The National Security Agency and British counterpart, the GCHQ, have infiltrated numerous online security companies to track their customers, new documents from whistleblower Edward Snowden have revealed.
The documents, provided to The Intercept, revealed the two agencies have “reverse engineered” software to “discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software.”
Kaspersky Lab was one of the main security firms targeted and, according to the report, the spy agencies studied the firm’s software intently looking for weaknesses.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE (Computer Network Exploitation) capability,” a secret warrant renewal request from the GCHQ stated. “SRE (software reverse engineering) is essential in order to be able to exploit such software and to prevent detection of our activities.”
A government minister must renew the warrant every six months, according to The Intercept.
Kapersky Lab, in a statement to The Intercept, expressed its displeasure with the revelations:
It is extremely worrying that government organizations are targeting security companies instead of focusing their resources against legitimate adversaries, and are actively working to subvert security software that is designed to keep us all safe.
At Kaspersky Lab we diligently work to protect our users and to keep our products secure through intense code review and vulnerability assessment efforts. We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it.
Kapersky Lab was not the only target of the two agencies, however. Bitdefender, ESET, Avast, AVG, and F-Secure were also targeted. Surprisingly, American firms McAfee and Symantec and U.K.’s Sophos were not on the list.
The in-depth report by The Intercept can be read here.