Pages

3 July 2015

Kaspersky software reverse engineered by NSA, GCHQ: Report

By Asha Barbaschow

The NSA and GCHQ have been reportedly reverse engineering Kaspersky Lab and other anti-virus security companies since 2008. 

Edward Snowden, the former NSA contractor and whistleblower, has leaked documents that claim the US National Security Agency (NSA) and UK Government Communications Headquarters (GCHQ) have actively reverse engineered security and anti-virus software to obtain intelligence, according to a report by The Intercept.

The documents obtained reportedly highlight the Russian software security firm, Kaspersky Lab, as one of the main targets, with GCHQ reverse-engineering Kaspersky's anti-virus software looking for vulnerabilities that could be subverted.

The Intercept posted an NSA document titled "Project Camberdada" that lists at least 23 antivirus and security firms that were in that spy agency's sights -- none of the companies were of U.K. or U.S. origin, but there was more than one firm from the country in which Snowden now calls home.

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use. 

Earlier this month, Eugene Kaspersky said in a blog post that his firm had recently discovered an advanced attack on its software. The security mogul said that his company was quite confident that there was a nation state behind the attack, but made it clear that he did not wish to attribute it.

"We're security experts -- the best -- and we don't want to dilute our core competence by getting into politics," he said. "Governments attacking IT security companies is simply outrageous."

"We're supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. We share our knowledge to fight cybercrime and help investigations become more effective.

"There are many things we do together to make this cyberworld a better place. But now we see some members of this 'community' paying no respect to laws, professional ethics or common sense."

Yesterday, GCHQ was found guilty of illegally spying on two human rights groups, the Egyptian Initiative for Personal Rights and the Legal Resources Centre, with the governing body -- the Investigatory Powers Tribunal (IPT) -- ruling that the British intelligence agency breached human rights legislation, violating their rights under Article 8 of the Human Rights Act.

"We welcome the IPT's confirmation that any interception by GCHQ in these cases was undertaken lawfully and proportionately, and that where breaches of policies occurred they were not sufficiently serious to warrant any compensation to be paid to the bodies involved," a government spokesperson said

"GCHQ takes procedure very seriously. It is working to rectify the technical errors identified by this case and constantly reviews its processes to identify and make improvements."

No comments:

Post a Comment