The National Security Agency (NSA) and its British counterpart Government Communications Headquarters (GCHQ) are not just infiltrating cell phone networks. They are hacking into the very thing that protects us from surveillance too.
A new report from The Intercept describes the agencies' extensive efforts to reverse-engineer a total of 23 antivirus and security software applications to find new malware that they can "repurpose" for their own means.
Most prominent among the antivirus companies named in the report is Kaspersky Labs, the Moscow-based security firm that is well-known for exposing state-sponsored malware. Other firms targeted by the agencies include Slovakian Eset, Romanian Bit-Defender, Finnish F-Secure and Czech Avast. Notably, security firms from the United States and United Kingdom, such as Symantec, Intel Security Group previously known as McAfee, and Sophos, are not in the list of targets.
Remarkably, the agencies, especially GCHQ, are also willing to go through the legal hoops to obtain permission to subvert the antivirus software. One of the files taken from the Snowden archives is a top-secret warrant renewal request, which reveals the agencies' motivations for subverting security software. The document was filed in 2008 and issued to GCHQ by the U.K. Foreign Service Secretary under the Intelligence Services Act of 1994.
"Personal security products such as the Russian antivirus software Kaspersky continue to pose a challenge to GCHQ's CNE [computer network exploitation] capability and SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities," the document said.
The report also reveals Project Camberdada, where the agencies intercept email and other forms of communication sent to security software employees by their customers. The aim is to collect samples of potentially malicious software sent by customers to the company and examine these new malware to see if they can be exploited for the governments' own spying purposes.
"We find it extremely worrying that government organizations are targeting security companies instead of focusing their resources against legitimate adversaries and are actively working to subvert security software that is designed to keep us all safe," said Kaspersky in a statement. "We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it."
Earlier this month, Kaspersky disclosed that it had been the subject of a targeted attack by Israeli hackers using an updated version of the Duqu malware. The security software firm said the malware was lurking in its network since 2014 and the attackers seemed intent on reverse-engineering its antivirus software to exploit it when attacking customer machines.
Photo: Markus Winkler | Flickr