According to The Intercept, the most recent batch of documents released by NSA leaker Edward Snowden makes it clear that global intelligence agencies, including the NSA and the UK’s GCHQ, have been working to subvert commercial security software produced by Kaspersky Lab and other firms.
More on NSA efforts to subvert commercial security software
According to the documents, global spy agencies have been working to reverse engineer software products under questionable legal authority, as well as monitoring web and email traffic to and from security software firms to gain information to thwart anti-virus software and pick up intelligence about security software and users of such software. Moscow-based Kaspersky Lab, which has 270,000 corporate clients and claims to protect more than 400 million people with its products, is clearly a focus of the agencies efforts to subvert anti-malware apps.
The GCHQ worked to undermine Kaspersky software using a method known as software reverse engineering, according to a top-secret warrant renewal request released by Snowden. The NSA also analyzed Kaspersky Lab software for weaknesses, and also got access to sensitive customer information by monitoring communications between the apps and Kaspersky servers. The agency also routinely monitored emails being sent to security software companies pointing out new viruses and system vulnerabilities.
Compromising security software is a big deal because it defends the system against an array of threats and typically runs with elevated network privileges that allow attackers greater access to all systems.
Analysts have pointed out that it seems like the NSA is engaged in a “game of cat and mouse” with security software firms. Global intel agencies are constantly probing for weaknesses in the firms’ software, and in return the firms are steadily exposing hidden state-sponsored malware as it is discovered.
Statement from security researcher
Security software is the perfect target for cyber attackers, points out Joxean Koret, a researcher with security consulting firm Coseinc. “If you write an exploit for an anti-virus product you’re likely going to get the highest privileges (root, system or even kernel) with just one shot,” Koret told The Intercept. “Anti-virus products, with only a few exceptions, are years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there.”