Russian hackers for the Kremlin have allegedly stolen the U.S.’s cyber defense details after an NSA contractor took home classified documents and uploaded them on his home computer.

These documents provide details on how our government agencies get into “foreign computer networks” and how we defend ourselves “against cyberattacks.”

Experts believe this breach is “one of the most significant security breaches in recent years.”

This Breach

The Wall Street Journal reported that the hackers discovered the contractor “after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.”

The Wall Street Journal continued:

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The NSA wouldn’t provide a comment. Kaspersky Lab lashed out at the report, saying the company “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Sen. Ben Sasse (R-NE), a member of the Senate Armed Services Committee, released this statement about the breach:

“It’s a lot harder to beat your opponent when they’re reading your playbook, and it’s even worse when someone on your team gives it to them. If these reports are true, Russia has pulled that off. The men and women of the U.S. Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.”

Suspicions Over Kaspersky Lab

Last month, the federal government decided to ban any software produced by the Russian cybersecurity firm Kaspersky Lab from federal computer systems. Acting DHS Secretary Elaine Duke advised the agencies “to develop plans to remove Kaspersky software from government systems in the bext 90 days.” From The New York Times:

The concerns surrounding Kaspersky, whose software is sold throughout the United States, are longstanding. The F.B.I., aided by American spies, has for years been trying to determine whether Kaspersky’s senior executives are working with Russian military and intelligence, according to current and former American officials. The F.B.I. has also been investigating whether Kaspersky software, including its well-regarded antivirus programs, contain back doors that could allow Russian intelligence access into computers on which it is running. The company denies the allegations.

The officials, all of whom spoke on the condition of anonymity because the inquiries are classified, would not provide details of the information they have collected on Kaspersky.

NSA Contractors

As Sasse stated, NSA has got to do something about its contractors. Former NSA contractor Reality Leigh Winner faces charges of allegedly mailing classified information to a media outlet. She told FBI agents that she took the information by stuffing them in her nylons. From Politico:

That and other details appear in a transcript federal prosecutors filed in court Wednesday detailing the interrogation of 25-year-old linguist Reality Winner by the FBI as they carried out a search warrant at her home in June.

After insisting for some time that she printed out the report and kept it on her desk for a few days before disposing of it in a burn bag, Winner caved and acknowledged she hid the document before sending it off to a news outlet, now known to be The Intercept.

“So how did you get it out of the office?” FBI agent Justin Garrick asked.

“Folded it in half in my pantyhose,” Winner replied.

Winner gave a report to The Intercept that shows “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election.”

Of course the most famous NSA leaker is Edward Snowden, who shot to fame in 2013 when he handed over documents that explained “how the agency collects and utilizes the intelligence it collects from a multitude of commercial sources.”