If these reports are true, Russia has pulled that off," said US Senator Ben Sasse (R-NE), who is on the Senate Armed Services committee."The men and women of the US Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem.
Martin was indicted in February and faces prison time for removing top-secret files from his employer's workplace, if convicted. "Whether the information is credible or not, NSA's policy is never to comment on affiliate or personnel matters," an NSA spokesperson said.The Even with that, there are critics saying it doesn't go far enough.The Electronic Frontier Foundation (EFF) says that most importantly, it doesn't stop the NSA from collecting data on innocent people.The antivirus may have identified Uncle Sam's powerful exploit code samples on the home PC, and flagged them up to Kaspersky's customers, possibly all the way to the FSB, Russia's security services.Following this alert, Russians agents could have tracked down the NSA employee's machine and remotely commandeered it.It is alleged Kremlin hackers exploited the security package in one way or another to identify those sensitive files and exfiltrate them.
In effect, it means the Russian government has copies of the NSA's tools used to exploit vulnerabilities in computer systems and equipment to spy on other nations and targets.
In a blog post today, Eugene said all his customers are warned when new software nasties are discovered by his antivirus tools: Re: Kaspersky and NSA exploit leak story.
@e_kaspersky says detected malware is flagged up to *all* clients. https://t.co/bt0h7hvm VE pic.twitter.com/5CIm W1t6PF — The Register (@The Register) October 6, 2017 Kaspersky also provides real-time analysis to the FSB, meaning the software may have automatically tipped off the Kremlin to the presence of the highly guarded Western attack code on the NSA worker's home PC.
The WSJ's sources didn't say if Kaspersky was actively involved in helping hack the staffer's computer, nor whether President Putin's spies exploited vulnerabilities in the security software to silently swipe the exposed documents.
Don't forget, there are a lot of exploitable holes in antivirus packages for hackers to abuse.
It is also possible, under Russian law, the Kremlin instructed staff within Kaspersky to hijack the mark's computer and extract its contents.