Does alleged NSA hack of Kaspersky signal new front in cyberwar?

Newly released documents reveal a systematic campaign to reverse-engineer anti-virus software produced by firms like Russia's Kaspersky Labs, allowing intelligence agencies to uncover vulnerabilities that could help subvert them.

Pavel Golovkin/AP/File
A man surfs the Internet on his tablet in a Moscow subway in April. On Monday, The Intercept released documents that reveal a systematic campaign by NSA to reverse-engineer antivirus programs created by Russia-based Internet security companies.

The latest Edward Snowden revelations – an alleged hack of a prominent Russian software firm – are creating a big stir here. 

According to documents published by the Intercept Monday, the US National Security Agency and its British counterpart, GCHQ, targeted major Internet security firms, including Kaspersky Labs. They allegedly did so to reverse-engineer their antivirus products, enabling them to spy on protected networks. 

A 2008 warrant request from GCHQ published by the whistleblower site says the aims of penetrating Kaspersky's most sensitive systems might include "modifying commercially available software to enable interception, decryption … or 'reverse engineering' software” to understand how it works.

The warrant was needed because Kaspersky maintains an office in Britain. The request says that targeting the Russian IT giant was necessary because "personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability. And SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities."

An NSA slideshow presentation about the covert operation, dubbed "Project Camberdada," lists two dozen companies that were targeted. They include several Russian companies, including Kaspersky and the state arms export company Rosoboronexport, but also well-known Czech, Finnish, Slovakian, and Romanian anti-virus providers. No US- or British-based firms are listed.

Russian media have reacted with predictable outrage to the revelations. The Kremlin-funded English-language channel RT suggested that Kaspersky, which has an estimated 400 million clients worldwide, gained special attention by Western intelligence agencies because of its technical proficiency.

Kaspersky said in a statement that it was investigating the allegations. "We find it extremely worrying that government organizations are targeting security companies instead of focusing their resources against legitimate adversaries and are actively working to subvert security software that is designed to keep us all safe," it said.

In recent years, Kaspersky has played a key role in unmasking alleged US cyberweapons such as Stuxnet, a sophisticated program used to attack the computer systems at Iran’s main nuclear enrichment facilities, and a similar program known as Flame.

Earlier this year, Kaspersky accused US intelligence agencies of planting spy software inside computers made by leading global manufacturers.

And just this month the company's founder, Eugene Kaspersky, blogged that Kaspersky had uncovered an "advanced attack" on its internal networks by an unnamed state actor. He wrote that the malicious software, which he labeled Duqu 2.0, is a generation ahead of anything the firm has previously seen.

While Mr. Kaspersky’s blog post could be a bit of calculated self-promotion – a common strategy in the sector – experts say there's little doubt that the latest Snowden revelations point to an escalating cyberwar of all-against-all that is probably much worse than is publicly acknowledged.

"It’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare," Kaspersky wrote about Duqu 2.0. "If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I’m once again calling on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to