The NSA used an electronic security tool that was designed to help Russia hack targets in the United States to spy on them, a top-secret report by a House committee says.
The House Permanent Select Committee on Intelligence on Wednesday also accused the National Security Agency of using a software update to steal email credentials of U.S. residents from a number of Chinese companies.
The committee said the NSA used the tool to hack into the accounts of two Chinese firms and then steal the data for more than six months.
It also said the tool was used to spy “on the email addresses, phone numbers and email addresses of individuals in the U.K. and elsewhere, including in the UK and the U to enable Russian intelligence to carry out cyber attacks against U.T.O. and its business partners.”
“The use of this tool to penetrate these Chinese companies and their U.N. employees is troubling,” Rep. Mike Rogers, a Michigan Republican, said in a statement.
“The NSA should stop using this software and stop using the tool and data stolen to spy and target U. S. citizens and residents.”
Rogers, a Republican who chairs the House Intelligence Committee, said the report also shows the NSA is “misusing and abusing” the tool.
“In some cases, the tools were used in direct violation of the Foreign Intelligence Surveillance Act (FISA) and the Intelligence Identities Protection Act (IIPA),” he said.
The NSA declined to comment on the report.
It is not the first time the NSA has used an attack-focused software to steal information from targets.
The Washington Post reported in February that the NSA had used a hacking tool to steal the credentials of thousands of U,S.
government employees in 2011, including some of the nation’s top intelligence officials.
“We don’t know how many people were targeted, but we know that we had a number,” an NSA official told the Post.