Russian Hackers Targeted NSA Employee’s Home Computer

Russian Hackers Targeted NSA Employee’s Home Computer New reports today say it was a National Security Agency employee, not a a contractor, whose home machine running Kaspersky Lab antivirus was hacked for classified files. New reports on the latest NSA classified data breach revealed yesterday paint the source of the leak as an actual employee of the spy agency, not a contractor, as was originally reported by The Wall Street Journal.
国民技术股票分析:安全芯片产业领先,化合物半导体战略布局未来可
The Washington Post in its reporting described the NSA employee who loaded classified NSA files onto his home computer that in turn was hacked by Russian cyber spies in 2015, as a Vietnam-born US citizen who had been part of the NSA’s famed Tailored Access Operations (TAO) hacking team. The employee, who was removed from his position in 2015, was working on a project to create new TAO tools in the wake of former NSA contractor’s Edwards Snowden’s theft and leak of TAO tools in 2013; the new tools were among the files pilfered by Russian nation-state hackers.
A New York Times report also characterized the targeted man as an NSA employee.
Word of the breach first came yesterday in a Wall Street Journal report, which said the hack of classified cyberattack and defense tools occurred via Kaspersky Lab antivirus software on the NSA employee’s home computer, where the AV flagged the NSA cyberspying tools and code. The breach wasn’t detected until the spring of 2016, and wasn’t known publicly until the WSJ report.

Security experts say the reports raise more questions than answers about how the attack actually occurred. Matthieu Suiche, founder of Comae Technologies and an expert on the mysterious Shadow Brokers group, points out that it apparently took the NSA six months to discover the incident.
Suiche told Dark Reading that it’s “hard to say” if there’s a connection to the NSA exploits held and leaked by Shadow Brokers. He says he’s unclear how investigators tied the NSA data leak to the Kaspersky Lab software specifically, and whether the attacker had an exploit for the AV software.
“It can be a man-in-the-middle or even vulnerability itself” used to steal the files, he notes.
Read the Post’s latest on the breach here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
技术无法保护每一个人远离所有的安全风险,所以高明的信息安全经理会引导员工的安全思想,当员工自身积极主动地将安全当作工作中的重要一环时,安全的行为自不靠强制力量。
网上交友如何防范泄密?需要加强保密相关的安全意识教育,不和无关人员谈论涉密内容。

猜您喜欢

人民日报:第三方支付 有监管才有未来
移动金融服务中的信息安全问题实录
Cyber Security Law 网络安全法宣传视频系列001
国庆假日里的C919“美容师”
ORTOOPT ASSURANT
中国人到海外如何与当地文化、当地人民进行安全地沟通和融合: