Does alleged NSA hack of Kaspersky signal new front in cyberwar?
Newly released documents reveal a systematic campaign to reverse-engineer anti-virus software produced by firms like Russia's Kaspersky Labs, allowing intelligence agencies to uncover vulnerabilities that could help subvert them.
Moscow — The latest Edward Snowden revelations – an alleged hack of a prominent Russian software firm – are creating a big stir here.
According to documents published by the Intercept Monday, the US National Security Agency and its British counterpart, GCHQ, targeted major Internet security firms, including Kaspersky Labs. They allegedly did so to reverse-engineer their antivirus products, enabling them to spy on protected networks.
A 2008 warrant request from GCHQ published by the whistleblower site says the aims of penetrating Kaspersky's most sensitive systems might include "modifying commercially available software to enable interception, decryption … or 'reverse engineering' software” to understand how it works.
The warrant was needed because Kaspersky maintains an office in Britain. The request says that targeting the Russian IT giant was necessary because "personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability. And SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities."
An NSA slideshow presentation about the covert operation, dubbed "Project Camberdada," lists two dozen companies that were targeted. They include several Russian companies, including Kaspersky and the state arms export company Rosoboronexport, but also well-known Czech, Finnish, Slovakian, and Romanian anti-virus providers. No US- or British-based firms are listed.
Russian media have reacted with predictable outrage to the revelations. The Kremlin-funded English-language channel RT suggested that Kaspersky, which has an estimated 400 million clients worldwide, gained special attention by Western intelligence agencies because of its technical proficiency.
Kaspersky said in a statement that it was investigating the allegations. "We find it extremely worrying that government organizations are targeting security companies instead of focusing their resources against legitimate adversaries and are actively working to subvert security software that is designed to keep us all safe," it said.
In recent years, Kaspersky has played a key role in unmasking alleged US cyberweapons such as Stuxnet, a sophisticated program used to attack the computer systems at Iran’s main nuclear enrichment facilities, and a similar program known as Flame.
Earlier this year, Kaspersky accused US intelligence agencies of planting spy software inside computers made by leading global manufacturers.
And just this month the company's founder, Eugene Kaspersky, blogged that Kaspersky had uncovered an "advanced attack" on its internal networks by an unnamed state actor. He wrote that the malicious software, which he labeled Duqu 2.0, is a generation ahead of anything the firm has previously seen.
While Mr. Kaspersky’s blog post could be a bit of calculated self-promotion – a common strategy in the sector – experts say there's little doubt that the latest Snowden revelations point to an escalating cyberwar of all-against-all that is probably much worse than is publicly acknowledged.
"It’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare," Kaspersky wrote about Duqu 2.0. "If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I’m once again calling on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it."