Leaked documents from Edward Snowden reveal details of reverse engineering to reveal weaknesses.
Revelations regarding the questionable actions of the NSA and GCHQ continue to mount, after leaked documents revealed attacks designed to undermine security tools such as Kaspersky.
According to leaked documents from Edward Snowden, the two intelligence agencies worked on reverse engineering and circumventing popular anti-virus and privacy software from a number of vendors.
One of the leaked documents showed: "Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability, and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities. Examination of Kaspersky and other such products continues."
The warrant renewal request also revealed that GCHQ had been reverse engineering anti-virus programs to assess their fitness for use by government agencies.
Neither GCHQ or Kaspersky has commented specifically on these claims but a spokesperson for GCHQ, said: "It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate."
Ben Johnson, Chief Security Strategist for Bit9 + Carbon Black, said: "Is it really a surprise that intelligence agencies try to circumvent technologies that might prevent them from collecting information? Or test these technologies for weaknesses? Not really.
"As is common in the hacker world – as well as the military world – before conducting any operation it is vital to test offensive tools against defensive capabilities, in order to gain assurance that it won’t be easily detected. However, it does highlight the inherent security risk with relying on blacklisting to protect endpoints.
"AV tools can be bought and pulled apart by anyone – once a hacker has access to the blacklist, they have the key to avoiding any tripwires and tweak their code in order to evade detection. This is why we have seen such a rise in polymorphic malware, or ‘zero day’ attacks – if an attack has never been seen, it is not a known threat, and so it cannot exist on an AV blacklist.
"This is why organisations need to move away from blacklisting and start whitelisting instead. By customising your own defences according to your business needs, you can ensure that even if your vendor is compromised, you are not exposed alongside them."
The secret warrant is claimed to have been granted to the intelligence agency by the UK foreign secretary.
Although many of the actions are protected, questions will be raised about the ethical nature of some of the actions. The Intercept reported on the campaign and suggested that some officers actions were illegal, saying: "top-secret document states that some GCHQ staff lapsed in following the agency’s authorisation protocols for staying within the bounds of the law."
According to the report, the NSA and GCHQ have accrued a stockpile of exploitable vulnerabilities which can be used to hack into protected systems.