New Snowden Leaks Show NSA Attacked Anti-Virus Software

← Back to Stories (view on slashdot.org)

New Snowden Leaks Show NSA Attacked Anti-Virus Software

Posted by timothy on Tuesday June 23, 2015 @02:09AM from the picking-your-locks-for-your-own-protection dept.

New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.

98 comments

Min score:

Reason:

Sort:

Isn't that a good thing? by Anonymous Coward · 2015-06-23 02:13 · Score: 0

I think it is.
1. Re:Isn't that a good thing? by Mikkeles · 2015-06-23 04:15 · Score: 1
  
  Only if they make the vulnerabilities known to the AV makers and (after a suitable period) to the general public so as to ensure that the US/UK populations are protected.
  If they can crack it, so can other groups.
  
  --
  Great minds think alike; fools seldom differ.
2. Re: Isn't that a good thing? by Anonymous Coward · 2015-06-23 16:25 · Score: 0
  
  dream on.
Wow. Just wow by Anonymous Coward · 2015-06-23 02:15 · Score: 2, Insightful

The NSA and GCHQ were doing their jobs!
1. Re:Wow. Just wow by dunkindave · 2015-06-23 03:15 · Score: 4, Insightful
  
  The NSA and GCHQ were doing their jobs!
  That was essentially my thought. These organizations' charters include being able to attack adversaries if necessary, and they were looking into methods of attack. Where is the surprise? The technical arm of every other country's spy agencies are doing the exact same thing, though perhaps with less ability, so explain to me what about this is news?
2. Re:Wow. Just wow by Halo1 · 2015-06-23 03:46 · Score: 1
  
  Service announcement: we already have another story for GHCQ aliases wanting to talk to themselves.
  
  --
  Donate free food here
3. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 03:48 · Score: 1
  
  They are intentionally weakening the protections we use to keep ourselves safe. Our government(s) excuse is that they are keeping us safe by doing it. That's not how reality works; maybe we should just realize that they are directly attacking citizens and are beyond power hungry.
4. Re:Wow. Just wow by dunkindave · 2015-06-23 04:44 · Score: 3, Insightful
  
  They are intentionally weakening the protections we use to keep ourselves safe.
  No, the weaknesses were created by the AV vendors, not the NSA and GCHQ. Do you also object to other security researchers looking though code for weaknesses, and when they find something say they are weakening the software's security? (Unfortunately there are some companies that have tried that). The difference here is mainly in what is done with the knowledge once found, and what these organizations are doing with it is consistent with their missions. In the industry it is called equities, namely deciding what is in the nation's best interest, whether to reveal a flaw so it can be fixed, or keep it secret so it can be used against an adversary.
5. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 04:48 · Score: 0
  
  It's just the latest document from Snowden. He grabbed a huge set, see, and is letting the info trickle out. Some bits of that are more important than others, obviously, but the "news" here is that this is the latest (whether it is critical or not). That really should be obvious.
  Also, it should be obvious that we all owe Snowden a favor, and should be petitioning our government to at least guarantee (not vaguely suggest) that he will receive a fair and public trial. We are not doing this. Given how we treat our whistleblowers, I am surprised anyone does it.
6. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 05:27 · Score: 0
  
  The news might be that McAfee, Symantec and Sophos, based in the US and UK respectively, did not REQUIRE weakening or monitoring in this way, deliberately excluded.
  What does that tell you about them.
7. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 05:36 · Score: 1
  
  It baffles me when people complain terrorists blow things up. The guys are just doing their jobs, and that makes them immune to criticism.
8. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 05:37 · Score: 0
  
  The news might be that McAfee, Symantec and Sophos, based in the US and UK respectively, did not REQUIRE weakening or monitoring in this way, deliberately excluded.
  What does that tell you about them.
  Maybe that the documents were specifically about foreign AV vendors and you are reading into them more than they were saying? The documents didn't say the US/UK vendors did not REQUIRE weakening or monitoring, they just didn't include them in this list for some reason, and you are assuming the reason. It MAY be what you think, but be careful of ASSuming.
9. Re:Wow. Just wow by Zocalo · 2015-06-23 06:00 · Score: 2
  
  Take a closer look at the list of software vendors mentioned in the GCHQ article. There are three notable ones missing from the list; McAfee (US based), Symantec (US based), and Sophos (UK based) - all the others are based outside the so called Five-Eyes countries. Now, do you suppose they are not mentioned because their code is so crap that GCHQ and the NSA had no problems in compromising their software, because they installed a backdoor on demand, or for some other reason?
  
  Now that's still no guarantee that any of the other vendors have not backdoored their software on behalf of their respective security service overlords, but it *is* another good reason for avoiding US/UK manufactured security products, or at the very least taking into account which government you'd least mind if they were able to eavesdrop on your data. Bearing in mind that your local security services may also be passing data to your local law enforcement, copyright cartels, and who knows who else, the safest post-Snowden option is probably to assume they are all listening and choose overseas vendors that won't give a crap about any local "criminal activity", however minor it might be.
  
  --
  UNIX? They're not even circumcised! Savages!
10. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 06:05 · Score: 0
  
  https://firstlook.org/theintercept/document/2015/06/22/project-camberdada-nsa/
  Read more. Some assumptions are well-justified.
11. Re:Wow. Just wow by subk · 2015-06-23 07:16 · Score: 0
  
  ebvwfbw
  
  --
  Now, if you'll excuse me, I have backups to corrupt.
12. Re:Wow. Just wow by Anonymous Coward · 2015-06-23 14:21 · Score: 0
  
  Transparent attempt to slide the topic elsewhere. We all know they sabotaged encryption standards. " intentionally weakening the protections we use to keep ourselves safe".
  
  Pathetic attempt, with your budget you should be doing better.
13. Re:Wow. Just wow by Whiteox · 2015-06-23 15:17 · Score: 1
  
  Good point. Somehow all the attention focussed on Kaspersky makes me think that they are not duty bound in any way to western intelligence. They have the resources to harden their software. Unfortunately it comes down to a matter or trust. Do you trust Kaspersky because they are not in the big 5 or do you trust the home grown product?
  In the end I don't trust any of them, but I run Kaspersky to stop virii and most malware on a critical Win machine. It just makes me angry that security, lo that the net itself is so full of holes that hardening my systems becomes impossible. Not only that, but it is difficult to find out IF you've been hacked.
  
  --
  Don't be apathetic. Procrastinate!
14. Re: Wow. Just wow by Anonymous Coward · 2015-06-23 16:31 · Score: 0
  
  thats is why karl battenberg dances the sword dance with the terror financiers ?
  stop bullshitting us.
15. Re: Wow. Just wow by Anonymous Coward · 2015-06-23 16:52 · Score: 0
  
  "i am a rapist and surely everybody else id also a rapist. now, where is your daughter at the moment ?"
Sounds like Kaspersky is the software to use. by Anonymous Coward · 2015-06-23 02:18 · Score: 1

Unless you're using a Mac. According to the Apple genius, you don't need AV software. I was told that earlier this year on the exact day where Mac OS has been hit badly by malware.
1. Re:Sounds like Kaspersky is the software to use. by Anonymous Coward · 2015-06-23 03:03 · Score: 0, Informative
  
  The genius was right. Malware tricks a gullible fool, usually using an admin account for browsing the web, into installing it. In order to do so you need to disable or ignore several OS X provided obstacles and warning.
  AFAIK, there are no Mac viruses that are not dealt with by OS X's built in AV systems.
2. Re: Sounds like Kaspersky is the software to use. by Anonymous Coward · 2015-06-23 03:20 · Score: 3, Informative
  
  Um yeah... You might want to check your facts Fanboi.
  http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
3. Re: Sounds like Kaspersky is the software to use. by Anonymous Coward · 2015-06-23 03:40 · Score: 0
  
  Sounds like the genius' found themselves another gullible fool.
4. Re:Sounds like Kaspersky is the software to use. by Noah+Haders · 2015-06-23 04:47 · Score: 1
  
  Another way to put it, I don't know of any mac av products that add any sort of value that exceed the hit to resources. Is there a rational av solution that is not based in FUD?
5. Re: Sounds like Kaspersky is the software to use. by Anonymous Coward · 2015-06-23 05:46 · Score: 0
  
  I don't see any mention of viruses in that post.
6. Re:Sounds like Kaspersky is the software to use. by electrosoccertux · 2015-06-23 08:53 · Score: 1
  
  I'm using a PC and I don't need AV software. I occasionally install AVGFree when 'something is acting funny' just to make sure (to date only once was it a remote-jack virus) or if I accidently clicked through an Ask.com toolbar installation on the latest bundle of aTube Catcher that I downloaded. Otherwise, I've been fine. Stay away from shady websites and don't install every *.exe you run across and you'll be fine
That's no domestic surveillance by ZouPrime · 2015-06-23 02:25 · Score: 3, Insightful

Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
1. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:34 · Score: 1
  
  World is not only USA
2. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:37 · Score: 3, Insightful
  
  Who the fuck said it was? Americans have no fucking right to be fooling around with our computers and phones!
3. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:41 · Score: 2, Insightful
  
  Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
  In fact, I can't remember the last time it did.
  Short attention span of American citizens confirmed! Easily distracted dolts like you are the no. 1 reason why the US government is able to get away with trashing the Constitution.
4. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:43 · Score: 1
  
  2 sentences, two "Fucks". Pretty good average. Shows passion.
  Not as fucking good as this fucking one, you brainless fucktard.
5. Re:That's no domestic surveillance by ZouPrime · 2015-06-23 02:44 · Score: 2
  
  >No, but it does highlight just how much crap was happening, just how much everyone else in the world needs to stop trusting American (or any other) spy agencies,
  Because you were trusting spy agencies before?
  >and how whiny and idiotic Americans sound when they complain about China hacking them.
  Of course people will complain. Everytime something happen to a country that is caused by another country, people will complain. How this is "whiny and idiotic" is beyond me. Complaining is a form of soft power. NOT complaining would be pretty idiotic.
  > Sorry, but if you are hacking everybody else, and undermining security, you deserve to be hacked in the same way.
  "Deserve" is a weird word to use in the context of international relations. Nobody "deserve" power. Power is power.
6. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:46 · Score: 0
  
  2 sentences, two "Fucks". Pretty good average. Shows passion.
  Not as fucking good as this fucking one, you brainless fucktard.
  Many fucks were given during the typing of the above posts.
7. Re:That's no domestic surveillance by ZouPrime · 2015-06-23 02:46 · Score: 2, Informative
  
  >Who the fuck said it was?
  People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
  >Americans have no fucking right to be fooling around with our computers and phones!
  "Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
8. Re: That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:47 · Score: 0
  
  If you can't see how actively undermining security for everyone is a bad thing sell all your electronics and buy an abbacus.
9. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:50 · Score: 0
  
  With a partner, or solo?
10. Re:That's no domestic surveillance by ZouPrime · 2015-06-23 02:51 · Score: 2
  
  I'm not an american citizen.
11. Re: That's no domestic surveillance by Anonymous Coward · 2015-06-23 02:56 · Score: 0
  
  Thank you Lord Voldemort. Any other supervillain aphorisms you would like to share?
12. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:03 · Score: 0
  
  You're staggeringly stupid and rude; please stop posting to this, or any other, discussion.
13. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:03 · Score: 0
  
  OK so you are not running AV software but many in US do.
14. Re:That's no domestic surveillance by roman_mir · 2015-06-23 03:05 · Score: 1
  
  Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
  - ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
  
  --
  You can't handle the truth.
15. Re:That's no domestic surveillance by GoddersUK · 2015-06-23 03:06 · Score: 3, Insightful
  
  Yes, I'm sure Norton Genuine American Addition (NSA Approved!) did not have such exploits. I'm sure the NSA did not exploit this against US citizens (or GCHQ against British citizens). Pull the other one.
16. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:10 · Score: 0
  
  And your point would be....? Profit??
17. Re:That's no domestic surveillance by rtb61 · 2015-06-23 03:13 · Score: 2, Insightful
  
  More importantly once a virus is targeted at someone, anyone, that virus is released into the wild, where it will be captured, decoded, recoded and sent back out to commit crimes. Basically you have organised crime going on in security organisation meant to be upholding the law and as a result supplying those viral tools to criminals to be used against the citizens those security organisations are meant to be protecting.
  Quite simply a global mass extortion campaign targeted at all sitting and potential politicians the world over, so no matter what their citizens want, those corrupted politicians will support the demands of the US military industrial complex and fascist capitalism. How many politicians are enacting the most perverse laws against the wishes of the citizens but align with US corporate demands.
  
  --
  Chaos - everything, everywhere, everywhen
18. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:22 · Score: 0
  
  Short attention span of American citizens confirmed! Easily distracted dolts like you are the no. 1 reason why the US government is able to get away with trashing the Constitution.
  A non-responsive answer coupled with an ad hominem attack. Feeling particularly passive-aggressive today?
19. Re: That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:34 · Score: 0
  
  hail hitler ? er bush er obama er ....
20. Re:That's no domestic surveillance by mrchaotica · 2015-06-23 03:37 · Score: 4, Insightful
  People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
  As one of those people, I'm very willing to forgive Snowden (and the journalists who are sorting through/releasing the info) if he accidentally mixed some disclosures of legitimate* NSA actions in with the many, many illegitimate ones.
  Important caveats:
  
  This assumes that (a) the release is accurate and (b) that Snowden is responsible for it. At the moment, we have no reason to believe that either is the case. In particular, I contend that it's much more likely for disclosures of legitimate* NSA activities to be falsely attributed to Snowden as a smear campaign than to be genuinely done by him.
  You may notice that I used the word "legitimate" with an asterisk. By this I mean "legitimate from the US perspective." Other countries my disagree, but they don't get to decide what is and isn't legal under US law. They're free to defend themselves, of course... (Similarly: I don't get upset about foreign spy agencies attempting to attacking the US; I get upset at the NSA if it fails to stop them.)
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
21. Re:That's no domestic surveillance by ZouPrime · 2015-06-23 03:39 · Score: 0
  
  > ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
  Of course they are. But nothing in the article says that this is used in the context of the domestic surveillance programs - in fact it would be surprising if it was.
22. Re:That's no domestic surveillance by PopeRatzo · 2015-06-23 03:40 · Score: 2
  
  >Who the fuck said it was?
  People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
  How about an example?
  
  "Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
  There's no "rights" until it's your rights getting fucked with. Then, you'll be surprised at how fast there are "rights".
  
  --
  You are welcome on my lawn.
23. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 03:59 · Score: 0
  
  since your concern was about "domestic surveillance" I think he can be excused for jumping to that conclusion. You certainly sound like one of the many apologists/astro-turfers at work on slashdot.
24. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 04:06 · Score: 0
  
  The big picture is "we don't trust you bastards any more, and don't give a crap about YOUR security if it means we give up OUR rights".
  You shouldn't be giving up your rights, you should be fighting for them.
  God knows were getting tired of having to do that for the rest of the world.
25. Re:That's no domestic surveillance by AmiMoJo · 2015-06-23 04:11 · Score: 1
  
  The scandal is that AV software is being crippled, which reduces the security of US citizens. Any deliberate flaws in the software will be found an exploited by other people as well, e.g. Chinese security services and black hats. Like deliberately weakening encryption, the NSA and GCHQ and endangering their own people by doing this.
  Also, the attacks on Kaspersky using state sponsored malware are evidence of the mounting cyber cold-war that the US is waging. US hypocrisy on cyber attacks and spying has been revealed. Even if others do it too, that doesn't make it any more acceptable or right.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
26. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 04:35 · Score: 3, Insightful
  
  We're all citizens of the world, buddy. For someone with a six digit UID you should know that the internet has gone quite far in erasing international borders (Or at least blurring them a whole lot)
  I don't care what's technically legal. I don't want the NSA attacking countries that are supposed to be friendly. We all live on this wet rock floating in space. That harms comes back to us. Comes back to me and my family.
  Worse, you're really missing the point. It's become quite clear the NSA is working for someone else other than the people of the US. They've got their own agenda, and I'm pretty sure it's mostly about securing free money for the cabal of private contractors that run the place. - It's a big scam, put it simply. Worse, I fear they're also acting as industrial and economic espionage agents for well connected businesses.
  They suck up money, provide nothing in return, and pretty much say "trust us and our secret courts" when asked to provide justification.
  They're doing more harm than good. We can do without them.
27. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 04:42 · Score: 0
  
  The scandal is that AV software is being crippled, which reduces the security of US citizens.
  Reverse engineering software does not 'cripple' anything.
  
  Any deliberate flaws in the software will be found an exploited by other people as well, e.g. Chinese security services and black hats. Like deliberately weakening encryption, the NSA and GCHQ and endangering their own people by doing this.
  You obviously have no idea what reverse engineering means.
  
  Also, the attacks on Kaspersky using state sponsored malware are evidence of the mounting cyber cold-war that the US is waging. US hypocrisy on cyber attacks and spying has been revealed. Even if others do it too, that doesn't make it any more acceptable or right.
  That was obviously Israel... even Kaspersky alluded to it being Israel.
28. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 04:43 · Score: 0
  
  NSA memo: hot-line this poster - obviously he has something to hide because he's brown-nosing our team in hopes of gaining 'good will', and this is a brazen attempt to 'hide in plain sight'.
29. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 06:56 · Score: 0
  
  > >Who the fuck said it was?
  >
  > People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
  Uh, dumbass, who said that this would be "about domestic surveilance"? Who said that EVERY leak would be about it?
  NO FUCKING BODY.
  Dumbass.
30. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 07:02 · Score: 0
  
  Dude, this is Slashdot. That means that there is high probability that any fucks which were given were were given on a solo basis. It is also likely that these solo fucks were given from mom's basement.
31. Re:That's no domestic surveillance by Alok · 2015-06-23 11:25 · Score: 1
  
  nothing to do whatsoever with domestic surveillance.
  Considering that American & UK anti-virus programs weren't targeted, that implies they already have in-built backdoors - which can easily be used for surveillance, whether domestic or international.
32. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 11:32 · Score: 0
  
  ha ha - the only time Americans fight for other peoples rights is when the US replaces an elected government with its own self serving puppet regime.
33. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-23 12:21 · Score: 0
  
  many, many illegitimate ones.
  Many eh? Care to list which ones constitute your 'many'?
  
  if he accidentally mixed some disclosures of legitimate* NSA actions
  If by some you mean like 99.999% of the nearly 2 million he stole.
34. Re: That's no domestic surveillance by Anonymous Coward · 2015-06-23 16:39 · Score: 0
  
  when the fuck kaspersky, they implicitly fuck millions of americans.
  you know why they hate russia ? google "czar jews". this thing has a very long history.
35. Re: That's no domestic surveillance by Anonymous Coward · 2015-06-23 16:45 · Score: 0
  
  dont forget their cozy relationship with the wahabists. dont forget they supported george bush to wage an illegal war. dont forget they knew bush was corrupted by the wahabists, yet they did not bring him down.
  same with karl battenberg, also corrupted by wahabists.
36. Re:That's no domestic surveillance by mrchaotica · 2015-06-24 00:55 · Score: 1
  
  Fuck off, fascist.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
37. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-24 07:18 · Score: 0
  
  Trollface.jpg
38. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-24 09:31 · Score: 0
  
  Quality argument. Your caveats expose you as a hypocrite. Also, you clearly don't understand the meaning of fascism because nothing I said relates to fascism.
39. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-24 10:05 · Score: 0
  
  "Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
  Also, that's why the rest of the world snickers whenever the US tries to go all "moral authority" on the world - turns out that you're doing the same stuff, but don't even have the decency to look embarrassed when you get caught.
40. Re:That's no domestic surveillance by mrchaotica · 2015-06-25 00:16 · Score: 1
  
  We both know damn well you had no interest whatsoever in a "quality argument." If you had, I would have given you one.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
41. Re:That's no domestic surveillance by Anonymous Coward · 2015-06-25 08:55 · Score: 0
  
  many, many illegitimate ones.
  > Many eh? Care to list which ones constitute your 'many'?
  I'm still waiting for you show a list of the "many, many"
  The onus is on you to defend your claims. Instead you just tried to insult me.
  
  We both know damn well you had no interest whatsoever in a "quality argument." If you had, I would have given you one.
  I do have an interest in a quality argument and nothing in my comments has indicated otherwise. Prove your claims. If you can.
42. Re:That's no domestic surveillance by mrchaotica · 2015-06-25 09:24 · Score: 1
  
  Every instance of NSA surveillance that affects even a single person within the borders of the United States is illegitimate and illegal (specifically, a violation of the Fourth Amendment).
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
No wonder AV is so slow... by xxxJonBoyxxx · 2015-06-23 02:50 · Score: 4, Funny

1) Get full copy of file to scan in memory
2) Check file for viruses
3) Send complete copy to national HQ, er, I mean, check the AV database
4) Open file
1. Re:No wonder AV is so slow... by Anonymous Coward · 2015-06-23 07:36 · Score: 0
  
  It's more efficient to send just the hash of the file.
  In MS's case they get a list of all installed programs during a windows update, perfect intel if you want to know the exploit vectors present on a target's system (as if the windows version wasn't enough).
2. Re:No wonder AV is so slow... by Lisias · 2015-06-23 17:11 · Score: 1
  
  I think you missed the point... :-)
  
  --
  Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
all haxx0rz riilly r dem sp00ks by Anonymous Coward · 2015-06-23 03:04 · Score: 0

kaspersky no talky == pr00f
If you use an anti-virus its domestic surveilance by sasparillascott · 2015-06-23 03:07 · Score: 5, Insightful

Basically the NSA and its Stasi partners are directly compromising / attacking U.S. citizens (and other world citizens) computer security software. This is significant as it shows just how much at direct odds with the general interests of the U.S. citizenry (to have secure computers and internet infrastructure) the U.S. surveillance state has secretly chosen - a direct contradiction to the population's general interests.

If you dive into the article you'll see that all AntiVirus vendors are listed as "targets" except for the few that are U.S. and British based - presumably because they've already co-opted them into the Five Eyes Stasi population surveillance business group. This also shows the direct betrayal the NSA and Co. made years ago for the U.S. population (after the U.S. citizenry democratically said No to the Clipper Chip and U.S. government surveillance of their communications / computing related equipment). The NSA etc. betrayed that democratic choice in secret and deliberately kept hidden and has / is working for absolutely wide open computer / backbone equipment access for them & their Five Eyes partners with back doors in everything (even in your anti-virus software as this article shows) so they can spy on whomever, whenever, wherever they want (and we know that include lots of domestic surveillance). That also means the NSA chose this everything is vulnerable environment for the "bad guys" too - as back doors are open for everyone - another direct betrayal of the main computer related interest of the U.S. citizenry. JMHO...
"Attack"? by jbmartin6 · 2015-06-23 03:25 · Score: 3, Insightful

They were reverse engineering software. I didn't see anything in here about cracking AV vendor networks or anything like that. I'm sure there are plenty of other people trying to reverse engineer software. Wouldn't it be reasonable to say this is within the security agency's baliwick? I didn't see anything about misusing whatever they found. Very interesting though that domestic producers were not listed. Maybe because they didn't need a warrant to do the reverse engineering, or as suggested by others they might already be compromised.

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
1. Re:"Attack"? by Anonymous Coward · 2015-06-23 04:34 · Score: 0
  
  My guess is that US AV doesn't concern them as much because the people they were trying to target the most were foreign. Kind of like in the days of old, no one(well, very few), were writing viruses for Mac. They had such a small market share that it was a waste of your time finding vulnerabilities in it. The 'market share' of high-profile targets using US-made AV would probably be very small, or nil. Any adversary of the US would be pretty stupid to use US made tools.
  By researching how to bypass foreign AVs, they could more easily build viruses that could penetrate the systems of adversaries. That seems like a worth-while pursuit for an agency tasked with cyber warfare and defense.
  So it could be that American AV software is already cracked/coerced/compliant, but it could also be that the part of the NSA doing this just wasn't interested in the low-brow idiots who run Symantec on their "Death to America" computer. I think one thing a lot of /.ers forget is that the NSA is pretty big, and there are many different groups/projects within the NSA. Not all of them are nefarious(to US citizens) or fall under the purview of PRISM.
Tsk Tsk. by stoned_ritual · 2015-06-23 03:28 · Score: 2

They should have used APK guy's hosts files.
lil hint about kasp anti virii by Anonymous Coward · 2015-06-23 03:30 · Score: 0

rember the sony root kit.....kasp was oly one that found it.....and sony thingy had process hiders etc....and that rootkit was not made by sony....
lets just say it was handed out to 5 people of which 4 could be accounted for at time of the sony issue.
"bath salts", you know, for your "bath" by Thud457 · 2015-06-23 03:37 · Score: 5, Interesting

NSA Attacked Anti-Virus Software
And ya'll laughed at John McAfee and called him crazy!

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1. Re:"bath salts", you know, for your "bath" by Anonymous Coward · 2015-06-23 04:34 · Score: 0
  
  His slashdot Q&A was the best ever.
2. Re:"bath salts", you know, for your "bath" by Anonymous Coward · 2015-06-23 05:39 · Score: 0
  
  I'm a big fan of John McAfee for one reason - he talks like normal people, not bullshitting corporate whores. I'd hoist a drink with that "crazy guy", anytime.
3. Re:"bath salts", you know, for your "bath" by Anonymous Coward · 2015-06-23 11:16 · Score: 0
  
  only if your definition of "normal people" is drug crazed paranoid nutjob
Reality by bussdriver · 2015-06-23 03:42 · Score: 1

Life is not a comic book! or a movie or even a book. Even with additional dimensions (to which a book can offer more,) real life contains more aspects than even a "complex" fictional villain.

--
Democracy Now! - uncensored, anti-establishment news
Keep that Hockey Helmet ON! by Anonymous Coward · 2015-06-23 04:25 · Score: 1

This should not be rated insightful, it should be rated "Person posting must wear protection walking in hallways!"
Anyone using any of these AV products domestically were being targeted as well as the companies the NSA was hacking for the explicit purpose of circumventing protection. Eset, Kaspersky, F-Secure, Checkpoint, et.al. are protecting at least as many US people as the US made counterparts (interestingly only 2 companies were allegedly not targeted. If you don't at least consider the possibility of collusion and/or infiltration, like we know happens with MS and various Linux projects, then you are a complete idiot who should lose their right to post on the internet.
One sentence. by ckatko · 2015-06-23 04:48 · Score: 1

DMCA the fuck out of them.
Re:If you use an anti-virus its domestic surveilan by Anonymous Coward · 2015-06-23 04:59 · Score: 0

Slashdot has fallen so far. How does a rambling comment full of conspiracy theory and conjecture get rated a +5 Insightful?

Basically the NSA and its Stasi partners are directly compromising / attacking U.S. citizens (and other world citizens) computer security software.
I don't think you understand what reverse engineering means.

presumably because they've already co-opted them into the Five Eyes Stasi population surveillance business group.
Your logic is circular--designed to validate whatever you want and not based on facts but pure conjecture.

That also means the NSA chose this everything is vulnerable environment for the "bad guys" too - as back doors are open for everyone - another direct betrayal of the main computer related interest of the U.S. citizenry. JMHO...
So... because the NSA reverse engineers software and finds vulnerabilities but doesn't disclose them... it has betrayed US citizens? And it's the NSA's fault that world is full of vulnerable software and hardware? You've really made a huge leap with that one.
Vietnam by ThatsNotPudding · 2015-06-23 05:21 · Score: 3, Insightful

Basically you have organised crime going on in security organisation meant to be upholding the law and as a result supplying those viral tools to criminals to be used against the citizens those security organisations are meant to be protecting.
'It became necessary to destroy the town to save it'
already known by frovingslosh · 2015-06-23 05:30 · Score: 1

I revealed this fact in the previous linked to article, but got little love for it.

--
I'm an American. I love this country and the freedoms that we used to have.
I still laugh at him because he's crazy by swschrad · 2015-06-23 05:53 · Score: 1

which doesn't change the facts that when he looks towards Washington and spits, he's right.

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
Antivirus and CompuSec Experts are Learning by idontgno · 2015-06-23 06:20 · Score: 2

What Voltaire taught long ago:
Il est dangereux d'avoir raison dans des choses où des hommes accrédités ont tort.
("It is dangerous to be right when established men are wrong.")

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
1. Re:Antivirus and CompuSec Experts are Learning by Anonymous Coward · 2015-06-23 08:36 · Score: 1
  
  ("It is dangerous to be right when established men are wrong.")
  The phrase has no meaning to it, as it's equally dangerous to be wrong when established men are right or wrong along with you.
  Fall not for catchy phrases, as they irrationally sway opinion. The rationalist is content with his own observation.
  captch: Axioms
How else would you do it? by Anonymous Coward · 2015-06-23 07:39 · Score: 0

How else would you ensure your state sponsored malware evaded detection of AV systems? Not seeing an alternative to targeting AV software here, other than not producing covert malware.
Re:If you use an anti-virus its domestic surveilan by Anonymous Coward · 2015-06-23 08:16 · Score: 0

You and the people who modded you up clearly didn't read the article....
he really screwed up these releases by electrosoccertux · 2015-06-23 08:57 · Score: 1

Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
He really screwed up the release of these documents. He needed to compile all the worst offenses and release them back to back to back. A year ago or so when he released the most damning one, Congress started fussing, but then he went quiet for another several months. Releasing it slowly allowed the public opinion to warm up to the idea of it, instead of adding fuel to fire we were trying to hold the NSA's feet to.
Now, the opportunity is lost, and will never be had again, except for maybe in the new country that starts on Mars from the pilgrims that follow John Galt^H^H^H^H^H^H^H^H^H^H Elon Musk there to start the Atlas society.
Who do we trust for AV? by Nyder · 2015-06-23 15:45 · Score: 1

I run AVG Free, and I'm wondering, should I be? Is there an AV that I can trust? One that won't be compromised by some governement?

--
Be seeing you...
1. Re:Who do we trust for AV? by KGIII · 2015-06-24 08:53 · Score: 1
  
  Security is a process, not an application. No, there is no AV you can completely trust. Not a single one - even if you wrote it yourself there is a compiler that you did not write on an operating system that you did not write. Trust is something you give as little of as possible. So, be careful what you download, do not have things run at higher privileges than required, pay attention to your system to look for anomalous behaviors, and be weary of what you download.
  I, myself, use a backup tool from Acronis which has enabled me to do some playing around with little fear of having to spend time to rebuild a system if it fails. I have successfully run a number of Windows OSes with no AV and no software firewalls. I have scanned them (after months of use) and not found anything abnormal - which is not an absolute sign of security but is a fine metric to start with and works even better if you are observing the machine's behavior.
  If you are careful about how and what you do, block things that can potentially/likely infect your system with selective unblocking, and use download sources that are from the original vendor then you should be fine. Stay away from dangerous sites (you can still find porn and warez - I suggest scanning warez, if you are going to use them, though) and be mindful of your activities. Keep good backups, even off-site backups at a friend's house are an excellent idea, and keep a local backup that is off-line. Then you can just be mindful of your activities and the behavior of your system and be safe enough so that you are not going to be affected.
  
  --
  "So long and thanks for all the fish."
Re:If you use an anti-virus its domestic surveilan by KGIII · 2015-06-24 08:41 · Score: 1

That is a rather huge leap. They may well have read the article but are just too stupid to comprehend it. ;-)

--
"So long and thanks for all the fish."