NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users
The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept.
Cybersecurity companies, including the Moscow-headquartered Kaspersky Lab, were targeted by government agencies to gain intelligence of the latest exploits. Details of the security software’s inner workings were deciphered by agencies through a process called software reverse engineering (SRE), which allowed them to analyze and exploit the software suites.
A top-secret warrant renewal request issued by the GCHQ details the motivations behind infiltrating the products of such anti-virus companies.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,” the warrant stated, “and SRE is essential in order to be able to exploit such software and to prevent detection of our activities.”
A leaked 2010 presentation called “Project CAMBERDADA” also suggested that the government agencies may be searching through and flagging the emails of employees from cybersecurity firms in order to identify more of these threats.
Documents also disclosed efforts by the NSA of intercepting “leaky” data being sent from users’ computers to the Kaspersky Lab servers. Such data, including sensitive user information, was embedded in “User-Agent” strings in the HTTP requests and could be used to assess and track users’ activity.
In a statement to The Intercept, Kaspersky Lab said:
”It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations.”