More on Kaspersky and the Stolen NSA Attack Tools
Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky’s network and detected the Russian operation.
From the New York Times:
Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs and pulling any findings back to Russian intelligence systems. [Israeli intelligence] provided their NSA counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.
Kaspersky first noticed the Israeli intelligence operation in 2015.
The Washington Post writes about the NSA tools being on the home computer in the first place:
The employee, whose name has not been made public and is under investigation by federal prosecutors, did not intend to pass the material to a foreign adversary. “There wasn’t any malice,” said one person familiar with the case, who, like others interviewed, spoke on the condition of anonymity to discuss an ongoing case. “It’s just that he was trying to complete the mission, and he needed the tools to do it.
I don’t buy this. People with clearances are told over and over not to take classified material home with them. It’s not just mentioned occasionally; it’s a core part of the job.
handle_x • October 11, 2017 3:28 PM
” People with clearances are told over and over not to take classified material home with them. It’s not just mentioned occasionally; it’s a core part of the job. ”
AFAIK they (once upon a time?) were audited to maintain that, something about Leavenworth
// Overworked NSA TAO goon pours a third double, plugs in the wrong red thumb drive.
Automount. Autorun. KAV window pops up, scanning removable devices.
KAV in unobtrusive “silent mode” (no popups) dutifully executes a taskbar flash.
Virus definitions auto-update complete. CPU kicks up to 35% briefly, then back.
Default threat telemetry setting : yes
BaconFraud.exe : Uploaded
TurkeyMoney.MSI : Uploaded
PutinParty.gif : Uploaded
EffingMoron.zip : Uploaded
Heuristic file submission complete. “No active threats detected”
–idle–
Edge browser opens, facebook.com homepage opens. Autologin. “Hey, Michael!”
NSA OPSEC ensues.