Newly unearthed documents obtained by The Intercept indicate that the National Security Agency (NSA) as well as the UK’s Government Communications Headquarters (GCHQ) have been targeting the largest antivirus companies using various hacking techniques.
The government agencies used what’s known as software reverse engineering to snoop on security companies, according to the new report. This reportedly allowed them to be able to see data that went in and out of the companies’ networks as well giving them access to some email data. The intent of the program was to remain one step ahead of the biggest antivirus companies, essentially giving the governments intel into the world of vulnerability tracking.
Both the NSA and the GCHQ heavily targeted the Russia-based antivirus company Kaspersky Lab, The Intercept reports, citing documents leaked by NSA whistleblower Edward Snowden.
Targeting antivirus software is highly strategic. Security products often run on operating systems using the highest of computer privileges. If attackers are able to exploit such softwares, it’s possible for the hackers to do even more damage with the elevated control the software grants.
The new documents indicate the NSA was able to gain access to a trove of Kaspersky-specific information, including:
- “Leaky” user information that was being transmitted through the company’s networks
- Private emails sent to the firm
- Lists of new malware that were flagged for Kaspersky
This sort of cyberespionage has become somewhat common, with governments trying to find vulnerabilities in security software and antivirus companies trying to discover state-led attacks.
The report explains:
Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
While governments also worked secretly to try to reverse engineer software like Kaspersky’s, they also sought out warrants to have legal backing behind their actions. Given that proprietary security software is protected by copyright, the authorities wanted to ensure legally that their software reverse engineering wouldn’t be considered “a copyright infringement or a breach of contract.”
Kaspersky Lab wrote this statement to The Intercept:
It is extremely worrying that government organisations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations.
This isn’t the first time Kaspersky Lab is been targeted by hackers. Earlier this month the antivirus company wrote a blog post admitting it had been hacked, although that attack likely came from Israel.