NSA and GHCQ targeting antivirus developers, say Snowden documents

Kaspersky Lab is a global IT security providers based in Russia. Source: Reuters

Kaspersky Lab is a global IT security providers based in Russia. Source: Reuters

According to documents provided by whistleblower and former NSA operative Edward Snowden, the U.S. and UK security services have attempted to break into the software of Russia's Kaspersky Lab, as well as 20 other antivirus developers around the world. Company CEO Yevgeny Kaspersky has compared the event to a "good audit."

New documents provided by former American secret service employee-turned whistleblower Edward Snowden claim that the U.S. and UK security services have been carrying out attacks against antivirus developers around the world, including Russian company Kaspersky Lab.

On June 23 the American news site The Intercept cited documents belonging to former American secret service employee Edward Snowden as saying that America's National Security Agency (NSA) and the UK's Government Communications Headquarters (GCHQ) had been studying Kaspersky Lab's weak points and, essentially, tried breaking into its software.

"The spy agencies have reverse-engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software," reads the article. The author adds that shadowing was also done on France’s FSB Antivirus, Italy’s NoVirusThanks, China’s Antiy Labs, South Korea’s AhnLab and other software.

Edward Snowden fled the United States in 2013 after leaking classified documents revealing the participation of the NSA in mass surveillance programs around the world. He has been in hiding in Russia since 2013 after Moscow granted him one-year temporary asylum, which was then extended to three years.

 

What did Kaspersky say?

Immediately after the article in The Intercept, Kaspersky Lab issued an official statement saying that it was alarmed by the fact that "government special services are targeting developers of information security solutions, those developers who stand for the defense of all internet users, instead of using their technologies against real cybercriminals."

The founder of the company himself, Yevgeny Kaspersky, who had once called Snowden a "lousy traitor" whose revelations were "trivial" (since it was clear to everyone that security services monitor the internet), told the press on June 24 that he had been informed of the published information received from Snowden, as well as of the source of penetration. Kaspersky compared the event to "a good audit" that was useful for the company.

"They had been purposefully looking for ‘holes’ in our system, but couldn't find them, and their penetration left us with no damage," said Kaspersky. He said that the security services had found "a standard piece of unencrypted traffic," but this is not a problem. "We will encrypt it well next time," he promised.

Recently the company has published details of a study of a targeted attack on the Kaspersky Lab with the help of the Duqu 2.0 platform, which it alleges was partly sponsored by the government structures of an unknown country.

 

A check, an attack or a preparatory phase?

However, not all observers believe the alleged attack is all that it is being made out to be. Some Russian experts say that the attacks reflect normal procedure on the part of the security services and see the publication of the documents reporting the attack as "the incompetent work by journalists." In an interview with the Kommersant FM radio station, Deputy Technical Director of Positive Technologies Dmitry Mitchenkov described the incident as "a standard check that is carried out not only on antivirus resources, but on protective resources in general, when they are about to be used somewhere in government organs."

Representatives of Doctor Web, another Russian company on Snowden's list, are also not surprised. "The cyber services of most countries naturally look for vulnerable places through which they can obtain interesting information," said the company’s director of research and development Sergei Komarov in an interview with the National News Service.

However, Alexei Lukatsky, a business consultant at Cisco System and one of Russia's leading experts on cyber security, believes that such "special services checks" mean something else. "In the given case an attack and a check are not very different from one another," Lukatsky said.

"This is mostly likely a preparatory phase. In order to carry out special operations in cyber space one must know how defense resources work. So the special services will use any mechanism to obtain the necessary information." In Lukatsky's view, such "checks" may also be aimed at Russian strategic sites, many of which also use Kaspersky products.

According to Lukatsky, it is unlikely that antivirus software producers will be able to unite to counter operations carried out by other countries’ security services since they are conditioned by their business interests. "The question is – how will the developers react? I think they will react in a very prompt manner."

 

All rights reserved by Rossiyskaya Gazeta.