Snowden’s latest leaked documents point to government agencies such as the NSA and GCHQ taking an interest in tracking user activity and spying on networks. However, to do that, they have to get one piece of software out-of-the-way; the anti-virus. This also seems to link with an earlier incident at Kaspersky Lab, where their headquarters was hacked by an unknown and well-equipped group.
The government agencies are said to be using a process named Software Reverse Engineering to gain access to vulnerabilities still present in current anti-virus products. One of the latest warrants GCHQ wants to approve, according to The Intercept, even states that Kaspersky poses a threat to its SRE program.
Other methods of intercepting and gaining access to anti-virus software databases consist of finding and exploiting employee emails that work in anti-virus companies. In addition, user PCs are targeted for HTTP requests sent to anti-virus headquarters, containing relevant security vulnerabilities found by their anti-virus suites.
To support the above claim, The Intercept also came across a GCHQ presentation where it shows that around 100 million malware events are flagged daily by the government agencies. The same approach might be found in every government agency, so at least we get another peek at what’s going on and how ’secure’ we are.
In the end, is targeting and ‘cracking open’ anti-virus software really a good solution? From my point of view, the GCHQ should hire Kaspersky Lab to design their network security if they are as good as they say they are. What do you think?