Home / Technology / New Snowden docs reveal NSA, British government attacked antivirus companies

New Snowden docs reveal NSA, British government attacked antivirus companies

GCHQ

Share This article

Ever since the Snowden leaks of two years ago, it’s been clear that a certain amount of tension existed between some commercial security companies and government security agencies. Kaspersky Labs is one company that’s likely been a thorn in the NSA’s side, given that it exposed and reported on a sophisticated malware platform, dubbed EquationDrug. New information, however, has made it clear that Kaspersky and government organizations in both Britain (the GCHQ) and the NSA have been playing a long game against each other.

The two organizations appear to have pursued somewhat different aims. The GCHQ (Government Communication Headquarters) apparently focused on aggressively reverse-engineering Kaspersky’s anti-virus software. In a filing from mid-2008, the GCHQ requested renewal of warrants that would allow it to continue its research into Kaspersky Labs’ software, with the long-term goal of creating malware that Kaspersky couldn’t track. The NSA did its own software investigation too, and found that the Kaspersky user-agent string that was transmitting data back to Kaspersky’s servers could also be used to uniquely identify Kaspersky customers. The Intercept confirmed that, despite Kaspersky’s denials, elements of its software continue to transmit personal information without encryption (Kaspersky Small Business Security 4 was found to transmit a detailed report of hardware and installed software entirely in the clear).

We’ve chastised Samsung and other companies repeatedly for transmitting plaintext information and the offense is even worse coming from an anti-virus company. The fact that this flaw existed, however, also illustrates how the role of security agencies has changed in the years since 9/11. There’s always been tension between finding ways to secure information relevant to American interests and protecting American data security, but these are the kinds of product flaws that the NSA and GCHQ ought to have informed Kaspersky of, in the name of better overall cybersecurity. Instead, both agencies appear to have quietly buried the information, reserving it for potential use at a later date.

Emailing malware can get you on the NSA’s list

Of particular interest is an NSA briefing from several years ago, in which the agency revealed that it actively tracks the files submitted to anti-virus companies.

NSA-1

The Intercept spoke to the original author of the email, who confirmed that he never sent it to the NSA or any government agency. According to the NSA, however, the act of sending such emails is both an opportunity — it offers a chance to analyze the malware and determine whether or not it can be used to slip target packages through existing defenses — but also can mark the sender as a person of interest.

NSA-2

Lest you think the issue is somehow unique to Kaspersky, the NSA also enthusiastically published a list of additional AV companies it wanted to target:

NSA-3

 

Over the past few years, antivirus companies have stepped up their identification of government created malware, from Flame and Stuxnet to Regin and the aforementioned EquationDrug. These revelations seem to indicate it was the government that kicked off the party with aggressive attempts to breach corporate security and identify security breaches that could be exploited. US sources have hinted at inappropriate relations between Kaspersky and the FSB (the successor to the KGB), but Kaspersky has shot back by noting the wide range of US companies that work directly with the US intelligence community — as well as refuting claims that it failed to identify Russian-backed malware or groups in an extensive blog post.

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

ExtremeTech

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Read previous post:
NuvaRing Caused Daughter’s Death Claims Family

Karen Langhart claims that NuvaRing caused the death of her young daughter. She believes that many women like her daughter...

Close