Kaspersky Spotted Leak NSA Missed as Spy Agency Lacks ‘Good Handle’ on Security

© AFP 2022 / SAUL LOEBThe National Security Agency (NSA) headquarters at Fort Meade, Maryland.
The National Security Agency (NSA) headquarters at Fort Meade, Maryland. - Sputnik International
On Wednesday, Politico reported that Moscow-based Kaspersky Labs, which is banned on US government computers over spying fears, helped uncover in 2016 perhaps the single largest theft of US intelligence in history. Sputnik spoke with Kim Zetter, the author who broke the ironic story, about what happened.

Researchers at security software company Kaspersky Labs received some strange messages on Twitter in August 2016, messages that seemed connected to a huge theft of sophisticated US National Security Agency (NSA) hacking tools. After Kaspersky investigated and discovered the identity of the sender and reported their findings to the NSA, a subsequent search of the man's home uncovered two decades' worth of stolen data amounting to 50 terabytes' worth of classified material from NSA and other government offices.

Kaspersky Lab - Sputnik International
US NSA Uses Kaspersky Lab to Catch Hacker Then Bans Firm in Return - Reports

Harold T. Martin III had a top secret national security clearance and had worked for defense and intelligence contractor Booz Allen Hamilton and other contracting companies since the late 1990s. His career included jobs at the NSA and the Office of the Director of National Intelligence as well as a Defense Department office, Zetter noted in her article.

However now, as Martin is set to go to trial, the US government had been far from grateful to Kaspersky. Instead, Washington accused Kapersky of colluding with Russian intelligence to steal and expose classified NSA tools and banning the use of its services from US government computers. This, despite the fact that Kaspersky helped the NSA catch a colossal data theft its own security protocols had systematically failed to detect for decades.

Zetter, a prolific journalist who has contributed to Politico, the Washington Post, the New York Times, CNN, NPR and other outlets, is also the author of the book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon." She spoke with Radio Sputnik's Loud and Clear Thursday about the ironic situation.


NSA Headquarters, Fort Meade, MD. - Sputnik International
‘Unaccountable’: Mysterious NSA IT Contracts Might Outsource Global Surveillance
"Kaspersky didn't actually know that when they contacted the NSA," Zetter told Sputnik. "They didn't know that the contractor, Harold Martin, had 50 terabytes of government data in his home and car. All they knew was that there was something suspicious about him reaching out to them."

"So, back in August 2016, on August 13, one researcher at Kaspersky received two messages from an account that was later connected to Martin — it was an anonymous account, they couldn't tell who it was initially — and it was a strange message, because it started like as if they were in the middle of a conversation or as if they'd been talking previously, and it said, ‘thinking about arranging a conversation with Yevgeniy present,' and Yevgeniy presumably refers to Eugene Kaspersky, who's the CEO of Kaspersky Labs. It was quickly followed up by a second message that said, ‘shelf life three weeks,' implying that whatever this person wanted to discuss had a limited window of opportunity for it."

"And that was it. The researcher didn't initially see the messages," she explained, because the researcher didn't follow the account, so the message was sorted into a "request" folder you have to purposefully access in order to see. So the researcher didn't find it for three days.

Just 30 minutes after those messages were sent, though, a group called "Shadow Brokers" started posting classified NSA hacking tools online, Zetter told hosts John Kiriakou and Brian Becker.

Combination photo showing Reality Winner, the US intelligence contractor who pled guilty to leaking classified National Security Agency material is seen in these undated booking photos in Lincolnton, Georgia. - Sputnik International
Burned NSA ‘Election Hacking’ Leaker Pleads Guilty Under Espionage Act

Three days later, the researcher quickly put two and two together and did some online sleuthing. "They discovered the identity of the sender of these messages, who they could tell was working in the intelligence community," Zetter said.

"That triggered an alarm for them," she said. "Maybe this guy had some connection to the Shadow Brokers who were leaking NSA tools."

However, that connection has never been proven.

Upon receiving the relevant information from Kaspersky, the authorities "obtained a search warrant for his [Martin's] Twitter account and his home, and when they got to his home they found an estimated 50 terabytes of classified data at his home and [in his] car." However, Martin has only ever been charged with 20 counts of unauthorized retention of government data — never espionage.

An employee at the Kaspersky Lab office in Moscow - Sputnik International
Kaspersky Lab CEO: 'Despite Issues in US, We’re Showing Growth in Other Regions'

The close timing of the messages and the Shadow Brokers file drop was something Zetter couldn't dismiss, although she noted that "he doesn't offer them anything, he doesn't say he has anything in these messages to give them, and then as soon as the Kaspersky researcher replied, saying, ‘do you have a PGP encryption key and email address that you want to chat over,' the guy blocked him," and that was the end of their communication, she noted.

"So we don't really know what the intention of that correspondence was. A judge ruled that it was certainly suspicious, the timing of it and the nature of it, that it warranted a search warrant."

However, Zetter noted that perhaps all wasn't settled even in the question of who sent the messages in the first place. Perhaps Martin's account had been hacked by Shadow Brokers, she wondered?

"It kills two birds with one stone," she said. "You start leaking NSA tools, and then you also out an NSA worker at the same time." However, Zetter noted that there's no evidence Martin's lawyer is taking that defense.

Ransomware attacks global IT systems - Sputnik International
Science & Tech
'Masterpiece' Malware: Kaspersky Lab Detects Indestructible Computer Virus

The defense is, however, arguing that Martin is an obsessive hoarder. "They called him ‘a voracious reader' and ‘someone who is committed to excel at his job,'" Zetter noted, painting a picture of "someone who was narrow-mindedly focused on learning a lot of information that was of interest to him without really thinking through the consequences of this. He did this for 20 years."

Zetter wrote in her Politico article:

'It's irony piled on irony that people who worked at Kaspersky, who were already in the sights of the US intelligence community, disclosed to them that they had this problem,' said Stewart Baker, general counsel for the NSA in the 1990s and a current partner at Steptoe and Johnson. It's also discouraging, he noted, that the NSA apparently still hasn't ‘figured out a good way to find unreliable employees who are mishandling some of their most sensitive stuff.'

‘We all thought [Martin] got caught by renewed or heightened scrutiny, and instead it looks as though he got caught because he was an idiot,' he told Politico.

She told Sputnik this was because of the huge number of contractors used by the NSA and other intelligence agencies, a volume of comparatively transient workers who, like Martin, come and go regarding their need for access to sensitive or classified information.

"It's clear the NSA, and the government in general, doesn't have a good handle on securing, or even tracking" the removal of data, Zetter said.

To participate in the discussion
log in or register
Заголовок открываемого материала