Connect with us

Hi, what are you looking for?


Malware & Threats

NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report

Documents leaked by NSA whistleblower Edward Snowden show the NSA and the U.K.’s Government Communications Headquarters (GCHQ) engaged in a campaign to compromise security software companies and their products, according to a report from The Intercept.

Documents leaked by NSA whistleblower Edward Snowden show the NSA and the U.K.’s Government Communications Headquarters (GCHQ) engaged in a campaign to compromise security software companies and their products, according to a report from The Intercept.

According to the report, the spy agencies have worked to undermine security software from a number of companies by reverse-engineering products and monitoring Web and email traffic. A warrant renewal request issued by the GCHQ in 2008 published by The Intercept states that “personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities.”

The NSA also reportedly targeted Kaspersky Lab as well. In 2008, a draft of a top-secret NSA report states that Kaspersky Lab software was sending sensitive user data back to the company’s servers that could be intercepted and used to track users because Kaspersky user-agent strings contained encoded versions of product serial numbers. In a statement to The Intercept, Kaspersky Lab denied the user-agent strings could be leveraged to track customers.

The Intercept also cited a 2010 presentation on “Project Camberdada,” which appears to suggest that spy agencies may be monitoring emails of employees at cyber-security firms. Roughly two dozen companies were mentioned in the presentation on a slide entitled ‘More Targets!’, including Kaspersky Lab as well as AVG Technologies, ESET and F-Secure. Other prominent security vendors – such as Symantec, McAfee (now Intel Security) and Sophos – were not mentioned.

“While I doubt very much it will come to this, it would be very interesting to hear the ostensibly pro-business governments of both the US and UK have to answer the question about what effects breaking security companies’ products may have on the companies’ ability to make money from providing security in the first place,” said Jonathan Sander, strategy and research officer at STEALTHbits Technologies. “If the government can break them, what stops anyone else?”

Recently, Kaspersky Lab discovered it had been targeted with Duqu 2.0, an updated version of the malware platform. Some reports have linked the attack to Israel.

“Spying on cybersecurity companies is a very dangerous tendency,” Eugene Kaspersky, CEO of Kaspersky Lab, said in a statement at the time. “Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario.”

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...