When the Russian security firm Kaspersky Lab disclosed recently that it had been hacked, it noted that the attackers, believed to be from Israel, had been in its network since sometime last year.
The company also said the attackers seemed intent on studying its antivirus software to find ways to subvert the software on customer machines and avoid detection.
Now newly published documents released by Edward Snowden show that the NSA and its British counterpart, GCHQ, were years ahead of Israel and had engaged in a systematic campaign to target not only Kaspersky software but the software of other antivirus and security firms as far back as 2008.
The documents, published today by The Intercept, don’t describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it. The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it.
But antivirus wasn’t the only target of the two spy agencies. They also targeted their reverse-engineering skills against CheckPoint, an Israeli maker of firewall software, as well as commercial encryption programs and software underpinning the online bulletin boards of numerous companies. GCHQ, for example, reverse-engineered both the CrypticDisk program made by Exlade and the eDataSecurity system from Acer. The spy agency also targeted web forum systems like vBulletin and Invision Power Board—used by Sony Pictures, Electronic Arts, NBC Universal and others—as well as CPanel, a software used by GoDaddy for configuring its servers, and PostfixAdmin, for managing the Postfix email server software But that’s not all. GCHQ reverse-engineerred Cisco routers, too, which allowed the agency’s spies to access “almost any user of the internet” inside Pakistan and “to re-route selective traffic” straight into the mouth of GCHQ’s collection systems.
While governments also worked secretly to try to reverse engineer software like Kaspersky’s, they also sought out warrants to have legal backing behind their actions. Given that proprietary security software is protected by copyright, the authorities wanted to ensure legally that their software reverse engineering wouldn’t be considered "a copyright infringement or a breach of contract."
The company also said the attackers seemed intent on studying its antivirus software to find ways to subvert the software on customer machines and avoid detection.
 |
| NSA Targeted One Of The World’s Biggest Security Companies |
Now newly published documents released by Edward Snowden show that the NSA and its British counterpart, GCHQ, were years ahead of Israel and had engaged in a systematic campaign to target not only Kaspersky software but the software of other antivirus and security firms as far back as 2008.
The documents, published today by The Intercept, don’t describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it. The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it.
The new documents indicate the NSA was able to gain access to a trove of Kaspersky-specific information, including:
- "Leaky" user information that was being transmitted through the company’s networks
- Private emails sent to the firm
- Lists of new malware that were flagged for Kaspersky
But antivirus wasn’t the only target of the two spy agencies. They also targeted their reverse-engineering skills against CheckPoint, an Israeli maker of firewall software, as well as commercial encryption programs and software underpinning the online bulletin boards of numerous companies. GCHQ, for example, reverse-engineered both the CrypticDisk program made by Exlade and the eDataSecurity system from Acer. The spy agency also targeted web forum systems like vBulletin and Invision Power Board—used by Sony Pictures, Electronic Arts, NBC Universal and others—as well as CPanel, a software used by GoDaddy for configuring its servers, and PostfixAdmin, for managing the Postfix email server software But that’s not all. GCHQ reverse-engineerred Cisco routers, too, which allowed the agency’s spies to access “almost any user of the internet” inside Pakistan and “to re-route selective traffic” straight into the mouth of GCHQ’s collection systems.
While governments also worked secretly to try to reverse engineer software like Kaspersky’s, they also sought out warrants to have legal backing behind their actions. Given that proprietary security software is protected by copyright, the authorities wanted to ensure legally that their software reverse engineering wouldn’t be considered "a copyright infringement or a breach of contract."
