14 DAY TRIAL // Newly published top secret NSA documents from the Snowden cache show that both US and UK intelligence agencies made efforts to find weak spots in security products, in order to keep their activity undetected.
The files, provided by The Intercept, present mostly the challenges faced by British intelligence GCHQ (Government Communications Headquarters) in carrying out computer network exploitation tasks on targets protected by Kaspersky products.
To overcome the problems, GCHQ requested on June 13, 2008, a renewal of a warrant that allowed software reverse engineering (SRE) of commercial security products to find ways to circumvent detection of the spying tools. Such warrants are valid for a period of six months.
Multiple security vendors targeted
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal request motivates.
Kaspersky was far from being the only vendor targeted by the spy agencies, as the list includes products from another 23 companies, such as Bitdefender, AVG, F-Secure, Dr. Web, Avira, Arcabit, ESET, Emsisoft, Avast, and Checkpoint.
Furthermore, the endeavor of the intelligence agencies did not stop at reverse engineering, as hunting weak spots extended to email surveillance through Project CAMBERDADA, whose purpose was to collect messages containing malware samples for antivirus vendors to analyze.
This tactic allowed NSA and GCHQ to keep tabs on the detection capabilities of security tools, but it also opened the door for new opportunities, such as repurposing the malware and monitoring the individuals that provided the samples.
Emails to antivirus companies can also contain information about vulnerabilities in the product, which could be exploited by intelligence entities for hacking operations, until a patch was created and pushed to clients.
Approval for reversing Cisco software
Cisco was also mentioned in the warrant renewal request. “GCHQ’s CNE operations against in-country communication switches (routers) have also benefited from SRE,” it is revealed in the document.
“Capability against Cisco routers developed by this means has allowed a CNE presence on the Pakistan Internet Exchange which affords access to almost any user of the internet inside Pakistan. Our presence on routers likewise allows us to re-route selected traffic across international links towards GCHQ’s passive collection systems,” the agency motivates.
Recently, Kaspersky disclosed a sophisticated attack against its networks from what appears to be a state-sponsored action. At a press conference in London, Eugene Kaspersky, CEO of the company, did not name a government but said that the cost of the operation is estimated to start at $10 / €8.8 million, and the malware exploited multiple vulnerabilities that were zero-days at the time of the incident.
