US security secrets stolen in Russian NSA hack: reports
Hacking tools allegedly snatched when worker loaded them onto home computer


Russian state-sponsored hackers stole highly classified US cyber security information from the NSA in 2015, it has been claimed.
According reports from the Wall Street Journal and Washington Post, the breach occurred when a person working in the US spy agency's "elite hacking unit" Tailored Access Operations (TAO) loaded the information onto their home computer.
TAO is the division of the NSA that "develops tools to penetrate computers overseas to gather foreign intelligence", according to the Washington Post's sources. In particular, the information taken by the person involved included hacking tools that were being developed to replace those considered compromised in the Snowden leaks.
It's currently unclear if the individual was an independent contractor, as claimed by the WSJ, or an employee, as claimed by the Washington Post, but they are unified in their claim that Kaspersky Lab antivirus software installed on the individual's computer was used as the conduit to identify and access the material.
Kaspersky Lab has hit back at the allegations, reiterating it "does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight".
The statement also hints at what some independent security researchers had speculated that its software detected the programmes brought home by the individual and classified them as threats, uploading their signatures and other information to its database of threats.
The Washington Post claims the incident, which resulted in the person being removed from their post in November 2015, is still under investigation.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
This is the latest in a series of embarrassing breaches for the NSA. While the leaks from Edward Snowden in May 2013 may be the most famous, another contractor Harold Martin was arrested last year in relation to a separate 2013 breach. Then, in 2016, hacking group Shadow Brokers stole a vast cache of hacking tools, once again linked to TAO, from the NSA and leaked them to the public.
These latest reports haven't been confirmed by the NSA, however, with the agency telling Reuters: "[We] never to comment on our affiliates or personnel issues."

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do it
News Hackers are researching key IT workers in their bid to gain access to vital systems
By Steve Ranger
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaign
News Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
By Ross Kelly
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
US reveals bespoke tool that took down Russian malware operation
News Snake had been used to steal NATO countries’ data for 20 years
By Rory Bathgate
-
Move away from memory-unsafe languages like C and C++, NSA urges
News The US agency advises organisations to begin using languages like Rust, Java, and Swift
By Zach Marzouk
-
US gov issues fresh warning over Russian threat to critical infrastructure
News The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
By Connor Jones
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
By Danny Bradbury