The Wall Street Journal reports today that Russian hackers stole documents detailing how US agencies defend their networks against cyberattacks, how they breach foreign networks and the computer code they use to do so. Sources told the publication that the stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his come computer.
The theft, discovered last spring, occurred in 2015 and those familiar with the incident told the Wall Street Journal that having this information could help inform Russian officials how to protect their networks against the NSA and possibly how to break into US networks. The NSA hasn't confirmed this breach, and Kaspersky Lab told the Wall Street Journal that it "has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation."
Whether Kaspersky itself played a role in the breach is unclear as is how its antivirus software pinpointed the NSA documents. But Kaspersky Lab and its software have been a major focus of US government investigations this past year following Russian-led hacks into US election systems and political candidate networks. In June, the Senate proposed a bill that would ban the Department of Defense from using Kaspersky software and a US House of Representatives committee began looking into a number of agencies' use of the company's products this July. In August, reports surfaced that the FBI was actively warning companies against using Kaspersky software, which Best Buy stopped selling last month. And recently, the US government went ahead and banned the software in all federal agencies.
The contractor that opened the documents up to the hackers isn't thought to have done so purposefully though he would have known that removing the material was against NSA policy. It's unclear if he's still employed by the NSA or if he's set to be hit with criminal charges. Sources say the investigation is ongoing.