He's a well-respected figure in the infosec community and the U.S. government's decision to ban his company's products from federal use last month was also accompanied by few details about the government's reasoning. But the details in the story - along with analysis from other journalists and researchers - suggests the AV software may have done nothing more than its job.
The Wall Street Journal reported that the hackers discovered the contractor "after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab".
"The men and women of the US intelligence community are patriots, but the NSA needs to get its head out of the sand and solve its contractor problem", Sasse said.
At the moment, it's unclear how Kaspersky was exploited to facilitate the hack.More news: Iraqi forces recapture Hawijah in 2nd phase of anti-IS offensive
More news: Woman who lived with Las Vegas shooter described as 'person of interest'
More news: Mark Salling Pleads Guilty to Child Pornography
"We make no apologies for being aggressive in the battle against malware and cybercriminals". Those reports do not contain any evidence Kaspersky was complicit in the attack, something the company denies.
In 2013, former NSA contractor Edward Snowden leaked classified material exposing US government surveillance programs. However, despite U.S. authorities mounting concerns on Kaspersky and its alleged ties to the Kremlin, the USA government is yet to provide any tangible evidence backing its allegations against the Moscow-based cybersecurity firm.
Kaspersky's defense is roughly in line with the general consensus among nonaligned information security experts. The timing of the revelation comes close to formation of panel by Special Counsel Robert Mueller after the unceremonious exit of Federal Bureau of Investigation chief James Comey, to investigate the possible vote-rigging by Russians and also collusion with Trump's election campaign team prelude to US Presidential Election in November 2016. If some NSA contractor delivered all that up to Kaspersky, it would explain the breadth of Kaspersky's knowledge.
The Wall Street Journal reported the breach of classified information. Not so fast, says Washington Post's Ellen Nakashima, who's been following these developments for a few years now.
Washington last month banned USA federal agencies from using Kaspersky products, citing alleged "ties between certain Kaspersky officials and Russian intelligence and other government agencies". It means that we don't know if the software package was already programmed by the company to scan for NSA material or the hackers targeted it at a later stage.