Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Snowden Leaks Show NSA Attacked Anti-Virus Software

Posted by timothy on from the picking-your-locks-for-your-own-protection dept.

New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.

13 of 98 comments (clear)

  1. Wow. Just wow by Anonymous Coward · · Score: 2, Insightful

    The NSA and GCHQ were doing their jobs!

    1. Re:Wow. Just wow by dunkindave · · Score: 4, Insightful

      The NSA and GCHQ were doing their jobs!

      That was essentially my thought. These organizations' charters include being able to attack adversaries if necessary, and they were looking into methods of attack. Where is the surprise? The technical arm of every other country's spy agencies are doing the exact same thing, though perhaps with less ability, so explain to me what about this is news?

    2. Re:Wow. Just wow by dunkindave · · Score: 3, Insightful

      They are intentionally weakening the protections we use to keep ourselves safe.

      No, the weaknesses were created by the AV vendors, not the NSA and GCHQ. Do you also object to other security researchers looking though code for weaknesses, and when they find something say they are weakening the software's security? (Unfortunately there are some companies that have tried that). The difference here is mainly in what is done with the knowledge once found, and what these organizations are doing with it is consistent with their missions. In the industry it is called equities, namely deciding what is in the nation's best interest, whether to reveal a flaw so it can be fixed, or keep it secret so it can be used against an adversary.

  2. That's no domestic surveillance by ZouPrime · · Score: 3, Insightful

    Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.

    In fact, I can't remember the last time it did.

    1. Re:That's no domestic surveillance by Anonymous Coward · · Score: 3, Insightful

      Who the fuck said it was? Americans have no fucking right to be fooling around with our computers and phones!

    2. Re:That's no domestic surveillance by Anonymous Coward · · Score: 2, Insightful

      Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.

      In fact, I can't remember the last time it did.

      Short attention span of American citizens confirmed! Easily distracted dolts like you are the no. 1 reason why the US government is able to get away with trashing the Constitution.

    3. Re:That's no domestic surveillance by GoddersUK · · Score: 3, Insightful

      Yes, I'm sure Norton Genuine American Addition (NSA Approved!) did not have such exploits. I'm sure the NSA did not exploit this against US citizens (or GCHQ against British citizens). Pull the other one.

    4. Re:That's no domestic surveillance by rtb61 · · Score: 2, Insightful

      More importantly once a virus is targeted at someone, anyone, that virus is released into the wild, where it will be captured, decoded, recoded and sent back out to commit crimes. Basically you have organised crime going on in security organisation meant to be upholding the law and as a result supplying those viral tools to criminals to be used against the citizens those security organisations are meant to be protecting.

      Quite simply a global mass extortion campaign targeted at all sitting and potential politicians the world over, so no matter what their citizens want, those corrupted politicians will support the demands of the US military industrial complex and fascist capitalism. How many politicians are enacting the most perverse laws against the wishes of the citizens but align with US corporate demands.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:That's no domestic surveillance by mrchaotica · · Score: 4, Insightful

      People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.

      As one of those people, I'm very willing to forgive Snowden (and the journalists who are sorting through/releasing the info) if he accidentally mixed some disclosures of legitimate* NSA actions in with the many, many illegitimate ones.

      Important caveats:

      1. This assumes that (a) the release is accurate and (b) that Snowden is responsible for it. At the moment, we have no reason to believe that either is the case. In particular, I contend that it's much more likely for disclosures of legitimate* NSA activities to be falsely attributed to Snowden as a smear campaign than to be genuinely done by him.
      2. You may notice that I used the word "legitimate" with an asterisk. By this I mean "legitimate from the US perspective." Other countries my disagree, but they don't get to decide what is and isn't legal under US law. They're free to defend themselves, of course... (Similarly: I don't get upset about foreign spy agencies attempting to attacking the US; I get upset at the NSA if it fails to stop them.)
      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    6. Re:That's no domestic surveillance by Anonymous Coward · · Score: 3, Insightful

      We're all citizens of the world, buddy. For someone with a six digit UID you should know that the internet has gone quite far in erasing international borders (Or at least blurring them a whole lot)

      I don't care what's technically legal. I don't want the NSA attacking countries that are supposed to be friendly. We all live on this wet rock floating in space. That harms comes back to us. Comes back to me and my family.

      Worse, you're really missing the point. It's become quite clear the NSA is working for someone else other than the people of the US. They've got their own agenda, and I'm pretty sure it's mostly about securing free money for the cabal of private contractors that run the place. - It's a big scam, put it simply. Worse, I fear they're also acting as industrial and economic espionage agents for well connected businesses.

      They suck up money, provide nothing in return, and pretty much say "trust us and our secret courts" when asked to provide justification.

      They're doing more harm than good. We can do without them.

  3. If you use an anti-virus its domestic surveilance by sasparillascott · · Score: 5, Insightful

    Basically the NSA and its Stasi partners are directly compromising / attacking U.S. citizens (and other world citizens) computer security software. This is significant as it shows just how much at direct odds with the general interests of the U.S. citizenry (to have secure computers and internet infrastructure) the U.S. surveillance state has secretly chosen - a direct contradiction to the population's general interests.

    If you dive into the article you'll see that all AntiVirus vendors are listed as "targets" except for the few that are U.S. and British based - presumably because they've already co-opted them into the Five Eyes Stasi population surveillance business group. This also shows the direct betrayal the NSA and Co. made years ago for the U.S. population (after the U.S. citizenry democratically said No to the Clipper Chip and U.S. government surveillance of their communications / computing related equipment). The NSA etc. betrayed that democratic choice in secret and deliberately kept hidden and has / is working for absolutely wide open computer / backbone equipment access for them & their Five Eyes partners with back doors in everything (even in your anti-virus software as this article shows) so they can spy on whomever, whenever, wherever they want (and we know that include lots of domestic surveillance). That also means the NSA chose this everything is vulnerable environment for the "bad guys" too - as back doors are open for everyone - another direct betrayal of the main computer related interest of the U.S. citizenry. JMHO...

  4. "Attack"? by jbmartin6 · · Score: 3, Insightful

    They were reverse engineering software. I didn't see anything in here about cracking AV vendor networks or anything like that. I'm sure there are plenty of other people trying to reverse engineer software. Wouldn't it be reasonable to say this is within the security agency's baliwick? I didn't see anything about misusing whatever they found. Very interesting though that domestic producers were not listed. Maybe because they didn't need a warrant to do the reverse engineering, or as suggested by others they might already be compromised.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  5. Vietnam by ThatsNotPudding · · Score: 3, Insightful

    Basically you have organised crime going on in security organisation meant to be upholding the law and as a result supplying those viral tools to criminals to be used against the citizens those security organisations are meant to be protecting.

    'It became necessary to destroy the town to save it'