Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report

Documents leaked by NSA whistleblower Edward Snowden show the NSA and the U.K.’s Government Communications Headquarters (GCHQ) engaged in a campaign to compromise security software companies and their products, according to a report from The Intercept.

Documents leaked by NSA whistleblower Edward Snowden show the NSA and the U.K.’s Government Communications Headquarters (GCHQ) engaged in a campaign to compromise security software companies and their products, according to a report from The Intercept.

According to the report, the spy agencies have worked to undermine security software from a number of companies by reverse-engineering products and monitoring Web and email traffic. A warrant renewal request issued by the GCHQ in 2008 published by The Intercept states that “personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities.”

The NSA also reportedly targeted Kaspersky Lab as well. In 2008, a draft of a top-secret NSA report states that Kaspersky Lab software was sending sensitive user data back to the company’s servers that could be intercepted and used to track users because Kaspersky user-agent strings contained encoded versions of product serial numbers. In a statement to The Intercept, Kaspersky Lab denied the user-agent strings could be leveraged to track customers.

The Intercept also cited a 2010 presentation on “Project Camberdada,” which appears to suggest that spy agencies may be monitoring emails of employees at cyber-security firms. Roughly two dozen companies were mentioned in the presentation on a slide entitled ‘More Targets!’, including Kaspersky Lab as well as AVG Technologies, ESET and F-Secure. Other prominent security vendors – such as Symantec, McAfee (now Intel Security) and Sophos – were not mentioned.

“While I doubt very much it will come to this, it would be very interesting to hear the ostensibly pro-business governments of both the US and UK have to answer the question about what effects breaking security companies’ products may have on the companies’ ability to make money from providing security in the first place,” said Jonathan Sander, strategy and research officer at STEALTHbits Technologies. “If the government can break them, what stops anyone else?”

Recently, Kaspersky Lab discovered it had been targeted with Duqu 2.0, an updated version of the malware platform. Some reports have linked the attack to Israel.

“Spying on cybersecurity companies is a very dangerous tendency,” Eugene Kaspersky, CEO of Kaspersky Lab, said in a statement at the time. “Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.