Petronella Blog Archive

Visit our New Blog

Spy Agencies Reverse Engineering Antivirus Software

Blog Post

The NSA and its UK counterpart, GCHQ, have been reverse engineering antivirus and other software in order to further their spying activities, according to documents released by Edward Snowden.  The leaked documents show that the GCHQ in particular used loose interpretations and actions pushing the boundaries of the law in order to do their work.

Among the software reverse-engineered to find exploits and vulnerabilities are cPanel, CrypticDisk, eDataSecurity, PostfixAdmin, Power Board, vBulletin and Cisco Routers.  These products are used in everything from running website servers to managing email and bulletin boards.  In particular, the re-engineered Cisco routers gave access to just about any internet user in Pakistan and allowed them to route whatever traffic the spies wanted to collection portals for the GCHQ.  Furthermore, the compromised products are used by such large companies as Electronic Arts, GE, Hewlett-Packard, IBM, Intel, NASA, Seagate, Sony Pictures and Zynga.

Kaspersky Labs, a popular antivirus program, was of particular interest to the GCHQ.  They infiltrated it and camped out for a very long time, monitoring it to see exactly how it works in order to subvert it and get around its protections.  They were also able to co-opt the Kaspersky Security Network, which is a system that gathered information on subscribers' computers to gain information about new threats and attacks.  The spies would monitor these transmissions to discover new malware and see if it was of use to them.

Some people overlook the questionable legality of having our governments reverse-engineering copyrighted intellectual property, feeling that they wouldn't do it if it didn't help keep us safe.  Others see it as a gross overreach of privacy rights.