GCHQ has been reverse-engineering antivirus software for seven years
If you thought the Edward Snowden whistleblowing revelations had come to a halt, you were wrong. The latest documents, leaked to The Intercept, show that the Government Communications Headquarters (GCHQ) has been actively attempting to reverse-engineer antivirus software to allow covert surveillance.
The evidence has come to light through a top-secret warrant request under section 5 of the 1994 Intelligence Services Act, leaked by whistleblower Edward Snowden. As The Intercept explains, this covers “interference with property and ‘wireless telegraphy’ by the Security Service (MI5), Secret Intelligence Service (MI6) and GCHQ”.
The warrant renewal requests authorisation for activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse-engineering’ software”.
If you’re surprised at the lack of involvement from American spy agency the NSA, then pick your jaw back up off the floor, because they’re interested in antivirus products too. One leaked document reveals that, back in 2008, the NSA found it could track individual users using data sent back from Kaspersky antivirus software to its servers.
Another leaked document – a presentation entitled Project CAMBERDADA – shows evidence that the NSA was monitoring the email traffic of antivirus companies, eavesdropping on new vulnerabilities as they were reported. Although Russian security firm Kaspersky Lab is chiefly cited in the documents, there are 23 other firms listed in the NSA presentation (under the heading “More Targets!”) including Avast, AVG, Bitdefender and Avira.
Why would security software be targeted by the spy agencies? To prevent the government’s own spying malware from being detected by commercially available software. “Personal security products such as the Russian antivirus software Kaspersky continue to pose a challenge to GCHQ’s CNE [computer network exploitation] capability and SRE [software reverse engineering] is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal from 2008 states.
If this all sounds shady, that’s because it is. Indeed, the government wrote in the warrant that without it, the action could be “unlawful”, amounting to “a copyright infringement or breach of contract”. GCHQ is already subject to a number of legal challenges – and indeed its surveillance of two human-rights groups was ruled illegal just yesterday. Earlier this year, Privacy International alleged that the government was slyly pushing through legislation to anti-hacking laws exempting the spy agency from prosecution.