Snowden exposes spy agencies' software cracking spree

By on
Snowden exposes spy agencies' software cracking spree

Targets revealed in new document drop.

The latest set of top secret documents leaked by former United States National Security Agency contractor Edward Snowden reveal a large-scale campaign by Western spy agencies to circumvent well-known commercial software for surveillance and network attacks.

Published by The Intercept, the documents show a large range of software was targeted by the NSA and the United Kingdom Government Communications Headquarters.

GCHQ also attempted to reverse-engineer anti-virus and security products from overseas vendors, but avoiding US companies Symantec, McAfee and Britain's Sophos, as part of Project CAMBERDADA.

The UK agency sought to compromise personal security software as it posed a challenge to its computer network exploitation capabilities, and could enable them to be detected.

Getting around products such as anti-virus software also places attackers in a privileged position in computer systems and on networks, providing full access to sensitive information that would normally be protected by the software.

List of anti-virus vendors targeted by spy agencies (Source: The Intercept).

Russian security vendor Kaspersky in particular appears to have been in the GCHQ and NSA's sights. 

The spies also appear to have been aware that their actions were potentially illegal.

In an application to renew a warrant, GCHQ explains that reverse engineering software entails converting it from machine-readable code "into the original format, which is then comprehensible to a person".

However, doing so "may represent an infringement of copyright" and breach the licensing terms of the software, GCHQ said. 

The spy agencies also sought to bulk capture emails and other data such as software telemetry sent by security vendors to discover new vulnerabilities.

Encryption software such as Exlade CrypticDisk, used by enterprises and government agencies, the CPanel admin software, the vBulleting web forum application and email server management utilities were also targeted by the GCHQ.

A GCHQ memo accompanying a warrant said the agency had reverse-engineered the software in Cisco switches and routers, which in turn let them access almost any internet user inside the whole of Pakistan. 

Thanks to the reverse-engineering of the code operating the Cisco devices, the GHCQ said it was able to re-route select trafffic over international links and direct it towards the agency's passive bulk data collection systems.

iTnews has sought commment from Kaspersky and other security vendors.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?