NSA, GCHQ attacked popular anti-virus software, says leak

Here's another one for the spy books. To the surprise of perhaps no one, the NSA, along with their British counterparts, the GCHQ, have been revealed to have targeted, hacked, and compromised the very companies whose jobs it was to protect users from hacking and attacks, like, say, from criminals. This is the latest round of scandals coming from the ever-flowing Snowden leaks. Perhaps most worrying is the fact that this so called Project CAMBERDADA targeted not government or corporate security software, but the ones that most of us use on our PCs.

The list includes names you might be familiar with, like AVG, F-spot, Avast, and Bit-Defender. But the real and primary target of the black ops was Moscow-based Kaspersky. To be fair, this is not the first time the anti-virus company has succumbed to government-sponsored hacking. Early this month, it was revealed that the company was hit by a "0-day trampoline" derived from Stuxnet, a malware that was allegedly used by the government in 2012 to hack international groups. This time, however, the NSA and GCHQ used more subvert and subtle methods.

To say that these government agencies attacked Kaspersky on all sides would perhaps be accurate. They used almost every method available in order to get into the company's data stash. Agents reverse engineered Kasperky's anti-virus software in order to discover and exploit holes. They monitored and flagged company e-mail in order to remain abreast of new issues as well as to see if they have been detected. They also took advantage of unprotected data being sent from users' computers to Kasperky's servers.

All of these have been for the government's favorite security mantra: maintaining backdoors for them to use later on. Of course, government agencies would prefer to keep knowledge of those secret passageways to themselves. In an ideal world. In reality, however, if they could discover such exploits, so could others as well.

Naturally, Kaspersky was not amused by this revelation, especially after being targeted by US and UK governments repeatedly. Then again, it says it's not surprised. It comes with the job description, after all. It just makes the job a lot harder when both illegal and legal elements are working to take you down.

SOURCE: The Intercept

VIA: TechCrunch