In a recent report by The Wall Street Journal, it was made public that Russian hackers managed to steal valuable, highly-classified data from the United States' National Security Agency (NSA). The breach was described as "one of the most significant security breaches in recent years."
Antivirus fiasco
It is also interesting how the breach took place. Apparently, a contractor took some of the highly-classified files and stored them on his home computer.
Now, normally, hackers working for the Russian government would not have identified the contractor's home computer as a target.
However, according to the article, identification was made possible because the said contractor was using Kaspersky Antivirus to protect his computer. The popular Russia-based antivirus software scanned the files and decided that they should be sent over to their servers.
"It's an embarrassing breach for the NSA," says a recent report by The Verge.
They add that the NSA has been having trouble with contractors ever since the leaks by computer professional Edward Snowden. There was Harold Martin, who similarly took home classified NSA files in 2016. There was also Reality Department, a contractor charged with leaking classified documents that pertain to the Russians' involvement in the U.S. elections.
The question remains whether the Russian hackers were working with Kaspersky, or whether it was a deliberate attack.
"It’s unclear whether the company was aware of the attack," Russel Brandom form The Verge writes. They note that antivirus software routinely sends files and reports to their servers ("telematics data") — which, in the case of Kaspersky, may be located in Russia.
Of course, the files sent over have a level of encryption so that breaches like these do not happen. Still, if the Russian hackers managed to break the SSL encryption, they would have been able to access the files without alerting the contractor or even the antivirus company.
Kaspersky's vulnerability
While the actual details of the file access are unknown, breaking through the files' SSL encryption is perhaps the most likely scenario.
According to the same article by The Verge, researchers at Google have already identified an "SSL interception vulnerability" in Kaspersky's antivirus software last year.
Kaspersky denied their involvement in the breach. The founder of the antivirus company responded to the news in a tweet, dismissing it as a mere rumor and a "new conspiracy theory."
Meanwhile, the sale of the software is banned for use by the US Government. Similarly, the FBI discouraged the use of Kaspersky in the private sector.
