraordinary measure for the government to take. This is a product that is sold in America. It has been sold, been sold in big box stores. So that really underscored the extent to which officials, we're told, believed that this tool was being used to conduct espionage inside the United States.


    And let's talk a little bit about the timeline. When did this hack happen, I mean, given the context of all that we're investigating about Russia and their influence on the elections?


    What we know so far is that the incident itself occurred in 2015, but it wasn't discovered until the spring of 2016.

    So this would be before the election campaign really kicked off in earnest. But what is interesting about that spring 2016 period is that is when intelligence agencies now say that they were starting to detect the first signs of Russia beginning to interfere in the U.S. elections.

    Now, we don't know that there is a direct line between what was going on with this contractor and that activity, but it does appear that there may have to some degree been coincident, and that the activity against the contractor may have even preceded the Russian interference in the elections, and certainly preceded the period before which the U.S. government really became more alert to that.


    All right, Shane Harris of The Wall Street Journal, thanks so much.


    Thank you.

Listen to this Segment