hack moscow secret code Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim. Russian government spies used Kaspersky Lab software to extract top-secret software exploits from an NSA staffer's home PC, anonymous sources have claimed. The clumsy snoop broke regulations by taking the classified code, documentation, and other materials home to work on using his personal computer, which was running Kaspersky's antivirus, sources told the Wall Street Journal. It is alleged Kremlin hackers exploited the security package in one way or another to identify those sensitive files and exfiltrate them. In effect, it means the Russian government has copies of the NSA's tools used to exploit vulnerabilities in computer systems and equipment to spy on other nations and targets. It also means Russia can turn the cyber-weapons on American corporations, government agencies and other networks, and steal secrets, cause merry havoc, and so on. The theft, reported today, is said to have occurred in 2015, but apparently wasn't discovered until earlier this year. The allegedly stolen NSA code and dossiers sound an awful lot like the Shadow Brokers archive of stolen agency spyware. The brokers' pilfered exploits dates back to 2013, though. And this case is not thought to be related to the former Booz Allen Hamilton contractor Harold Thomas Martin III who stashed classified NSA materials at his home to study. Martin was indicted in February and faces prison time for removing top-secret files from his employer's workplace, if convicted. He denies any wrongdoing. "Whether the information is credible or not, NSA's policy is never to comment on affiliate or personnel matters," an NSA spokesperson said. Like almost all security software, Kaspersky's software scans files on computers to look for anything matching known malware, or programs that behave in a way that looks like malicious code. It may be that the antivirus package sent the employee's NSA code back to a cloud service to inspect, which set off internal alarms and attracted the attention of Russian spies, or the product was tampered with to open a backdoor to the PC, or the software was remotely exploited to gain access. Homeland Security drops the hammer on Kaspersky Lab with preemptive ban. The WSJ's sources didn't say if Kaspersky was actively involved in helping hack the staffer's computer, nor whether President Putin's spies exploited vulnerabilities in the security software to silently swipe the exposed documents. Don't forget, there are a lot of exploitable holes in antivirus packages for hackers to abuse. It is also possible, under Russian law, the Kremlin instructed staff within Kaspersky to hijack the mark's computer and extract its contents. The software maker is denying any wrongdoing or direct involvement in the exploit theft. “Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company," the Moscow-based biz told The Register in a statement. “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight. “Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the US and around the world.” The organization's founder Eugene Kaspersky was more blunt, tweeting the following before today's revelations hit the 'net: New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats — Eugene Kaspersky (@e_kaspersky) October 5, 2017. Kaspersky has repeatedly offered its source code to government officials to review for backdoors after allegations that it was working with Russian intelligence surfaced a year or so ago. No evidence has ever been made public about such claims of compromised code. That didn’t stop the US government banning Kaspersky code from federal computers last month. American box-shifter Best Buy followed suit. However the exploits leaked, let's not forget it was sparked by another NSA worker taking classified materials home. "It's a lot harder to beat your opponent when they're reading your playbook, and it's even worse when someone on your team gives it to them. If these reports are true, Russia has pulled that off," said US Senator Ben Sasse (R-NE), who is on the Senate Armed Services committee. "The men and women of the US Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can't afford these self-inflicted injuries." Matthew Hickey, cofounder of British security shop Hacker House, told The Register Kaspersky could well be blameless and that the security software was simply doing its job. The Russian software maker has been detecting NSA malware in the wild since 2014, and this could be where the connection lies. The antivirus may have identified Uncle Sam's powerful exploit code samples on the home PC, and flagged them up to Kaspersky's customers, possibly all the way to the FSB, Russia's security services. Following this alert, Russians agents could have tracked down the NSA employee's machine and remotely commandeered it. In a blog post today, Eugene said all his customers are warned when new software nasties are discovered by his antivirus tools: Re: Kaspersky and NSA exploit leak story. @e_kaspersky says detected malware is flagged up to *all* clients. All. https://t.co/bt0h7hvmVE pic.twitter.com/5CImW1t6PF — The Register (@TheRegister) October 6, 2017. Kaspersky also provides real-time analysis to the FSB, meaning the software may have automatically tipped off the Kremlin to the presence of the highly guarded Western attack code on the NSA worker's home PC. "It's likely that the Kaspersky detection of NSA tools was somehow responsible for FSB targeting the contractor's home computer, but it doesn't mean the company was complicit," Hickey told us. "Kaspersky have detected many of the NSA tools being used in the wild, the FSB would surely know that, and target the company for that reason alone. The Kaspersky statement holds no punches and makes it clear they don't cooperate with governments. I'm inclined to believe them, their software is top grade at detection of new threats, and is notoriously difficult to bypass." Hickey said the alternative is that Kaspersky deliberately backdoored its own software, and handed over the keys to Putin"s snoops, putting billions of dollars of business at risk to do a favor for Russian intelligence. Occam's razor would suggest this is unlikely. Meanwhile, cybersecurity expert Matt "Pwn all the Things" Tait said the focus should be on the embarrassing claims that yet more dangerous NSA tools have escaped Uncle Sam's highly secretive surveillance agency: Tbh, this sounds less like Kaspersky doing surveillance for the Russian government, and more like them doing basic tracking of APTs. — Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 5, 2017. But if it's just signatures on NSA implants and NSA exploits, then this is Kaspersky just doing its job, and not at all a Kaspersky-Russia thing. — Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 5, 2017. In either case, how dumb must you be to A) remove NSA tools and take em home B) to your internet connected computer C) Running cloud-AV D) Which is Kaspersky — Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 5, 2017. A bit confused that this story is running more as a "Kaspersky Russia something something" story and not a "YET ANOTHER contractor theft from NSA" story — Pwn ██ ██ ███ (b)(5) (@pwnallthethings) October 5, 2017. Senator Jeanne Shaheen (D-NH), one of Kaspersky's most vocal critics in Congress, has few doubts on the matter, though. In a strongly worded statement, she condemned the company and called for the Trump administration to declassify and release the evidence it has in this case. "The strong ties between Kaspersky and the Kremlin are extremely alarming and have been well documented for some time," she said today. "It's astounding and deeply concerning that the Russian government continues to have this tool at their disposal to harm the United States." ® PS: The Washington Post says the NSA bod was an employee – and not a contractor as first thought – and was a US citizen born in Vietnam. He was on the NSA's ace hacking team, Tailored Access Operations, and was working to replace the exploits compromised by the Snowden leaks. He was fired in 2015, and is now under a federal investigation. The Real Russian Mole Inside NSA. The media has finally noticed that the National Security Agency has a problem with Kremlin penetration. A helicopter view of the National Security Agency January 28, 2016 in Fort Meade, Maryland. (Photo: BRENDAN SMIALOWSKI/AFP/Getty Images) Moles—that is, long-term penetration agents—are every intelligence service’s worst nightmare. Though rarer in reality than in spy movies and novels, moles exist and can do enormous damage to a country’s secrets and espionage capabilities. They’re what keep counterintelligence experts awake at night. The recent appearance on the Internet of top secret hacking tools from the National Security Agency has shined yet another unwanted spotlight on that hard-luck agency, which has been reeling for three years from Edward Snowden’s defection to Moscow after stealing more than a million classified documents from NSA. As I explained, this latest debacle was not a “hack”—rather, it’s a clear sign that the agency has a mole. Of course, I’ve been saying that for years. It’s not exactly a secret that NSA has one or more Russian moles in its ranks—not counting Snowden. Now the mainstream media has taken notice and we have the “another Snowden” meme upon us. James Bamford, who’s written a lot about NSA over the decades, has taken up this meme. It should be noted that Bamford is less than a reliable journalist who’s known to embellish sources when not outright fabricating them. That said, there’s no doubt that NSA has a penetration problem. This shouldn’t be shocking news since the agency has suffered from moles since its birth in 1952. While many intelligence services have tried to steal secrets from NSA, only the Russians have been able to do so consistently. Kremlin penetration of NSA has been a constant. A brief historical sketch outlines the problem. NSA was in fact founded in part due to a Russian mole. That was William Weisband, a long-term Soviet agent who penetrated the Army’s code- breaking service during World War II. At the beginning of the Cold War, Weisband did enormous damage, betraying top secret joint U.S.-British signals intelligence programs against the Soviet Union. He was arrested in 1950 and did a brief jail stint, but was never prosecuted for espionage. Setting a pattern, the newly born NSA covered up the embarrassing Weisband case, the details of which weren’t released to the public for half a century. The record of our Intelligence Community, indeed our whole government, in counterintelligence is nothing less than dismal. A decade later, two NSA mathematicians, William Martin and Bernon Mitchell, defected to the Soviet Union. They had coordinated their defection in advance with the KGB, and their appearance in Moscow for a press conference, where they spilled code-breaking secrets, was a black eye for the agency. In 1963, Jack Dunlap, an Army sergeant assigned to NSA, committed suicide when his spying for the Soviets was uncovered. The full extent of Dunlap’s betrayal remained mysterious, but the fact that Dunlap served as the NSA director’s driver led to uncomfortable questions. The 1960s witnessed one Soviet mole after another inside the agency. From 1965 to 1967, Robert Lipka, a young Army soldier assigned to NSA, sold any secrets he could get his hands on to the KGB. Despite his low rank, Lipka had access to a wide array of highly classified information. His motive was purely pecuniary, and he was arrested after the Cold War, when KGB sources revealed Lipka’s betrayal. There was another, more important mole inside NSA at the same time, but he was never officially identified. KGB sources pointed to a second Soviet penetration of agency headquarters that lasted for more than a decade, providing Moscow with reams of classified information, but that traitor’s identity remained murky. Agency leadership never showed much interest in finding that mole—or any. They could not ignore the case of John Walker when it went public in 1985. A Navy warrant officer with debts and a drinking problem, Walker appeared at the Soviet embassy in Washington in 1967 and offered to sell code secrets to the KGB. For the next 18 years, Walker passed the Soviets key materials for the Navy’s encrypted communications devices. Had the Cold War gone hot, the Soviets would have had an enormous advantage over the U.S. Navy. Thankfully that didn’t happen, but Walker’s betrayal did lead to the North Korean seizure of the USS Pueblo , an NSA spy ship, in 1968. That vessel was hijacked by Pyongyang to secure its top secret code machines for Moscow. One sailor died in the seizure and the Pueblo ’s crew was kept prisoner North Korea for a year. The last major Soviet penetration of NSA during the Cold War was Ron Pelton, a former agency analyst who started selling secrets to the KGB in 1980. Pelton betrayed highly sensitive signals intelligence programs to Moscow and was convicted of espionage in 1986 after Vitaly Yurchenko, a KGB officer who temporarily defected to the United States, tipped off the FBI about an NSA source selling secrets to the Kremlin. Viewing NSA as the head of the Western intelligence alliance, the core of which are the Anglosphere “Five Eyes” countries (America, Britain, Canada, Australia, and New Zealand), and which dates to Allied victory in World War II, there was no point during the Cold War where the Five Eyes system wasn’t penetrated somewhere by Soviet intelligence. We therefore shouldn’t expect that anything’s changed, given NSA’s long history of paying insufficient attention to counterintelligence. In addition, we have specific information about a Russian mole—or moles—lurking inside the agency today. In 2010, in an operation they termed Ghost Stories, the FBI arrested ten agents of the Russian Foreign Intelligence Service, the SVR, who were operating in the United States. The Russians, many of whom were masquerading as third-country nationals, were what the SVR calls Illegals—that is, long-term penetration agents possessing no official ties to Moscow. This roll-up was a major counterintelligence success for Washington, yet it was treated in a semi-comical fashion by the media, which fixated on Anna Chapman, the fetching red-headed Illegal who liked to pose for the cameras. In truth, Operation Ghost Stories produced important leads pointing to more SVR operatives in the United States, as yet uncaught. In particular, that Russian spy network opened up a trail to one or more moles lurking inside NSA. That was six years ago and there’s been no word of any Russian moles being arrested. There are other indications of Russian penetration of NSA that had nothing to do with Snowden. An espionage case that got too little attention was that of Jeffrey Delisle, a Canadian navy junior officer who was arrested in 2012 for passing secrets to Moscow. He admitted his guilt, specifically that for almost five years beginning in 2007, he regularly sold secrets to GRU, that is Russian military intelligence. Upset over his wife’s infidelity and short of cash, the sad-sack Delisle, who was assigned to a Canadian intelligence center in Halifax, simply downloaded secrets on a thumb- drive, which he passed to GRU every month or so. Most of what Delisle gave Moscow wasn’t Canadian information but belonged to Five Eyes, much of which came from NSA. Yet the most interesting part of the Delisle case is what GRU did not want from him. As one intelligence scholar noted: Incredibly, GRU was uninterested in some of the best stuff Delisle could have provided, particularly in the technical and scientific fields, including information on how Canada and its allies protect coded communications. This puzzled Delisle, as well it might. It would be difficult to overstate Moscow’s interest in how the Five Eyes countries encrypt their sensitive government communications. During the Cold War, the KGB referred to NSA as Target OMEGA, and for the Kremlin there was no higher-priority espionage target on earth. That’s because by penetrating NSA you get access not just to that agency’s signals intelligence, the richest espionage source on earth, you can also crack into the top secret communications of the United States and its closest allies. If GRU wasn’t interested in that when Delisle offered it to them, the only explanation is that Moscow already had that very sensitive information. Which means Russia can listen in on anything it wants. The mole who gave this up could not have been Snowden. Between 2007 and 2012, when Delisle was spying for GRU in Canada, Snowden was working for CIA as an IT contractor, and then for NSA in Japan and Hawaii in a similar role. In that capacity, he did not have the access he needed to betray what the Kremlin already knew about Five Eyes code-making. Besides, Snowden was never the “spy” he portrayed himself to be. An IT sysadmin with limited understanding of the signals intelligence information he stole and leaked, Snowden acted as cover for Moscow’s real star. A patsy, he was never the actual Russian mole inside NSA. That person or persons is still out there, presumably still functioning as Moscow’s penetration agent inside America’s most secret spy agency. In fairness to NSA, the record of our Intelligence Community, indeed our whole government, in counterintelligence is nothing less than dismal. And it’s gotten markedly worse during Barack Obama’s two terms in the White House, with their unprecedented losses of America’s secrets to spies, traitors, and hackers. However, given the importance of NSA to our collective security—it’s the backbone of counterterrorism operations across the Western world, our vital shield against jihadism—it’s important that the agency at last starts getting serious about security. Catching some Russian moles would be a solid beginning. John Schindler is a security expert and former National Security Agency analyst and counterintelligence officer. A specialist in espionage and terrorism, he’s also been a Navy officer and a War College professor. He’s published four books and is on Twitter at @20committee. Most Complete Secret Code List for Samsung Galaxy. Part 1: What is the Secret Code(Samsung Galaxy Secret Code)? Samsung check code or secret code is actually an alpha-numeric character that is used in Android devices. One can enter Samsung mobile check codes using a phone book dialer. These codes are unique and specific to the manufacturer. It means check codes for Samsung will not work in any other brand like Sony, HTC, Nokia, etc. So, it is important to use Samsung mobile check codes only on Samsung devices, not on other brands as it may be harmful and cause damage to other devices. Don’t experiment with such codes unnecessarily on other brands because it can alter the configuration of the device. Make sure you know what these codes are intended for, before using any Samsung check code. Editor's Picks: Part 2: Why do We Need Secret Code? If you are a wannabe and advanced mobile developer or learning more about the functions of mobile phones, these Samsung Galaxy codes may be helpful to you. Today, these secret codes are no longer a secret because they are leaked publicly. But many users still don’t know much about these Samsung secret codes. Another reason to use these codes is that you have to use these secret codes to operate your device rather than getting tricks and entering the control panel of your phone settings. If you are entering in Android app development, learning these Samsung secret codes will help you make a great career. You can use these Samsung mobile check codes anytime and anywhere to troubleshoot and fix your device without having to take it to the service center. Part 3: Samsung Galaxy Secret Code List. These Samsung Galaxy Secret codes are compatible with all the models of Samsung Galaxy series. Samsung Galaxy Secret Codes to Test Functions. • Enter Light Sensor mode with this code - *#0589# • Proximity Sensor - *#0588# • Access all Wi-Fi Mac Address - *#*#232338#*#* • For WLAN network - *#*#526#*#* • For testing GPS - *#*#1472365#*#* • Another test code for GPS testing - *#*#1575#*#* • Diagnostic Configuration - *#9090# • To troubleshoot Bluetooth - *#*#232331#*#* • Enter Bluetooth Test Mode - #*3888# • Audio Testing - *#*#0673#*#* • Test your device screen - #*#0*#*#* • Check Backlight and Vibration and perform other general tests - *#*#0842#*#* • General Test Mode - *#0*# • Audible - *#0673# • Universal Test Menu - *#8999*8378# • Mobile Time Testing in Real-Time - *#0782# • Vibration Motor Test - *#0842# For Mobile Restarting. The following Samsung Galaxy Secret codes are used to restart your Samsung Galaxy device without doing it manually. NSA Coder Jailed for Smuggling Secrets That Wound Up In Russian Hands. A mysterious hacker clan. A controversial Russian cybersecurity firm. A top-secret developer with sticky fingers. They all came together in a case that met its climax Tuesday. Kevin Poulsen. Sr. National Security Correspondent. A former developer for the National Security Agency’s elite Tailored Access Operations hacking group was sentenced in Baltimore Tuesday to five years and six months in prison for bringing home highly classified attack tools and documents that wound up in the hands of a Russian security company. Nghia Hoang Pho, 70, pleaded guilty last October to a federal charge of Willful Retention of Classified Information. Beginning in 2010, Pho smuggled government hacking tools and classified documents from the NSA’s Maryland headquarters work from home after hours. The security breach led to a bizarre incident in 2015 in which Moscow-based Kaspersky Lab slurped up classified documents and source code from Pho’s home computer, which was running the company’s anti-virus software. The U.S. has since banned Kaspersky products from government networks, partially as a result of that incident. Kaspersky has acknowledged copying Pho’s secret files, but described the incident as an unintended byproduct of its routine malware scanning. Pho’s cache included the source code for an NSA hacking tool that Kaspersky’s product properly detected and flagged for analysis. Kaspersky wound up with classified documents as well, because they were bundled with the code in a ZIP archive. Company founder Eugene Kaspersky ordered his researchers to delete their copy of the documents and code in 2015, the company asserted in a blog post last year, adding that the material “was not shared with any third parties.” The sentence is less than the minimum six-and-a-half years recommended by federal sentencing guidelines. Prosecutors sought the recommended maximum term of eight years. Last month, another NSA contractor received roughly the same sentence for leaking a single document to a news outlet. Reality Winner, 26, was sentenced to 5 years, 3 months in prison for revealing that Russia attempted to hack election-related systems in the U.S. in 2016. The same information was later declassified and included in Robert Mueller’s indictment of Russian intelligence officers. In a court filing last March, then-NSA director Mike Rogers said Pho’s actions “placed at risk some of NSA's most sophisticated, hard to achieve and important techniques” of electronic spying, and forced the NSA “abandon certain important initiatives, at great economic and operational cost." “In addition, NSA was faced with the crucial and arduous task of accounting for all of the exposed classified materials, including Top Secret information,” Rogers wrote. “These efforts were tremendously expensive and diverted critical resources away from NSA's intelligence-gathering mission, including the development of new and innovative ways to conduct signals intelligence.” Pho came to the NSA’s and FBI’s attention as they investigated a massive leak of NSA attack code by a self-described hacking group called the Shadow Brokers, who started publishing the agency’s secrets in the final months of the Obama administration, and increased in frequency and impact after the U.S. bombing of a Syrian airfield in April last year. The most harmful leak, on April 14 of last year, included an exploit against Windows machines that was quickly harnessed by the North Korean government to launch the massive WannaCry ransomware attack. The Shadow Brokers’ identity remains a mystery, but security experts have named Russia’s intelligence services as the most likely culprit. “Circumstantial evidence and conventional wisdom indicates Russian responsibility,” exiled NSA whistleblower Edward Snowden tweeted last August. “Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.” The same Shadow Brokers investigation led the FBI to an NSA contractor named Hal Martin, who, like Pho, worked in the agency’s hacking unit. Martin was found hoarding two decades of agency secrets in his Maryland home. He is scheduled for trial in June 2019. Neither Pho nor Martin have been accused of deliberately passing the NSA’s secrets to outsiders. The investigation apparently failed to solve its central mystery though, and the source of the Shadow Brokers’ material has still not been determined, or if it has, it’s a secret. For their part, the Shadow Brokers were last heard from in October 2017. Russian Cyber Unit That Went Dark After Hacking DNC Is Still Spying. The hackers, also known as Cozy Bear, who are linked to Russian intelligence have been using Twitter and Reddit forums to send coded messages. Kevin Poulsen. Sr. National Security Correspondent. JACK GUEZ. A stealthy Russian cyber espionage ring known as “The Dukes” is back on security experts’ radar nearly three years after vanishing without a trace. One clue that they were operating came in the form of a cryptic Reddit post that turned out to be a secret signaling mechanism for the spies’ malware. Also called “Cozy Bear” and “APT29,” the Dukes have been linked to Russia’s Foreign Intelligence Service, the SVR. They’re stealthy, sophisticated operators best known as the other Russian hackers in the DNC’s network—the ones who lurked quietly, undetected by the Democrats, for nearly a year before the GRU’s hackers barged in to carry out Putin’s 2016 election interference plan. In January 2017, as global concern about Russia’s state-sponsored hacking swelled, the Dukes vanished. A phishing campaign that month against the government of Norway became the last hack attack strongly linked to the group. A year later, a Dutch newspaper detailed a remarkable years-long counter-hack against the Dukes in the years before they went dark. The Dutch intelligence agency AIVD broke into the Dukes’ network in 2014, and spent years watching the Russians, at one point literally eyeballing them through the security cameras in the Moscow university the Dukes were operating from. From their privileged perch, the Dutch relayed information to U.S. officials in real time to help thwart the Dukes’ breach of U.S. State Department systems, and then tipped off the U.S. again when the Dukes hit the DNC in 2015. (The FBI later passed the warning to the DNC, which didn’t initially take it seriously). Experts speculated the Dukes had been shut down or were busy regrouping in the wake of unwanted publicity and the embarrassing Dutch counter-hack. But a report Thursday by researchers at the European security firm ESET concludes that the Dukes never went away at all— they just retooled, developing new harder-to-spot versions of their custom malware. Based on code similarities, a common custom encryption algorithm and other indicators, ESET said it’s linked the Dukes to a continuous chain of hacks dating back to 2013, and still going on as of last June. “We spent months apparently chasing a ghost then, a few months ago, we were able to attribute several distinct intrusions to the Dukes,” reads the report by ESET researchers Matthieu Faou, Mathieu Tartare and Thomas Dupuy. The Russians’ targets, according to the report, include three unnamed European foreign affairs ministries and an unnamed European embassy in Washington, D.C.—all typical targets for cyber espionage. The Dukes’ creative opsec is one reason they’ve stayed invisible for so long. The hackers often use coded messages broadcast on Twitter or dropped on Dropbox to communicate with their hacked machines secretly in plain sight, even posting steganographically-coded photos on public image boards. ESET’s research adds Reddit to the list of sites co-opted into cyber espionage. The researchers identified two accounts dating to 2014 that were created for the sole purpose of posting coded messages on subreddits, including the r/funny humor board. The hackers’ malware would check for new posts and decrypt a seemingly-nonsensical word in the comment to get the website address of one of the Dukes’ command-and-control servers. The takeaway, ESET said, is that state-sponsored hackers “going dark for several years does not mean they have stopped spying. They might pause for a while and re-appear in another form, but they still need to spy.”