Russian hackers stole top secret cybertools from a National Security Agency contractor in yet another embarrassing compromise for USA spy agencies, the Wall Street Journal reported on Thursday. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates USA national security".
Pursuant to the memo, federal contractors using classified information systems are being given a total of 90 days to have the products removed from their systems.
Members of Congress, however, slammed the spy agency for the latest in a series of breaches blamed not on its own employees, but on the vendors it uses in place of or in addition to them. "It's also important to note that Kaspersky Lab products adhere to the cybersecurity industry's strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the United States and around the world". The men and women of the U.S. Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem.
Thursday's news comes a month after the Department of Homeland Security directed all 430 departments, agencies and offices comprising the US government to rid their systems of any software made by Kaspersky Lab, one of the world's most renowned cybersecurity firms. On Sept. 28, 2017, the Defense Security Service (DSS) issued a memo directing all federal contractor participants in the National Industrial Security Program (NISP) who use classified information systems, to immediately implement a process for removing all Kaspersky Labs software and hardware being used in those information systems.
"Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the USA government wrongly believe the company or I or both are somehow tied to the Russian government", he recently wrote on his blog.
USA officials first became aware of the breach in the spring of 2016, which counts as the first known instance where Kaspersky's software has been exploited to provide access to sensitive US government data. It has denied that it is a catspaw for Russia's intelligence agencies or any other government. So the failure reported by the Journal might not amount to the loss of what intelligence workers might call "the keys to the kingdom".
Sen. Jeanne Shaheen, a New Hampshire Democrat, called on the Trump administration to declassify information about what she called the dangers of Kaspersky software.