NSA Has Reverse-Engineered Consumer Anti-Virus Software To Track Users

 kaspersky-gchq-warrant.png

The text of the warrant request, mentioning Kaspersky (and total access to Pakistan's Internet infrastructure).


The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept.

Cybersecurity companies, including the Moscow-headquartered Kaspersky Lab, were targeted by government agencies to gain intelligence of the latest exploits. Details of the security software’s inner workings were deciphered by agencies through a process called software reverse engineering (SRE), which allowed them to analyze and exploit the software suites.
A top-secret warrant renewal request issued by the GCHQ details the motivations behind infiltrating the products of such anti-virus companies.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,” the warrant stated, “and SRE is essential in order to be able to exploit such software and to prevent detection of our activities.”
A leaked 2010 presentation called “Project CAMBERDADA” also suggested that the government agencies may be searching through and flagging the emails of employees from cybersecurity firms in order to identify more of these threats.

Documents also disclosed efforts by the NSA of intercepting “leaky” data being sent from users’ computers to the Kaspersky Lab servers. Such data, including sensitive user information, was embedded in “User-Agent” strings in the HTTP requests and could be used to assess and track users’ activity.
In a statement to The Intercept, Kaspersky Lab said:
”It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations.”

In a testament of just how far-reaching the tracking capabilities of these government agencies has become, an interesting tidbit from today’s leak, a top-secret “Five Eyes” presentation, disclosed that the GCHQ was regularly collecting intel on 100 million malware events per day.
Techcrunch: http://tcrn.ch/1eetGod

« GCHQ's Surveillance of Rights Groups is Illegal
Cambridge to Open Cyber Security Research Centre »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

Samoby

Samoby

Samoby provide a subscription solution for Mobile Threat Protection and usage control on Android and iOS devices.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Network Intelligence

Network Intelligence

Network Intelligence are a global cybersecurity provider offering services across 6 broad spectrums - Assessment, BCMS, GRC, Professional Services, MSSP & Training.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.

Alpha Echo

Alpha Echo

Specialising in security advice and enterprise-wide Cyberworthiness, Alpha Echo helps Australia deliver on cyber outcomes at a military grade level.