Whistleblower Snowden reveals reverse-engineering to anti-virus software

Published 23.06.2015 00:00
Updated 23.06.2015 00:07
emReuters Photo/em
Reuters Photo

The National Security Agency (NSA) and its British counterpart, Government Communications Headquarters (GCHQ) have worked to subvert popular anti-virus software in order to track user activities and infiltrate networks, according to the latest documents from NSA whistleblower Edward Snowden revealed on Monday by a website focusing on Snowden leaks, the Intercept.

Many cyber-security companies, including the Russian Kaspersky Lab, German Avira, Romanian Bit-Defender, Czech Avast and AVG, Finnish F-secure and Slovakian ESET were targeted by the two agencies to gain intelligence of the latest exploits. Details of the security software's inner workings were decoded by the two secret services using a process called"software reverse engineering" (SRE), which enabled them to analyze and exploit the popular anti-virus software suites.

A top-secret warrant renewal request issued by the British intelligence agency GCHQ details the motivations behind infiltrating the software of these anti-virus companies.

"Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability," the warrant said, "and SRE is essential in order to be able to exploit such software and prevent detection of our activities."

Documents also revealed efforts by the NSA of intercepting "leaky" data being sent from users' computers to the Kaspersky Lab servers. Such confidential data, including sensitive user information, was embedded in "User-Agent" strings in the HTTP requests and could be used to assess and track users' activity.

Kaspersky Lab, one of the biggest players in the anti-virus software sector, in a statement to the Intercept, said: "It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn't come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations."

The NSA previously came under fire for illegal surveillance of user activities. After the development of the clandestine surveillance program called the "PRISM" in 2007 in the wake of the passage of the Protect America Act, the NSA and several other intelligence agencies were accused of collecting sensitive user information.

Some technology companies like Microsoft also drew fire for illegal data collection. In the late 2014, when Microsoft released the technical preview version of Windows 10, it was alleged that the company embedded a built-in keylogger in the system files of the operating system.

Share on Facebook Share on Twitter