The Channel logo


By | Kat Hall 23rd June 2015 11:23

GCHQ: Security software? We'll soon see about THAT

Greenwald pulls 2008 reverse-engineering doc from bulging Snowden file

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept.

According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come as a shock to no-one.

Kaspersky Lab was singled out in the report, with the NSA and GCHQ paying special attention to studying its software for weaknesses.

In 2008, GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations and stated it needed to reverse engineer it to find ways to "neutralise the problem".

Other firms were also targeted including Bitdefender, ESET, Avast, AVG, and F-Secure. However US-based vendors McAfee and Symantec and Brit-based Sophos were notable by their absence.

The requested warrant – provided under Section 5 of the UK’s 1994 Intelligence Services Act – must be renewed by a government minister every six months, said The Intercept.

The request seeks authorisation for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software”.

In a statement regarding the revelations, Kaspersky called on security companies to "work together" to fight for user privacy and combat mass surveillance.

It said: "[We] find it extremely worrying that government organisations are targeting security companies instead of focusing their resources against legitimate adversaries, and are actively working to subvert security software that is designed to keep us all safe."

"At Kaspersky Lab we diligently work to protect our users and to keep our products secure through intense code review and vulnerability assessment efforts. We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it." ®

comment icon Read 54 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe