Report: Hackers Stole NSA Cybertools In Another Breach Via Another Contractor

Enlarge this image toggle caption NSA Handout/Getty Images NSA Handout/Getty Images

Russian hackers stole top secret cybertools from a National Security Agency contractor in yet another embarrassing compromise for U.S. spy agencies, the Wall Street Journal reported Thursday.

The NSA contractor is believed to have taken highly sensitive official software home to a personal computer in 2015. His machine was running a Russian security program made by Kaspersky Labs, which can be exploited by Russia's intelligence agencies, the Journal reported.

The NSA declined to comment.

Members of Congress, however, slammed the spy agency for the latest in a series of breaches blamed not on its own employees but on the vendors it uses in place of or in addition to them.

At least three other contractors — Reality Winner, Hal Martin and Edward Snowden — also have been accused of hoarding or releasing NSA's secrets. An online entity called the "Shadow Brokers" also has tried to auction what it called software stolen from the NSA.

Nebraska's Republican Sen. Ben Sasse said he was tired of seeing the same headlines about failures of NSA's information security.

"The men and women of the U.S. intelligence community are patriots, but the NSA needs to get its head out of the sand and solve its contractor problem," Sasse said. "Russia is a clear adversary in cyberspace, and we can't afford these self-inflicted injuries."

Intelligence officials often stress that the NSA and its sibling agencies have a "layered" cyberdefense that is larger than any single tool or system. So the failure reported by the Journal might not amount to the loss of what intelligence workers might call "the keys to the kingdom."

Plus spy agency bosses have previously also said they would not run the Russian-made security software from Kaspersky Labs that the Journal said was associated with the loss of the hacking tools. In fact, Acting Homeland Security Secretary Elaine Duke said in September that she was banning the entire federal government from using Kaspersky.

Kaspersky Labs has millions of users around the world and is among NPR's corporate underwriters. It has denied that it is a cat's-paw for Russia's intelligence agencies or any other government.

New Hampshire Democratic Sen. Jeanne Shaheen said Thursday that the widespread use of Kaspersky software was no excuse for what she called the slow action by the U.S. intelligence community and the broader federal government.

"This development should serve as a stark warning, not just to the federal government but to states, local governments and the American public, of the serious dangers of using Kaspersky software," Shaheen said.

"The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It's astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States."