How the NSA Spied on Antivirus Companies to Make Undetectable Malware
Russian antivirus company Kaspersky revealed recently that it was the target of hackers behind the Stuxnet and Duqu worms last year. The hackers have been attacking the company’s network for months, collecting data on its operations and software. But it turns out that intelligence agencies including the NSA and GCHQ have spied on antivirus companies for years, looking for exploitable vulnerabilities.
The new report comes from newly leaked documentation from NSA-whistleblower Edward Snowden, who made them available to The Intercept.
According to the documents, these agencies were spying on antivirus companies as far back a 2008, looking at their malware-detecting capabilities and adapting malware threats undetectable by these programs to serve for their covert spying operations. By spying on antivirus companies from various countries and reverse-engineering their software, the NSA and GCHQ were looking to stay ahead of the game and make sure that these programs would not be able to detect their own spying software.
Kaspersky is also one of the targets of both agencies, being an especially hard nut to crack. The GCHQ tried to legally spy on Kaspersky, and did so for a brief period of time.
“Reverse engineering of commercial products needs to be warranted in order to be lawful,” a GCHQ agency memo said. “There is a risk that in the unlikely event of a challenge by the copyright owner or licensor, the courts would, in the absence of a legal authorization, hold that such activity was unlawful[…]”
When looking at Kaspersky’s operations, the NSA would spy on incoming email from customers, which would describe newly discovered threats. Out of the many reports, the spy agencies would select some 10 malicious files per day out of the hundreds of thousands that might arrive on a single day, study them, and repurpose the ones that can’t be detected by Kaspersky’s antivirus programs.
The full story about this new massive NSA and GCHQ spying operations is available at the source link.