The Channel logo

News

By | Kat Hall 23rd June 2015 11:23

GCHQ: Security software? We'll soon see about THAT

Greenwald pulls 2008 reverse-engineering doc from bulging Snowden file

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept.

According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come as a shock to no-one.

Kaspersky Lab was singled out in the report, with the NSA and GCHQ paying special attention to studying its software for weaknesses.

In 2008, GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations and stated it needed to reverse engineer it to find ways to "neutralise the problem".

Other firms were also targeted including Bitdefender, ESET, Avast, AVG, and F-Secure. However US-based vendors McAfee and Symantec and Brit-based Sophos were notable by their absence.

The requested warrant – provided under Section 5 of the UK’s 1994 Intelligence Services Act – must be renewed by a government minister every six months, said The Intercept.

The request seeks authorisation for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software”.

In a statement regarding the revelations, Kaspersky called on security companies to "work together" to fight for user privacy and combat mass surveillance.

It said: "[We] find it extremely worrying that government organisations are targeting security companies instead of focusing their resources against legitimate adversaries, and are actively working to subvert security software that is designed to keep us all safe."

"At Kaspersky Lab we diligently work to protect our users and to keep our products secure through intense code review and vulnerability assessment efforts. We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it." ®

comment icon Read 54 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'