NSA, GCHQ targeted Kaspersky, other cybersecurity companies – Snowden docs
US and British spy agencies worked to reverse-engineer antivirus software in order to "exploit such software and to prevent detection of our activities." Russian security firm Kaspersky Lab was particularly targeted.
Citing documents leaked by former intelligence contractor Edward Snowden more than two years ago, The Intercept reported Monday that the US National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ) teamed up to subvert antivirus and security software made by the likes of Kaspersky Lab.
In addition, 23 total security firms -- including the antivirus company F-Secure of Finland, Avast from the Czech Republic, and DrWeb of Russia -- were targets of the NSA's “Project CAMBERDADA."
The spy agencies sought to remain ahead of the software companies -- which often flag state-sponsored malware -- in order to give the US and UK governments an advantage during official hacking operations.
Kaspersky Lab was a particularly crucial target, according to the Snowden documents.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE [software reverse engineering] is essential in order to be able to exploit such software and to prevent detection of our activities,” GCHQ wrote in a warrant renewal request from 2008. “Examination of Kaspersky and other such products continues.”
GCHQ's request -- valid for six months from July 7, 2008 to January 7, 2009 -- sought reauthorization from the UK Foreign Secretary for infiltration that would “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
It's nice to know Kaspersky gave GCHQ trouble in 2008. Would be better to know if it still does now. https://t.co/hJUz3iIg1k
— Latentexistence (@latentexistence) June 22, 2015
Sans a warrant for reverse engineering, GCHQ was concerned that its actions might be "unlawful" or an infringement of copyright claims.
“Reverse engineering of commercial products needs to be warranted in order to be lawful,” a GCHQ agency memo said. “There is a risk that in the unlikely event of a challenge by the copyright owner or licensor, the courts would, in the absence of a legal authorisation, hold that such activity was unlawful[…]”
The NSA also sought weaknesses in Kaspersky Lab's software, employed by more than 400 million users worldwide, the company has claimed. The American spy agency found, in 2008, that the company transmitted sensitive user data to back the company's servers. The "leaky" information -- embedded in what is called "User-Agent" strings -- was then intercepted and used to track Kaspersky customers, The Intercept reported.
In a statement to The Intercept, Kaspersky Lab denied "User-Agent" strings could be used to track its customers.
“The information is depersonalized and cannot be attributed to a specific user or company,” Kaspersky Lab said. “We take all possible measures to protect this data from being compromised, for example through strong encryption.”
Through what was known as “Project CAMBERDADA," the NSA also monitored email traffic of foreign antivirus companies as late as 2010. The spy agency sought to uncover software vulnerabilites or malware reports. Project CAMBERDADA involved 23 antivirus companies, though not US-based McAfee and Symantec or the UK's Sophos.
"A prolific hunter of state-sponsored malware," according to The Intercept, Kaspersky Lab, founded by Eugene Kaspersky, has helped unearth many superviruses, including Stuxnet, an unprecedented tool of cyber-warfare, in 2010.
"It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe," Kaspersky Lab told The Intercept. "However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations."
— Andrew Fishman (@AndrewDFish) June 22, 2015
Though the company has cooperated with law enforcement during many cybercrime investigations, Kaspersky's reputation has earned the ire of Western spies, which claim his company is in league with the Russian intelligence service FSB. Kaspersky has denied the accusations, pointing to the company's reports on malware that came from Russian developers.
“It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets," he said in a recent blog post. "Nobody trusts us — by default."
The company expressed that it would used this newly found information to counteract any such attempts to reverse engineer and subvert its security services, not only for the sake of protecting its customers, but to help resist mass surveillance in general.
"As noted during the recent Duqu 2.0 nation-state sponsored attack, we find it extremely worrying that government organizations are targeting security companies instead of focusing their resources against legitimate adversaries, and are actively working to subvert security software that is designed to keep us all safe," Kaspersky Labs said in a statement to RT.
"At Kaspersky Lab we diligently work to protect our users and to keep our products secure through intense code review and vulnerability assessment efforts. We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it."
"Once again, we would like to stress the need for security companies to work together as a community and fight for user privacy, the right to privacy on the Internet, thwart mass surveillance and make the world a safer place,"