Posted by Virus Bulletin on Jun 23, 2015
Agencies looked for vulnerabilities to exploit and for submitted malware samples.
New documents from NSA whistle-blower Edward Snowden have revealed the agency and its British counterpart GCHQ have actively been targeting anti-virus companies, The Intercept reports.
The agencies have been found to be looking for weaknesses in anti-virus products and to have obtained intelligence on the products and their users. In one particular case, GCHQ asked for a warrant to reverse-engineer Kaspersky Lab's software, as doing so would apparently infringe the company's copyrights.
If there's anything surprising about these most recent revelations it is that we hadn't heard it before. Anti-virus products play a crucial part in the defence against most threats, hence finding ways to bypass them are important for any attacker.
Moreover, anti-virus products require full privileges on systems they protect, which makes them one arbitrary code execution vulnerability away from being an attacker's ally.
The documents also showed how the agencies intercepted emails sent to various anti-virus companies and studied them for submissions of new malware samples. It is worth noting here that this took place six years ago, when STARTTLS wasn't all that common and anyone who was able to tap Internet connections could read all emails.
STARTTLS is no silver bullet and, crucially, doesn't provide end-to-end protection. But it does make this kind of untraceable dragnet surveillance of emails sent to a particular organisation impossible.