Russian hackers working for the Russian government were able to target and steal valuable information and documents from the United States National Security Agency by using software made by Russia-based security firm Kaspersky Lab, the Wall Street Journal reported.

The highly classified documents, which contained details about how the U.S. launches cyber attacks against foreign computer networks and defends its own systems against attacks, were taken from a contractor working with the American intelligence agency.

The apparent theft of NSA documents took place in 2015, though the NSA has not yet acknowledged the incident. The information was stolen after the NSA contractor moved classified documents to his home computer.

Kaspersky’s role in the breach is not entirely clear, but the report suggests Russian hackers were alerted to the apparent exposure of the documents after a scan was performed using the Russia-based firm’s anti-virus software.

When anti-virus software perform a scan, it will often send back telematics data to central servers belonging to the company. The servers for Kaspersky’s software may be located in Russia, where the government may have the ability to access the data.

Typically, telematic data transmission would be encrypted using SSL—a standard internet protocol that creates a secure connection between a user and a server to ensure data is transferred securely and cannot be intercepted.

Encryption protocols are typically secure but are not entirely foolproof and can be broken, which would allow an attacker to see the information being transferred across the connection. It is also of interest that Google researchers discovered an SSL vulnerability in Kaspersky’s antivirus software in November 2016.

The vulnerability would allow an attacker to carry out a brute force-attack against the secure connection and create a collision, which happens when two different files produce the exact same value. This would allow the attackers to redirect and intercept the information being transmitted.

Kaspersky confirmed the vulnerability and fixed it nearly two months after it was originally discovered. Tavis Ormandy, the researcher at Google who discovered the security exploit, wrote at the time that “it seems incredible that Kaspersky haven't noticed [the bug].”

In response to the report that its software was used to identify and steal sensitive U.S. documents, Kaspersky Lab said it “has not been provided any evidence substantiating the company’s involvement in the alleged incident.” The security firm said it was “unfortunate that news coverage of unproven claims” have continued to spread.

“We make no apologies for being aggressive in the battle against malware and cybercriminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests,” Kaspersky Lab said. “It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”

The cybersecurity firm has come under heavy scrutiny in recent months, especially from U.S. government agencies and officials. Last month, the U.S. Department of Homeland Security placed a ban on the use of security software made by Kaspersky Lab in federal agencies over fears of ties between the company and the Russian government.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” the company said.

Matt Morris, the vice president of strategy and products at NexDefense, told International Business Times he understands why some organizations may exercise caution when working with a foreign vendor but for the most part believes the concerns about Kaspersky are blown out or proportion.

"I’ve not seen or heard of any hard evidence that Kaspersky products were found to be doing anything other than its original intent," he said. "There’s certainly been a lot of speculation around Kaspersky, Russia, and the notion of cyberespionage, and whether or not that has a shred of truth or not, is really unclear at this point."

Morris noted that the directive to remove Kaspersky from government agencies but said it was unlikely the software was widespread within agencies in the first place. "This is probably more of an issue for consumers, given Kaspersky’s relative success in the past," he said. " When it comes to critical infrastructure, energy and manufacturing environments, which is really our specialty at NexDefense, I’ve rarely ever seen anything other than McAfee or Symantec deployed."

RELATED STORIES
Security Security Security Russia