The information below was sent to the IT Security and Frontline Notify (FLN) groups via email on October 9, 2017.
In light of recent reports that classified National Security Agency (NSA) documents were stolen by exploiting Kaspersky Lab anti-virus software, Information Assurance (IA) is recommending that you remove any AO Kaspersky Lab products you may have on your computers.
The U.S. Department of Homeland Security has ordered federal agencies to identify and plan to remove products from the Russian cybersecurity firm AO Kaspersky Lab running on government computers. The directive gives federal executive branch departments and agencies 30 days to identify Kaspersky-branded products on their systems and 90 days to provide plans for discontinuing their use. We have heard that faculty researchers at some of our peer institutions have received letters from NASA asking them to ensure removal of Kaspersky products from any systems that interface with NASA.
The NSA leak resulted from a contractor's transfer of data to a home computer with Kaspersky anti-virus software installed. Transferring the classified data to the personally-owned computer was a violation of government policy regarding the handling of classified data.
Members of the university community are expected to abide by Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Information about individual and unit responsibilities associated with that policy is available on Safe Computing.
Some security professionals have questioned whether the vulnerability in Kaspersky software was intentional or an inadvertent bug. Regardless, given the Department of Homeland Security directive, we recommend that you remove and replace any Kaspersky Lab products you may be using from your devices.
Tip: Use the anti-virus software recommended by IA. IA recommends free software for use on personal computers and university-provided software for university-owned computers.
- Anti-Virus Software Recommended by IA (Safe Computing)
- National Protection and Programs Directorate; Notification of Issuance of Binding Operational Directive 17-01 and Establishment of Procedures for Responses (Federal Register, 9/19/17)
- Russian Hackers Stole NSA Data on U.S. Cyber Defense (The Wall Street Journal, 10/5/17)
- New N.S.A. Breach Linked to Popular Russian Antivirus Software (The New York Times, 10/5/17)
- Russian hackers used Kaspersky software to find vulnerable NSA docs, says report (The Verge, 10/5/17)
- Russia reportedly stole NSA secrets with help of Kaspersky—what we know now (Ars Technica, 10/5/17)