Documents show NSA, GCHQ launched attacks against anti-virus software makers
The U.S. National Security Agency and its British equivalent, the Government Communications Headquarters, have both been launching attacks against security software in order to track individuals and break into networks, a report said on Monday.
One of the primary targets has been Russia's Kaspersky Lab, according to documents leaked by ex-NSA contractor Edward Snowden, obtained by The Intercept. The agencies have been reverse-engineering Kaspersky software to discover potential exploits, the documents show, and the NSA in particular has allegedly taken things a step further by intercepting data sent from Kaspersky apps to the company's servers. Much of that app data is reportedly unencrypted, although Kaspersky told The Intercept that it was unable to reproduce similar findings in testing.
One specific piece of evidence for reverse engineering is a GCHQ warrant renewal request from 2008, asking for the legal sanction to deconstruct apps from Kasperksy and others because they "pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities." The agency also indicated that SRE was being used to judge the suitability of anti-virus programs for use by separate government organizations.
The NSA tracking program reportedly involves monitoring HTTP requests, which contain unique identifiers showing that a customer has Kaspersky software. This in turn allows the NSA to track someone and judge whether their computer is vulnerable to an attack. In a statement to The Intercept however, Kaspersky insisted transmitted data is depersonalized and that it uses encryption.
Another NSA method involves scanning the email traffic of foreign anti-virus companies in order to pick up hints of new exploits and malware. In the case of malware, the agency has a group that can repurpose it to launch an attack against a desired target.
An internal 2010 presentation on the monitoring program, known as "Project CAMBERDADA," mentions 23 foreign anti-virus firms apart from Kaspersky such as Avast, F-secure, and Check Point. Major American and British companies are excluded, such as McAfee, Symantec and Sophos.
Earlier this year Kaspersky was hit with a major intrusion. The company indicated that the group behind the attack may be connected to other incidents involving negotiations involving Iran's nuclear program, as well as the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camp during World War II.
One of the primary targets has been Russia's Kaspersky Lab, according to documents leaked by ex-NSA contractor Edward Snowden, obtained by The Intercept. The agencies have been reverse-engineering Kaspersky software to discover potential exploits, the documents show, and the NSA in particular has allegedly taken things a step further by intercepting data sent from Kaspersky apps to the company's servers. Much of that app data is reportedly unencrypted, although Kaspersky told The Intercept that it was unable to reproduce similar findings in testing.
One specific piece of evidence for reverse engineering is a GCHQ warrant renewal request from 2008, asking for the legal sanction to deconstruct apps from Kasperksy and others because they "pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities." The agency also indicated that SRE was being used to judge the suitability of anti-virus programs for use by separate government organizations.
The NSA tracking program reportedly involves monitoring HTTP requests, which contain unique identifiers showing that a customer has Kaspersky software. This in turn allows the NSA to track someone and judge whether their computer is vulnerable to an attack. In a statement to The Intercept however, Kaspersky insisted transmitted data is depersonalized and that it uses encryption.
Another NSA method involves scanning the email traffic of foreign anti-virus companies in order to pick up hints of new exploits and malware. In the case of malware, the agency has a group that can repurpose it to launch an attack against a desired target.
An internal 2010 presentation on the monitoring program, known as "Project CAMBERDADA," mentions 23 foreign anti-virus firms apart from Kaspersky such as Avast, F-secure, and Check Point. Major American and British companies are excluded, such as McAfee, Symantec and Sophos.
Earlier this year Kaspersky was hit with a major intrusion. The company indicated that the group behind the attack may be connected to other incidents involving negotiations involving Iran's nuclear program, as well as the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camp during World War II.
Comments
What would the spies, spooks, hackers, malware writers, spammers, security software companies and IT technicians do for a living?
and these are the people looking after our interests....they act like the enemy of the people...totally lawless.
Heaven forbid that PCs running old versions of Microsoft Windows operating systems should be phased out, or prevented from accessing the Internet!
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
So you link to an article from an anti-virus company, Kaspersky, to support your beliefs? Are you actually running anti-virus software on your Mac? Do you realize that every piece of software that you install becomes yet another attack vector? OS X doesn't need anti-virus software beyond what Apple is doing, when the computer is used with presence of mind, and common sense. Know your computer, don't blindly trust a third-party company to be looking out for your best interests.
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html
The takeaway:
Clearly as the OS X platform becomes more widely adopted across enterprises, threat groups like GREF will continue to adapt and find ways to exploit that platform.
Mac OS 9 forever.
Or just run hardened versions of OS X on PPC.
Or just run hardened versions of OS X on PPC.
See the link I posted
Also, note the last version of OS X for PPC never supported code signing (Gatekeeper), something Microsoft has had since Windows 95.
Meh - Well if you believe that I have used car - only one owner for you , a real bargain
You forgot the part where we pay their damn salaries....
You forgot the part where we pay their damn salaries....
true!!!!!!!
"But But we are the good guys" nothing to worry about!
Meh - Well if you believe that I have used car - only one owner for you , a real bargain
"We are the good guys and we protect you from yourself" However I believe this is old news. Since everything is digitalised it is therefor stored. And when something is stored it can be abused (or used) by different parties. Instead of digging all the big data they are just simply monitoring the on-going data instead. Much easier and efficient, since they can spot events before break out.
This might sound silly, but take the upcoming events of Winter Olympics in South Korea 2018. The downhill skiing final is just about to start and three bombs blasts of in the valley making huge avalanches. If that could have been found out in advance a lot of lifes would have been saved.
Over and out.
I wonder how much control the Kremlin maintains over Kaspersky Labs? Most likely -total- control. Remember... "Putin is the new Stalin"!
Personally I'm glad they are keeping an eye on them... you know they (the Kremlin) are keeping an eye on you!
If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running.
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked.
So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.
You're pretty clueless if you are running anti-virus on OS X because an anti-virus company told you you should. You do realize that anti-virus software is nothing more than an attack vector, right? The permissions you gave your anti-virus software and the deep hooks it installed in your system will leave you vulnerable for a long time to come, often even after you think you've deleted the crap.
You'd be far better off running Little Snitch. Any so called Mac anti virus software I've tested is either a malware scam or adds to your dangers.
I wonder how much control the Kremlin maintains over Kaspersky Labs? Most likely -total- control. Remember... "Putin is the new Stalin"!
Personally I'm glad they are keeping an eye on them... you know they (the Kremlin) are keeping an eye on you!
He's not. Putin is practically a puppet this point, other forces in Russia are in control now (no, it's not the "banksters").