NSA data thief caught by Kaspersky, not US officials
Report claims the Moscow-based company was contacted by Harold Martin hours before data appeared online
Kaspersky Lab reportedly played a major role in the arrest of the prolific NSA data thief at a time when the company is facing increasing pressure from the US over its alleged ties to the Russian government.
The revelation suggests that the arrest of Harold T. Martin III, a former NSA contractor, was the result of a tip-off from Kaspersky rather than through the US government's own monitoring systems.
The arrest relates to the theft of 50 terabytes of NSA and government data over a 20-year period, believed to be the largest ever breach of classified material in US history. The stolen data also included some of the NSA's most sophisticated hacking tools.
Two sources close to the case told Politico reporters under the condition of anonymity that the Moscow-based security company received strange Twitter messages back in 2016 from an account linked to Harold T. Martin III, a former NSA contractor.
The messages in question refer to two tweets made in August 2013. The first one requested a conversation with 'Yevgeny' who is believed to be Kaspersky Lab CEO Eugene Kaspersky, whose given name is Yevgeny Kaspersky. The reason for the conversation wasn't given but a second tweet swiftly followed saying "Shelf life, three weeks", suggesting that the offer was for a limited time only.
As a result, Kaspersky is said to have shared its intelligence with the NSA, which prompted Martin's arrest and a raid on his Maryland home in late December.
In the ruling against Martin, US District Court Judge Richard Bennett wrote: "The Defendant's Twitter messages ... were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online content-sharing sites, including Twitter."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The stolen classified files were released by a group known as Shadow Brokers and others were later auctioned for the price of $1 million bitcoin.
"Although the Defendant's Twitter messages could have had any number of innocuous meanings in another setting," Bennett added, "these allegations regarding the context of Defendant's messages provide a substantial basis for the Magistrate's conclusion that there was a 'fair probability' that evidence of the crime of Theft of Government Property ... would be found in information associated with the Defendant's Twitter account."
Martin was charged with 20 felony charges, pleading guilty to one in court late last year.
The news is particularly shocking considering the US government has expressed concerns that Kaspersky software could be a point of vulnerability in US defences given suspected close ties to Moscow. US officials alleged that the FSB was using Kaspersky's software to illegally spy on the US government, and as a result, a ban was placed on the use of Kaspersky products in government systems.
Kaspersky has always maintained is innocence and independence from any government state.
"Kaspersky Lab is disappointed with the Court's decisions on its constitutional challenges to the U.S. Government prohibitions on the use of its products and services by federal agencies," the company said in a statement following the company's court appeal to overturn the ban.
"Since the company's inception over 21 years ago, it has always abided by the highest ethical business practices, and through our recently launched Global Transparency Initiative, Kaspersky Lab is exemplifying its ongoing commitment to assuring the integrity and trustworthiness of its products. Kaspersky Lab reaffirms that it has never, nor will ever, engage in cyber offensive activities, and the Court's decision does not conclude otherwise."
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.