Categories: Security

Snowden: NSA And GCHQ ‘Targeted’ Security Firms

The NSA and GCHQ targeted the makers of widely used antivirus software in order to find ways to bypass the programs’ protections, according to newly leaked documents obtained by former NSA contractor Edward Snowden.

GCHQ had a particular focus on Russian antivirus maker Kaspersky Lab, and even obtained warrants for the reverse-engineering of Kaspersky’s software because it feared the activity might otherwise be “unlawful”.

Neutralising security

“Reverse engineering of commercial products needs to be warranted in order to be lawful,” read a 2009 GCHQ memo published by The Intercept, an online publication launched last year with a focus on the Snowden documents. “There is a risk that in the unlikely event of a challenge by the copyright owner or licensor, the courts would, in the absence of a legal authorisation, hold that such activity was unlawful.”

The warrants were issued by the Foreign Secretary under the UK’s Intelligence Services Act 1994 Section 5, giving GCHQ permission to modify commercial software to “enable intercept, decryption and other related tasks”.

GCHQ said in another memo that personal security products such as Kaspersky’s posed a “challenge” to the agency’s Computer Network Exploitation (CNE) capability. “SRE (software reverse-engineering) is essential in order to be able to exploit such software and to prevent detection of our activities,” the memo stated.

The Intercept argued that the warrants are “legally questionable on several grounds”, in part because the law upon which they are based makes reference to interference with property and communications systems but not intellectual property.

A slide from an NSA presentation lists at least 23 IT security software makers that the agency targeted, including Finland’s F-Secure, Slovakia’s Eset, Czech Republic’s Avast and Romania’s Bit-Defender. US firms Symantec and McAfee and the UK’s Sophos were not listed.

Communications intercepted

In addition to reverse engineering, the agencies also intercepted communications sent to companies including Kaspersky in order to identify newly reported vulnerabilities that might be used to help gain access to target systems, according to the report.

The spy agencies also reportedly reverse-engineered CheckPoint firewall software and commercial encryption programs such as CrypticDisk and Acer’s eDataSecurity, as well as Cisco routers, modifying some routers in order to “re-route selective traffic” into data collection systems.

Earlier this month Kaspersky said it was hacked last year by the Stuxnet and Duqu gangs, which transferred data from the company’s network over a period of several months.

Kaspersky says its software protects more than 400 million users worldwide.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago