Security Blog

NSA and GCHQ are spying on antivirus vendors

These and similar comments feature as the headlines of the latest reports. It is not entirely unexpected; IKARUS and other antivirus vendors are quite fully aware that our capacities and capabilities are the focus of the intelligence services, which in turn rely on the assurance that their activities are not being exposed by our security solutions.

The fact that these activities are not in line with the respective national legislation relating to the affected vendors is clear! Just as clear as the fact that the respective relevant national legislative provisions are being contravened!

It is at best surprising what elaborate attempts NSA and GCHQ are actually making to “monitor” the capacities of antivirus companies. Anyone with a modicum of insight into the technology and possibility of security solutions will quickly ask themselves what these services are really interested in. Maybe to compromise these security solutions themselves in order, undetected, successfully to penetrate other systems, to proliferate efficiently and remain updated?

As if the competition against malware motivated by cyber crime was not challenging enough, operations such as Camberdada cause us ALL sustained and reckless damage.

“Project Camberdada”

Documents recently published by Edward Snowden substantiate what was long suspected in the security industry. That intelligence services, in particular the NSA and GCHQ, are also monitoring and actively spying on antivirus and security firms in order to impede and/or hinder their own attack procedure and/or attack and surveillance code from being discovered by antivirus programs.

This much is clear from the documents:


“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,” reads one of the documents, “and SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities.”


What is interesting here is that neither British nor American companies are on this list. This is very probably because in these countries required data does not need to be obtained by spying, but can be simply “collected” by means of judicial order.
In these circumstances, the attacks of GCHQ were directed not only against antivirus vendors, but also against well-known firewall vendors such as Checkpoint and commercial encryption programs such as Exlade and Acer’s eData Security System. Besides a series of further attacks against vBulletin and Invision Power Board and other systems, Cisco routers were also reverse engineered in order to redirect selective traffic.





© 2019 IKARUS Security Software GmbH