I mean, you know you’ve really made it as an anti-virus company when intelligence agencies like the NSA and the United Kingdom’s GCHQ are looking for vulnerabilities in your software, and interested in spying on the emails that your customers send you about new malware.
And that, it appears, is what has been happening.
The latest article in The Intercept reveals documents leaked by NSA whistleblower Edward Snowden, which appear to indicate that the intelligence agencies are interested in spying on a host of anti-virus and security firms, with the intention of learning how to avoid their own attacks being detected by the software.
Take, for example, this part of a warrant renewal request from GCHQ to the British Foreign Secretary, dated June 2008.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities.”
In a nutshell, the likes of GCHQ and the NSA want to write malware that will get past the defences of the anti-virus software. And ideally they would like the green light of legal immunity in order to proceed.
A slide from an NSA “Project CAMBERDADA” presentation lists over 20 anti-virus and security firms that the spies considered targets.
Amongst those vendors listed are Bitdefender, ESET, Avast, AVG, and F-Secure. Notably US-based vendors McAfee and Symantec and Britain’s own Sophos are nowhere to be seen.
Which, if you think about it, is a little odd from the security point of view.
It would be easy to assume that those products didn’t make the slide because they are are based in the United States and United Kingdom.
Trend Micro is also notably missing – which causes me to raise a wry smile as that particular firm can never seem to decide whether it’s Taiwanese, Japanese or American. Perhaps the NSA aren’t sure, either?
The lack of Chinese anti-virus vendors listed also raises some question marks about the NSA’s ambition in an area that one would consider important to them.
But pity those other security vendors who weren’t considered important enough to even make the NSA’s list of future targets.
How must they be feeling at this moment to have not made the grade? Yes, there are probably some security vendor CEOs demanding that his techies confirm that their systems haven’t been compromised right now, but there must also be some giving their marketing team a hard time for not making the NSA’s radar.
Of course, if attackers (whether intelligence agencies or common cybercriminals) were able to find vulnerabilities in anti-virus software then that could be immensely valuable to them. Anti-virus software typically runs with high privileges on computers, making them an attractive platform for exploitation.
In the same report, The Intercept reveals that the NSA were able to gather information about Kaspersky customers by monitoring communications between the anti-virus product and the company’s servers. In addition, the “Project CAMBERDADA” presentation, includes examples of intercepted emails sent to anti-virus companies about new malware samples found at customer sites.
François Picard, the person who sent that particular email, says that he regularly notifies anti-virus vendors of new malware – and that he never sends such notifications to government agencies.
“It is strange the NSA would show an email like mine in a presentation,” he told The Intercept.
Well, it certainly is a strange world we live in.
In the last few months, for instance, we have seen Kaspersky go public with details of sophisticated malware it found on its own network and its founder Eugene Kaspersky hit by a hatchet job in the US media claiming he hangs out at the sauna with Russian spies.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.