NSA and GCHQ repeatedly targeted Kaspersky and others

sincity · June 23, 2015

UK and US intelligence services have been relentlessly pursuing Kaspersky Labs and other antivirus software companies to gain detailed information on users.

First reported by The Intercept, the US National Security Agency (NSA) and UK GCHQ used reverse engineering to gain access to antivirus software and monitored web and email traffic to gain intelligence about users and the antivirus companies themselves.

The information, which was contained in documents released by NSA whistleblower Edward Snowden, explained that the UK's intelligence agency applied for warrants to use software reverse engineering (SRE) in order to learn more about the software for future tactical use.

GCHQ applied for the warrant as it believed it needed legal cover because otherwise it could be seen as unlawful and may have amounted to copyright infringement. SRE is a technique that involves reversing thousands of commands that tell a computer what to do and producing a format that is far easier for a human to understand.

"Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities," the warrant renewal request said.

On the other side of the Atlantic, an NSA research team discovered in 2008 that Kaspersky software was sending sensitive user information back to its own servers and found out that this was simple enough to intercept and then used it to track users.

It managed to pick up this information from "User-Agent" strings in HTTP header requests and then used these to uniquely identify the devices owned by Kaspersky antivirus users. Kaspersky later denied this was possible in an email sent to The Intercept yet various Twitter users have been able to achieve the same result.

Email eavesdropping

The NSA goes further than that still. It's further claimed that in a presentation given in 2010 on Project CAMBERDADA the agency admitted to monitoring the email accounts of different companies to find flaws in antivirus software.

Neither agency responded to the story when asked for a comment and the latest news comes in the same month that Kaspersky claimed it had been targeted by an intrusion that got to the very centre of its systems.