NSA Poking Around Antivirus Software

NSA Poking Around Antivirus Software

nsa-poking-around-antivirus-software_h9bd.640

 

U.S. and U.K. security agencies aren’t just interested in your phone calls and naked pics. They also want to crack antivirus software, according to The Intercept.

Citing the documents leaked by former NSA contractor Edward Snowden, The Intercept says that the National Security Agency (NSA) and the U.K.’s GCHQ have reverse-engineered popular antivirus software in order to exploit bugs, but also monitored the Web and email activity of antivirus firms to learn about new vulnerabilities and malware.

One name that kept coming up over and over was Kaspersky. U.K. officials had a particularly tough time trying to crack Kaspersky software, and requested a warrant in 2008 in order to reverse engineer the company’s technology. As The Intercept explained, reverse engineering of software is often forbidden by licensing agreements and, in some cases, laws. So GCHQ requested a warrant.

“It is unclear what GCHQ accomplished in its analysis of Kaspersky software, but GCHQ has repeatedly reverse engineered software to discover vulnerabilities,” The Intercept said. “Rather than report the vulnerabilities to the companies, spy agencies have quietly stockpiled numerous exploits for a wide range of commercial hardware and software, using them to hack adversaries.”

Across the pond, meanwhile, the NSA also had an interest in Kaspersky. In 2008, they found that its software was transmitting information that might reveal who was using Kaspersky software and allow for tracking of those users. Kaspersky told The Intercept that is not the case, however.

The agencies, meanwhile, were also snooping on email activity, keeping an eye out for messages that discussed new bugs. Antivirus firms can sometimes be slow to patch these vulnerabilities, particularly if they are not public, so the NSA and GCHQ were looking for mentions of things they could exploit, even temporarily.

An NSA presentation listed 23 AV firms on a slide titled “More Targets,” including Bit-Defender, F-Secure, Avast, AVG, and Avira. Kaspersky, however, has been a particular thorn in the agency’s side, as it has uncovered a number of sophisticated, state-sponsored attacks linked to the U.S., including Flame, Gauss, and Equation Group.

Earlier this month, Kaspersky said it had been hacked, probably by a “nation state.” Kaspersky said the attackers—believed to be the same group behind 2011’s Stuxnet-like Duqu worm—were mainly interested in spying on its technologies, especially its solutions for discovering and analyzing sophisticated attacks known as Advanced Persistent Threats (APTs). The attackers were looking to find out about Kaspersky’s ongoing investigations into advanced attacks, detection methods, and analysis capabilities.