Anti-virus software is supposed to keep computers safe from intruders, but spy agencies in the US and UK tried to break into these software for exactly the opposite purpose: To track their users.
The National Security Agency and Britain’s Government Communications Headquarters hunted weaknesses in popular anti-virus software to collect information about their users, as documents obtained by Edward Snowden and published by The Intercept show.
The agencies attempted to spy on people by exploiting security holes in popular computer protection software from companies including Russia-based Kaspersky Lab.
The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software.
Instead of alerting companies to potentially dangerous security flaws, the spy agencies looked for ways to exploit them, in some cases trying to “repurpose” malware from third parties for its own use.
The Intercept published documents outlining the NSA and GCHQ’s plans to exploit Kaspersky and other anti-virus companies, and one slideshow on the NSA’s 2010 Project CAMBERDADA (actual subtitle: “An Easy Win”) shows how the agency monitored emails from anti-virus companies to look for new security flaws to exploit.
The NSA and GCHQ tried to look for instances when Kaspersky Lab’s software leaked data about users—the same sort of thing these agencies did when they looked at “leaky” apps like Angry Birds as opportunities to collect data on users. The programs that focused on breaking into anti-virus products are especially messed up, though, because they set out to poke holes in software people depend on to protect their privacy, with no intentions of stopping bad actors from exploiting the same flaws they found.
Illustration by Jim Cooke