Security Experts:

NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report

Documents leaked by NSA whistleblower Edward Snowden show the NSA and the U.K.'s Government Communications Headquarters (GCHQ) engaged in a campaign to compromise security software companies and their products, according to a report from The Intercept.

According to the report, the spy agencies have worked to undermine security software from a number of companies by reverse-engineering products and monitoring Web and email traffic. A warrant renewal request issued by the GCHQ in 2008 published by The Intercept states that "personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities."

The NSA also reportedly targeted Kaspersky Lab as well. In 2008, a draft of a top-secret NSA report states that Kaspersky Lab software was sending sensitive user data back to the company's servers that could be intercepted and used to track users because Kaspersky user-agent strings contained encoded versions of product serial numbers. In a statement to The Intercept, Kaspersky Lab denied the user-agent strings could be leveraged to track customers.

The Intercept also cited a 2010 presentation on "Project Camberdada," which appears to suggest that spy agencies may be monitoring emails of employees at cyber-security firms. Roughly two dozen companies were mentioned in the presentation on a slide entitled 'More Targets!', including Kaspersky Lab as well as AVG Technologies, ESET and F-Secure. Other prominent security vendors - such as Symantec, McAfee (now Intel Security) and Sophos - were not mentioned.

“While I doubt very much it will come to this, it would be very interesting to hear the ostensibly pro-business governments of both the US and UK have to answer the question about what effects breaking security companies’ products may have on the companies’ ability to make money from providing security in the first place," said Jonathan Sander, strategy and research officer at STEALTHbits Technologies. "If the government can break them, what stops anyone else?”

Recently, Kaspersky Lab discovered it had been targeted with Duqu 2.0, an updated version of the malware platform. Some reports have linked the attack to Israel.

"Spying on cybersecurity companies is a very dangerous tendency," Eugene Kaspersky, CEO of Kaspersky Lab, said in a statement at the time. "Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario."

view counter