'Very high level of confidence' Russia used Kaspersky software for devastating NSA leaks

Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers.

“That’s a Russian intelligence operation,” a former senior intelligence official, who requested anonymity to speak bluntly, told Yahoo Finance. “They’ve gotten a lot noisier than they used to be.”
‘A very high level of confidence’
In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.)

And last week the Wall Street Journal reported that U.S. investigators “now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored.”

Members of the computer security industry agree with that suspicion.

“I think there’s a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky … and it’s very much attributable,” David Kennedy, CEO of TrustedSec, told Yahoo Finance. “Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it’s legitimate.”

Dave Aitel, CEO of offensive-minded cybersecurity Immunity, previously explained that there is no “magical way where you can both show the evidence and protect sources and methods.”

After initial reports about the alleged Russian espionage through Kaspersky, the New York Times reported that Israeli officials monitored Russian government hackers as they scanned computers running Kaspersky software to find classified U.S. documents.

Aitel noted that “the Israelis have screenshots and keylogger dumps of this activity happening. To me that says they were watching it in real time. And they know exactly who was at the desk because if they have a keylogger, they know who’s logged in. They know a lot about the people involved, so we haven’t seen all of the information that the Israelis have.”

https://finance.yahoo.com/news/experts-link-nsa-leaks-shadow-brokers-rus...