Russian cyber firm hounded in US helped NSA bust 50TB data breach – report

Kaspersky Lab may be portrayed by the US media as an extension of the Russian government using its antivirus software to snoop on gullible Americans, but in 2016 it helped the NSA to bust a massive security breach.

Harold T. Martin III is currently standing trial for abusing his job as an NSA contractor and taking home an estimated 50 terabytes of data from several US government offices over a two-decade period. The data includes some of the NSA’s most sophisticated hacking tools – which were also sold by a group called the Shadow Brokers and repurposed by several high-profile attacks throughout the years.

But Martin’s arrest by the FBI in 2016 didn’t come as a result of the US government ramping up security procedures and rooting out potential moles and leakers. Rather it came after a tip-off from the Moscow-based cybersecurity firm Kaspersky Lab, which got alerted by five cryptic messages sent by Martin to two of its employees.

Eugene Kaspersky, Chief Executive of Russia's Kaspersky Lab ©  REUTERS/Maxim Shemetov

The Russian firm "linked the Twitter account to Martin and his work in US intelligence community," Politico reports, then a Kaspersky employee sent the five messages, and the evidence that identified the sender, to an NSA official.

The tip-off came shortly after the Shadow Brokers began offering to sell the tools designed by the NSA, and attributed to an Equation Group by the cybersecurity community after their first public discovery. It’s not clear if Martin and the Shadow Brokers had any link, but since the group continued operations after the man’s arrest, they are not the same.

“We all thought [Martin] got caught by renewed or heightened scrutiny, and instead it looks as though he got caught because he was an idiot,” Stewart Baker, general counsel for the NSA in the 1990s, and a current partner at Steptoe and Johnson, told the website.

“It’s irony piled on irony that people who worked at Kaspersky, who were already in the sights of the US intelligence community, disclosed to them that they had this problem,” he added.

Irony indeed. Kaspersky Lab itself was accused of stealing some of the Equation Group tools from an NSA employee through its antivirus software. The company denied the accusations, but it fell on deaf ears as its suite was banned on US government computers and its name was marred by the US media.

The employee the tools were stolen from was later identified as Nghia Hoang Pho, and he too stood trial for doing pretty much the same thing as Martin – taking sensitive NSA data home. At his home computer the kit was identified as malware by Kaspersky Lab’s antivirus and automatically uploaded to the company’s secure network for dissection and analysis.

But then Israeli government hackers breached Kaspersky Lab, found the American cyber weapons and alerted friends in Washington that the Russians were up to no good. By 2016 the Russian company was flagged as a major national security threat. If exposing Martin won it any goodwill with the Americans, it’s not obviously apparent.

“I'm sure the people at Kaspersky are feeling as though they did the right thing and it did them no good,” Baker commented to Politico.