Documents show NSA, GCHQ launched attacks against anti-virus software makers

Posted:
in General Discussion edited June 2015
The U.S. National Security Agency and its British equivalent, the Government Communications Headquarters, have both been launching attacks against security software in order to track individuals and break into networks, a report said on Monday.




One of the primary targets has been Russia's Kaspersky Lab, according to documents leaked by ex-NSA contractor Edward Snowden, obtained by The Intercept. The agencies have been reverse-engineering Kaspersky software to discover potential exploits, the documents show, and the NSA in particular has allegedly taken things a step further by intercepting data sent from Kaspersky apps to the company's servers. Much of that app data is reportedly unencrypted, although Kaspersky told The Intercept that it was unable to reproduce similar findings in testing.

One specific piece of evidence for reverse engineering is a GCHQ warrant renewal request from 2008, asking for the legal sanction to deconstruct apps from Kasperksy and others because they "pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities." The agency also indicated that SRE was being used to judge the suitability of anti-virus programs for use by separate government organizations.

The NSA tracking program reportedly involves monitoring HTTP requests, which contain unique identifiers showing that a customer has Kaspersky software. This in turn allows the NSA to track someone and judge whether their computer is vulnerable to an attack. In a statement to The Intercept however, Kaspersky insisted transmitted data is depersonalized and that it uses encryption.

Another NSA method involves scanning the email traffic of foreign anti-virus companies in order to pick up hints of new exploits and malware. In the case of malware, the agency has a group that can repurpose it to launch an attack against a desired target.

An internal 2010 presentation on the monitoring program, known as "Project CAMBERDADA," mentions 23 foreign anti-virus firms apart from Kaspersky such as Avast, F-secure, and Check Point. Major American and British companies are excluded, such as McAfee, Symantec and Sophos.

Earlier this year Kaspersky was hit with a major intrusion. The company indicated that the group behind the attack may be connected to other incidents involving negotiations involving Iran's nuclear program, as well as the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camp during World War II.
«1

Comments

  • Reply 1 of 24
    Heaven forbid that PCs running old versions of Microsoft Windows operating systems should be phased out, or prevented from accessing the Internet!

    What would the spies, spooks, hackers, malware writers, spammers, security software companies and IT technicians do for a living?
  • Reply 2 of 24
    nagrommenagromme Posts: 2,834member
    Just remember not to question what your government has told you to think: security and privacy are bad, and Edward Snowden is evil!
  • Reply 3 of 24
    tcaseytcasey Posts: 199member

    and these are the people looking after our interests....they act like the enemy of the people...totally lawless.

  • Reply 4 of 24
    konqerrorkonqerror Posts: 685member
    Quote:

    Originally Posted by pauldfullerton View Post



    Heaven forbid that PCs running old versions of Microsoft Windows operating systems should be phased out, or prevented from accessing the Internet!

     

    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 

    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

     

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

     

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.

  • Reply 5 of 24
    coolfactorcoolfactor Posts: 2,338member
    Quote:

    Originally Posted by konqerror View Post

     

     

    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 

    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

     

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

     

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.




    So you link to an article from an anti-virus company, Kaspersky, to support your beliefs? Are you actually running anti-virus software on your Mac? Do you realize that every piece of software that you install becomes yet another attack vector? OS X doesn't need anti-virus software beyond what Apple is doing, when the computer is used with presence of mind, and common sense. Know your computer, don't blindly trust a third-party company to be looking out for your best interests.

  • Reply 6 of 24
    mac_dogmac_dog Posts: 1,083member
    Quote:
    Originally Posted by konqerror View Post

     

    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 

    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

     

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

     

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.

     

    the article you reference is 3 years old, dated 02JUL12. got anything more recent?
  • Reply 7 of 24
    konqerrorkonqerror Posts: 685member
    Quote:



    Originally Posted by mac_dog View Post

     

    the article you reference is 3 years old, dated 02JUL12. got anything more recent?

     

    https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html

     

    Quote:

     FireEye Labs recently discovered a previously unknown variant of the APT backdoor XSLCmd – OSX.XSLCmd – which is designed to compromise Apple OS X systems. This backdoor shares a significant portion of its code with the Windows-based version of the XSLCmd backdoor that has been around since at least 2009.


     

    Quote:

    Across the global threat landscape, there has been a clear history of leveraging (or porting) Windows malware to the Apple OS X platform. In 2012, AlienVault discovered a document file exploiting an older vulnerability in Microsoft Word that installs a backdoor named “MacControl” on OS X systems. 


     

    Quote:

     In 2013, Kaspersky reported on a threat actor group they named “IceFog” that had been attacking a large number of entities related to military, mass media, and technology in South Korea and Japan. This group developed their own backdoor for both Windows and OS X. And just this year, Kaspersky published a report on a group they named "Careto/Mask" that utilized an open source netcat-like project designed to run on *nix and Windows systems named ‘sbd’ which they wrapped in a custom built installer for OS X.


     

    The takeaway:

    Quote:


      Not only have they adopted new Windows-based backdoors over time, as Apple’s OS X platform has increased in popularity in many companies, they have logically adapted their toolset to match in order to gain and maintain a persistent foothold in the organizations they are targeting. OS X has gained popularity across enterprises, from less savvy users who find it easy to operate, to highly technical users that utilize its more powerful features, as well as with executives. Many people also consider it to be a more secure computing platform, which may lead to a dangerous sense of complacency in both IT departments and with users. In fact, while the security industry has started offering more products for OS X systems, these systems are sometimes less regulated and monitored in corporate environments than their Windows peers.


     


    Clearly as the OS X platform becomes more widely adopted across enterprises, threat groups like GREF will continue to adapt and find ways to exploit that platform.



  • Reply 8 of 24
    konqerror wrote: »
    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 
    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.

    Mac OS 9 forever.

    Or just run hardened versions of OS X on PPC.
  • Reply 9 of 24
    konqerrorkonqerror Posts: 685member
    Quote:
    Originally Posted by TheWhiteFalcon View Post



    Or just run hardened versions of OS X on PPC.

     

    See the link I posted

     

    Quote:

     The sample is a universal Mach-O executable file supporting the PowerPC, x86, and x86-64 CPU architectures.


     

    Also, note the last version of OS X for PPC never supported code signing (Gatekeeper), something Microsoft has had since Windows 95.

  • Reply 10 of 24
    pistispistis Posts: 247member
    "But But we are the good guys" nothing to worry about!

    Meh - Well if you believe that I have used car - only one owner for you , a real bargain
  • Reply 11 of 24
    tcasey wrote: »
    and these are the people looking after our interests....they act like the enemy of the people...totally lawless.

    You forgot the part where we pay their damn salaries....
  • Reply 12 of 24
    tcaseytcasey Posts: 199member
    Quote:

    Originally Posted by anantksundaram View Post





    You forgot the part where we pay their damn salaries....

    true!!!!!!!

  • Reply 13 of 24
    gdrivergdriver Posts: 1member
    Quote:

    Originally Posted by pistis View Post



    "But But we are the good guys" nothing to worry about!



    Meh - Well if you believe that I have used car - only one owner for you , a real bargain

    "We are the good guys and we protect you from yourself" However I believe this is old news. Since everything is digitalised it is therefor stored. And when something is stored it can be abused (or used) by different parties. Instead of digging all the big data they are just simply monitoring the on-going data instead. Much easier and efficient, since they can spot events before break out.

     

    This might sound silly, but take the upcoming events of Winter Olympics in South Korea 2018. The downhill skiing final is just about to start and three bombs blasts of in the valley making huge avalanches. If that could have been found out in advance a lot of lifes would have been saved. 

    Over and out.

  • Reply 14 of 24
    s.metcalfs.metcalf Posts: 995member
    This is yours and my tax dollar being spent while they cut health, education and homelessness increases.
  • Reply 15 of 24
    And China, Iran, England, Japan, India, Russia, you name it, are doing the exact same thing right now...
  • Reply 16 of 24
    krreagankrreagan Posts: 218member

    I wonder how much control the Kremlin maintains over Kaspersky Labs? Most likely -total- control. Remember... "Putin is the new Stalin"!

     

    Personally I'm glad they are keeping an eye on them... you know they (the Kremlin) are keeping an eye on you!

  • Reply 17 of 24
    prolineproline Posts: 223member
    Quote:

    Originally Posted by konqerror View Post

     

     

    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 

    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

     

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

     

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.




    You're pretty clueless if you are running anti-virus on OS X because an anti-virus company told you you should. You do realize that anti-virus software is nothing more than an attack vector, right? The permissions you gave your anti-virus software and the deep hooks it installed in your system will leave you vulnerable for a long time to come, often even after you think you've deleted the crap.

  • Reply 18 of 24
    mretondomretondo Posts: 94member
    I would sure the hell hope the NSA was doing this. There a spy agency, it's there job to do things like this.
  • Reply 19 of 24
    MacProMacPro Posts: 19,851member
    konqerror wrote: »
    If you're going to be targeted by the NSA, or any state, it doesn't matter what OS you're running. 
    http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign

    Forget a desktop OS, Iran got their Siemens SIMATIC S7 embedded systems hacked. 

    So either, you run OS X with no protection, and get targeted, or you run OS X with an antivirus and make their job harder.

    You'd be far better off running Little Snitch. Any so called Mac anti virus software I've tested is either a malware scam or adds to your dangers.
  • Reply 20 of 24
    Quote:

    Originally Posted by krreagan View Post

     

    I wonder how much control the Kremlin maintains over Kaspersky Labs? Most likely -total- control. Remember... "Putin is the new Stalin"!

     

    Personally I'm glad they are keeping an eye on them... you know they (the Kremlin) are keeping an eye on you!




    He's not. Putin is practically a puppet this point, other forces in Russia are in control now (no, it's not the "banksters").

Sign In or Register to comment.