More like this

Business

Arrow

The Channel

Reg comments
54

GCHQ: Security software? We'll soon see about THAT

Greenwald pulls 2008 reverse-engineering doc from bulging Snowden file

man_from_uncle_648

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept.

According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come as a shock to no-one.

Kaspersky Lab was singled out in the report, with the NSA and GCHQ paying special attention to studying its software for weaknesses.

In 2008, GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations and stated it needed to reverse engineer it to find ways to "neutralise the problem".

Other firms were also targeted including Bitdefender, ESET, Avast, AVG, and F-Secure. However US-based vendors McAfee and Symantec and Brit-based Sophos were notable by their absence.

The requested warrant – provided under Section 5 of the UK’s 1994 Intelligence Services Act – must be renewed by a government minister every six months, said The Intercept.

The request seeks authorisation for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software”.

In a statement regarding the revelations, Kaspersky called on security companies to "work together" to fight for user privacy and combat mass surveillance.

It said: "[We] find it extremely worrying that government organisations are targeting security companies instead of focusing their resources against legitimate adversaries, and are actively working to subvert security software that is designed to keep us all safe."

"At Kaspersky Lab we diligently work to protect our users and to keep our products secure through intense code review and vulnerability assessment efforts. We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it." ®

Sponsored: The world has changed, has your IAM strategy?