NSA Has Reverse-Engineered Consumer Anti-Virus Software To Track Users

Uploaded on 2015-06-29 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

 kaspersky-gchq-warrant.png

The text of the warrant request, mentioning Kaspersky (and total access to Pakistan's Internet infrastructure).


The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept.

Cybersecurity companies, including the Moscow-headquartered Kaspersky Lab, were targeted by government agencies to gain intelligence of the latest exploits. Details of the security software’s inner workings were deciphered by agencies through a process called software reverse engineering (SRE), which allowed them to analyze and exploit the software suites.
A top-secret warrant renewal request issued by the GCHQ details the motivations behind infiltrating the products of such anti-virus companies.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,” the warrant stated, “and SRE is essential in order to be able to exploit such software and to prevent detection of our activities.”
A leaked 2010 presentation called “Project CAMBERDADA” also suggested that the government agencies may be searching through and flagging the emails of employees from cybersecurity firms in order to identify more of these threats.

Documents also disclosed efforts by the NSA of intercepting “leaky” data being sent from users’ computers to the Kaspersky Lab servers. Such data, including sensitive user information, was embedded in “User-Agent” strings in the HTTP requests and could be used to assess and track users’ activity.
In a statement to The Intercept, Kaspersky Lab said:
”It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations.”

In a testament of just how far-reaching the tracking capabilities of these government agencies has become, an interesting tidbit from today’s leak, a top-secret “Five Eyes” presentation, disclosed that the GCHQ was regularly collecting intel on 100 million malware events per day.
Techcrunch: http://tcrn.ch/1eetGod

« GCHQ's Surveillance of Rights Groups is Illegal
Cambridge to Open Cyber Security Research Centre »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Acuity RM Group

Acuity RM Group

Acuity RM Group helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.