from Hacker News

Russian Hackers Stole NSA Data on U.S. Cyber Defense

by NwmG on 10/5/17, 4:52 PM with 193 comments

  • by indubitable on 10/5/17, 6:31 PM

    I find these allegations are deserving of some scrutiny. The entire story is quite bizarre when you begin to consider it. The NSA is apparently leaking like a broken pipe with this information. And it's peculiar because this is information that makes our intelligence agencies look completely inept. That is a very good thing if this story is fake, but a very bad thing if its true.

    It is stupefying that NSA contractors/employees would be genuinely copying classified information that is heavily related to national security, and then just loading it up on their personal Windows PC with no apparent encryption or access controls. For instance why in the world wouldn't they have OS level software restricting read access of a certain secure partition (or removable media) to a specific whitelist of processes? Or why wouldn't they use an airgapped machine? Then there are issues like the NSA being so anxious and happy to leak this information, and then them indirectly 'wink wink' confirming it publicly completely destroying the purpose of we don't comment on speculation --- when you start commenting on certain speculation, it indirectly says something about other speculation that you actually choose not to comment on. They're also seemingly unconcerned that somebody is leaking information that, if true, shows the NSA to be incompetent and also exposes attack vectors for enemy actors. There are also things like Kaspersky previously volunteering to provide complete source access to the government. Our government declined the offer. How does this make sense?

    Since Iraq I have become much more critical of pretty much everything. Our media and our government lied to generate a case for war. And I feel lately that they are now trying to build a case for some sort of conflict, presumably cold, against Russia. Or at the minimum start Red Scare 3.0. I have no idea why they would want to do this, but I tend to abide Occam's razor, and this all being true requires a lot more effort than this just being "Yellowcake 2.0."

  • by runesoerensen on 10/5/17, 5:24 PM

    Kaspersky preempting (presumably) this story:

    "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats"

    https://twitter.com/e_kaspersky/status/915946040561487875

    Edit: Kaspersky press release https://usa.kaspersky.com/about/press-releases/2017_kaspersk...

  • by killjoywashere on 10/5/17, 6:46 PM

    I'm going to go out on a limb and propose a hypothesis:

    The DoD's hyper-innefficient contracting system rewards DC insiders and effectively limits the department's ability to invest where investment is needed while draining the public coffers of unfathomable amounts of money.

    The DoD's hyper-ineffective personnel system inhibits personal development while at the same time making it nearly impossible to move laterally within the organzation, thus preventing thousands of experts in many fields (that is, many thousands of experts) from self-organizing into effective functional units.

    These two issues have made the DoD ripe for attack in the digital domain, an area that has nothing to do with their other core missions areas which are all organized around delivering kinetic energy to adversaries.

  • by uptown on 10/5/17, 4:56 PM

  • by iloveluce on 10/5/17, 5:18 PM

    I hope NSA is doing the same with Russian Cyber Defense systems. This is what NSA should be focused on and not on turning its eavesdropping capabilities towards the homeland.

    What if an adversary where to hack the NSA warehouses were all communications swept up by their eavesdropping efforts are stored?

  • by deeth_starr_v on 10/5/17, 10:39 PM

    Count me as a skeptic on this one. NSA employee/contractor takes home classified docs and I am assuming hacking tools, Kaspersky detects the hacking tools and uploads them to Kaspersky, Kaspersky determines it's NSA tools, notifies the Russian government, Russian government hacks the computer and gets all files. Then somehow NSA is able to deduce all this information. I'm not saying this is not possible, but I think their level of conviction on this is too high. A home computer is not going to have access logs. So let's say they see NSA malware in the Kaspersky quarantine folder, and there is also other malware on the computer. They of course have to assume the worst, that Russia got all the files. But they are making a couple big logical jumps without proof. This article is just to sketchy on details for me to take it credibly.

    Makes me think of the claim Cuba is using some kind of new radio brain weapon on US consulate workers in Cuba.

  • by mhkool on 10/5/17, 7:33 PM

    Remember the Chinese network equipment allegations? The agencies said hey had backdoors. That was never proven but what we know is that the agencies had access over nearly all Cisco equipment.

    Now Kaspersky is the next 'unsafe' non-American company... There are only allegations from an unreliable source: the agencies have lied regularly.

    I am convinced that there is an anti-Kaspersky campaign since the agencies 'like' the American antivirus vendors a lot more. I bet the agencies have ways to spy on users of American antivirus vendors.

  • by austincheney on 10/5/17, 5:19 PM

    Another damn NSA contractor took confidential information home. Epic fail.

  • by cl289 on 10/5/17, 11:35 PM

    WWCS (What would Clapper Say):

    Nov 15, 2017, to Congress: "I can categorically deny that there were any leaks of this nature during my tenure as Director of National Intelligence."

    June 22, 2020: "Well, yes, I did say at the time that I denied it. But I said 'categorically denied'- that is to say, under certain conditions, or categories, this could be denied. That is what I meant and I stand by that. I also used the word 'can,' which is a sort of conditional; look it up in your grammar books. I did not say 'I do deny,' but 'I can deny.' There are conditions that might allow one to deny this assertion: i.e. what exactly is a Russian, what does it mean to leak, or to have leaked, or to have an inadvertant leak. That is what I meant and I stand by that also."

  • by ericfrederich on 10/5/17, 5:43 PM

    This came up in congress a couple weeks ago didn't it? I think Rubio had mentioned Kapersky it knowing that it was a public hearing... some speculated that this was perhaps because he was privy to some classified things he couldn't say publicly but wanted to get the word out that they can't be trusted.

  • by random023987 on 10/5/17, 6:37 PM

    Government drone copies NSA malware onto a system with Kaspersky security software installed for the purpose of detecting malware.

    Brilliant

  • by jakelarkin on 10/5/17, 6:00 PM

    how Kaspersky was ever thought to be "okay" in the US enterprise/government market has always been perplexing to me. Antivirus, something which literally inspects all of your files and network activity, made in the country that's a hotbed of blackhat activity and home one of the most aggressive cyber-espionage militaries outside the US. yea okay great, sign me up.

  • by pasbesoin on 10/5/17, 6:30 PM

    Sorry. I have a point -- towards the end. Even if it's one that gets me downvoted:

    In my personal life, I've been wrestling with the decision to "do the right thing" and, for example, pay for digital media I consume. Help a friend in need, who doesn't really reciprocate (because, "the children", among other things). Purchase the health care insurance that takes away money I could otherwise spend on immediate treatment.

    In each area, I've felt increasingly screwed over.

    Shrinking catalogs, and money I paid spent on lawyers ensuring ever-greater rent-seeking as opposed to actual access to content.

    My friend's health on the rebound, while mine has suffered, including from the depression induced by their abandonment of our friendship once I was, apparently, no longer necessary.

    A health care system that keeps jacking prices and trying also by legislative manipulation to push me out the door of coverage, regardless of my best efforts to work with it.

    In all these matters, I'm coming to think that part of my failed response comes down to a simple matter: Don't pay. Stop paying the very systems and people that or who are screwing you over.

    So, here we have the NSA, that is (who are) ever more showing themselves to be incompetent with regard to what we hope they would accomplish, and outright aggressive and abusive with regard to us and matters that we consider commercial contract law, not their business, distracting rather than helpful, etc.

    Helping prop up private IP rights and rent-seeking. Domestic spying. Accumulating so much data on everything that they can't see the needle for the haystack -- so, grow the haystack!

    I'm hardly one of these bullsh-t "Conservative" (that's with a big "C", to differentiate from the actual noun/adjective, "conservative"), "shrink/starve the government" types. Government plays an essential role: It is the definition of our collective organization and governance.

    But in some areas, I really want to say, let's simply stop paying for this shit.

    Because when we pay for it, we only make it stronger. Not the effective governance we aspire to. Instead, this incompetence that also threatens aggression against its own society.

  • by campuscodi on 10/5/17, 9:14 PM

    Has anyone else noticed the influx of anti-Russia articles on the WSJ lately?

  • by 52-6F-62 on 10/5/17, 6:43 PM

    Is it just me, or is this possibly related to the Vault 7 materials on Wikileaks, and thus the WannaCry attacks that brought the NHS to its knees this past year?

  • by codedokode on 10/5/17, 7:00 PM

    I remember that Kaspersky helped to investigate some of cyberattacks perfromed allegedly by western agencies. Could not these articles be a part of revenge campaign to punish them?

    And another thought, if we cannot trust foreign AV software, does it mean that every country must have at list one national AV product? Or maybe it would make sence to make some special API for AV software so that it can check files and processes but cannot send data to the Internet?

  • by jpelecanos on 10/6/17, 1:39 AM

    For whom do those hackers specifically work for (SVR, GRU, or Spetssvyaz)?

  • by blackflame7000 on 10/5/17, 10:08 PM

    Does anyone really think the NSA isn't trying to hack the Kremlin as well?

  • by NN88 on 10/5/17, 6:38 PM

    Putin is screwed the minute Trump leaves.

  • by igivanov on 10/5/17, 5:46 PM

    No confirmation from the NSA, only "leaks" from anonymous "multiple people with knowledge of the matter."

    How do we know it's not another piece of fake news riding the wave of "Russia did it"?

  • by tryingagainbro on 10/5/17, 5:17 PM

    NSA /CIA and our National Security is as secure as the weakest link. They need not be traitors, just people that got too complacent...while Russia never sleeps (Like NSA does when Russians and others screw up.)

    It isn't easy but if tens of thousands people have access to something, it's just a matter of time. And they need access "to connect the dots" so it's a losing game.

  • by mozumder on 10/5/17, 5:21 PM

    "An NSA contractor brought home documents about U.S. offensive cyber capabilities.

    He used Kaspersky on his home computer.

    Russian government hackers stole the documents."

    https://twitter.com/ericgeller/status/915983591737319427

    So, yah, avoid Kaspersky AV software.