AV Vendors supposed to be spied by NSA und GCHQ

[Der.Reisende]

Content source

http://www.heise.de/security/meldung/NSA-und-GCHQ-spionieren-Anti-Viren-Hersteller-aus-2719443.html

Found this one on Heise Security today...

The secret services try to learn how to bypass the antivirus when attacking computer. German manufacturer Avira was apparently be spied.

Nearly two weeks after it was revealed that anti-virus vendor Kaspersky had become target of a hacker attack, now seems likely that the NSA and its British counterpart GCHQ were behind. Also the attack was probably not an isolated case, as the Snowden documents suggest. Competitors Kaspersky like Avast, AVG, Eset, F-Secure and the German manufacturer Avira should also have been spied. Probably, the intelligence's main target was to learn about how to bypass the virus protection of individual producers in case of an attack on the target's computer.

Virus guard in his sights

NSA and GCHQ are suspected to have disassembled programs and intercepted the e-mail traffic of employees of the companies - all about piling up knowledge about vulnerabilities in software as well as background knowledge. The code name for the appropriate project is therefore "Camberdada". This is clear from internal NSA films and an extension request for powers of GCHQ, which has published the investigative website "The Intercept".

As the conducted by GCHQ reverse engineering may be contrary to applicable copyright in the United Kingdom, the Secret Service probably sought legal advise with this request. In addition to anti-virus programs, it is also about all kinds of other software, such as online forums, server management systems and encryption software.

Learning from malware writers

The documents suggests that the NSA is spies also on reports of AV programs to the mothership. Therefore, intelligence might be gathering data about current malware epidemics and find malicious code, which is not recognized for the moment by the virus scanners. Such viruses can then be used for their own purposes.

Kaspersky Lab is mentioned in the documents very often. The Russian company appears to be a prominent target of NSA and GCHQ, which in turn suggests that the recently discovered attack might be on behalf of these services or their allies , the Five Eyes. Also, the technical structure used by the trojan, which was given the name Duqu 2.0, seems to support this theory.

(Mainly translated by Google, there might be some mistakes in there i didn't recognize.)

 

[Oxygen]

All news about the NSA never fails to surprise me at all.

 

[comfortablynumb15]

I'm not surprised at all and quite honestly expected it.

 

[hjlbx]

Such things will never - like, ever, ever, ever - end; NSA, GCHQ, FSB, BND, AIVD, etc, etc - they spy - that's what they do - by any and all means - some legally, some just plain don't give a damn...

"Gotcha !"

 

[comfortablynumb15]

Well no, they won't end everything they do, even if Congress and its international equals throws a fit. Without all of them we'd be worse off, it's just hard to understand that when things are getting out of hand like they are. Legality is a bit difficult to deal with in the intelligence community. Not everything that needs doing is "legal" to do. The majority of Cold War activities weren't "legal", but if they hadn't been done, who knows what would have gone on.

These agencies are, if you'll just take a moment to think, in a tough spot. No, not every citizen and government official should have their every move watched and judged. But, when almost the entire population of Earth is hooked together by computer and every single last thing is done online, how does one only look at and watch the bad guys? If you really think about it, you'll find that it's next to impossible. That's just the nature of how society has changed and our very dangerous reliance on being connected at all times. Really about the only thing that can and should be done is to discard the data that isn't relevant and deemed a threat, instead of keeping it stored.

However, the problem with that is what is determined a "threat"..that's where the real issue is. Depending on the government or a specific individual in power, a threat can be anything from terrorism to being insulted. It's this definition of threat that is causing the real harm, not so much the spying. The systems in place are very needed, yet very easy to abuse. How do we not abuse it? Answer that one and you answer your spying dilemma.

 

[Der.Reisende]

Well no, they won't end everything they do, even if Congress and its international equals throws a fit. Without all of them we'd be worse off, it's just hard to understand that when things are getting out of hand like they are. Legality is a bit difficult to deal with in the intelligence community. Not everything that needs doing is "legal" to do. The majority of Cold War activities weren't "legal", but if they hadn't been done, who knows what would have gone on.

These agencies are, if you'll just take a moment to think, are in a tough spot. No, not every citizen and government official should have their every move watched and judged. But, when almost the entire population of Earth is hooked together by computer and every single last thing is done online, how does one only look at and watch the bad guys? If you really think about you, you'll find that it's next to impossible. That's just the nature of how society has changed and our very dangerous reliance on being connected at all times. Really about the only thing that can and should be done is to discard the data that isn't relevant and deemed a threat, instead of keeping it stored.

However, the problem with that is what is determined a "threat"..that's where the real issue is. Depending on the government or a specific individual in power, a threat can be anything from terrorism to being insulted. It's this definition of threat that is causing the real harm, not so much the spying. The systems in place are very needed, yet very easy to abuse. How do we not abuse it? Answer that one and you answer your spying dilemma.

Brilliant comment comfortablynumb15!

You're right indeed. Everybody's freedom stops where the nose of his counterpart starts. Therefore, some rights (in case to have others protected from harm) might be cut down.

I'm glad to not having to decide about what's right and what's wrong when it comes to stranger's actions (e.g. as part of one of those intelligences).

It's quite a difficult subject to to conceive an opinion about I see...

 

[Kate_L]

"It was probably the secret services deliberately aim is to learn how the virus protection of individual producers in the attack can be bypassed on the target computer", this doesn't sound good.

 

[Der.Reisende]

"It was probably the secret services deliberately aim is to learn how the virus protection of individual producers in the attack can be bypassed on the target computer", this doesn't sound good.

Thank you, edited my post.

 

[Nico@FMA]

Well no, they won't end everything they do, even if Congress and its international equals throws a fit. Without all of them we'd be worse off, it's just hard to understand that when things are getting out of hand like they are. Legality is a bit difficult to deal with in the intelligence community. Not everything that needs doing is "legal" to do. The majority of Cold War activities weren't "legal", but if they hadn't been done, who knows what would have gone on.

These agencies are, if you'll just take a moment to think, in a tough spot. No, not every citizen and government official should have their every move watched and judged. But, when almost the entire population of Earth is hooked together by computer and every single last thing is done online, how does one only look at and watch the bad guys? If you really think about it, you'll find that it's next to impossible. That's just the nature of how society has changed and our very dangerous reliance on being connected at all times. Really about the only thing that can and should be done is to discard the data that isn't relevant and deemed a threat, instead of keeping it stored.

However, the problem with that is what is determined a "threat"..that's where the real issue is. Depending on the government or a specific individual in power, a threat can be anything from terrorism to being insulted. It's this definition of threat that is causing the real harm, not so much the spying. The systems in place are very needed, yet very easy to abuse. How do we not abuse it? Answer that one and you answer your spying dilemma.

Well i actually agree to what you said and of many others for the most part, yet i do want to highlight some legal part that has been left out in most media coverage and news topic's.
Agencies are indeed in a weird spot, on one hand they are suppose to uphold the law and make sure that their bosses and chiefs have first grade Intel, on the other hand they are breaking the law and creating unnecessary problems for their host nation and the rest of the parties that are involved.
The reason why i am saying this is simple, on one hand you have the law on the other hand you do have a "need".
And its publicly known that a "need" cannot always be done within the framework of the law. I can accept that and i think that anyone with a bit of brains can understand and accept that a agency sometimes has to break laws in order to uphold it.
Yet with this in mind intelligence services are far from perfect, and it has been proven beyond the reasonable doubt that all the filters and systems cost a insane amount of money and do more harm to those who are within the law then those who operate outside it.
Some years back when i was in the army we did deal with serious issues when it comes to first grade Intel and accurate Intel.
Finding a building, a Airplane, a navy vessel, a drug speedboat, or any vehicle / machine or object is actually very easy.
Within the army when we where on "mission" our targets could do literally nothing without being detected, monitored and eventually neutralized/captured or whatever objective we did have.
Yet this is practical intelligence that does not hurt anyone with the exception of the target (s) itself.
Nothing wrong no harm done, there is always a paper trail or a data stream regarding the target and breaking laws to get to them is one thing.

But profiling millions and millions of people knowing what their political, social, economic, family and online flavors and habits are is just criminal and there is not a single justification that would stick to explain it. Specially if you consider that true criminals and terrorists escape and evade detection for years on end making NSA and their counterparts look like amateurs.
Let me tell you from my own extensive experience that 8 out of 10 terrorists are known, monitored and within 48 hours reach regardless where they are. And this is done by state of the art techniques and hard build infiltration networks.
It is so effective that the capture rate is nearly a 100% IF such order is given. (A exception here for those that still have a part to play for god knows what political or strategic reason.) And none of this is being done with data centers and world wide internet filters.
Sure on the internet lots of things go on and they are for a large part known, so hiding is actually so much harder online then in the real world and there is no point in having a huge internet sniffer system running.
If you are a terrorist or a name that has special attention then a agency like NSA or its Western EU counterparts know almost in real-time what you are up to without having to sift trough petabytes of meta data. You might slip detection for some time but they just known where you are and know when you pop-up.
So the billions and billions of dollars invested in all these internet monitor systems are just total bullshit.. it does not add anything, it does not help anyone and it only creates miss trust.
Now lets say for a second that these systems are being used to monitor nations like: North Korea, Iran, Syria, Libya, Egypt or even Russia and China for that matter then you got a justifiable reason since these nations have clearly shown that they "need" this kind of attention.
But why spying your own population? Your friends? Allies? and nations that have a 50+ years of peaceful and friendly track-record?
Why mass spying the world population? Why stealing company data to enhance your own industry? Yet being a big voice in the UN Council claiming that others do it? you cannot uphold international law if you do not follow it yourself.
I left out so many reasons and motives here as it would make this reply to huge but the bottom line is that the whole national security thing has nothing to do anymore with security and all the political and lawyer sweet talk to find some justification just does not fly either.
Target your enemies sure ill go with that... but why targeting a 5 year old kid? or a citizen that never did have just as much as a speeding ticket? Or why targeting a 70+ year old granny who does facebook with her kids? and millions and millions more that have a near perfect track record. And the real kicker is that the NSA has proven to be one of the most ineffective and costly agencies out there.
Sure they got huge capacity and great in-house skills which should make them awesome yet they have become to large and by the time a piece of Intel reaches the right people the world trade center would have collapsed twice and still they would have needed weeks to get all the data on a file.
That said focused intelligence works as i have seen it myself and know first hand how extremely effective it is. Its clean, its realtime, its fast and it does not harm anyone.

Large or mass surveillance and profiling + the laws and rules that are being created to justify these things and the slowly but targeted deterioration of US constitutional core values (Something hundreds of thousands if not millions gave their life's for) is just a crime
These schemes are internationally outlawed and by international laws forbidden since Hitler, Stalin and Mao Zedong.
Nations have been bombed back to the stone age because of this, Look at the WOII look at the cold war millions fought to make these practices stop. And while upholding the so called good Samaritan look at the UN security council as the police cop of the world, the US is fast tracking into a authoritarian regime that does not take care of the mass, but it only takes care of a few.
And that does ring a bell for anyone that is still alive and has seen the horrors in the time when these key figures (Hitler, Stalin and Mao Zedong.) where doing pretty much the same.
So how far does one have to fall to do exactly the things you have been fighting against for the past 50 years.

And that to me can only lead to more problems....

Cheers

 

[comfortablynumb15]

I very much agree with your point too. That being said, one big issue is that terrorism has gone to the online world, and having guys on the ground infiltrating doesn't help with that (making an assumption here that you were talking about the physical intelligence work done "the hard way"). I still will say that not sweeping the general public into these surveillance nets is a lot more difficult to pull off. There is of course that problem you spoke of regarding spying on allies..that part sucks, but everyone is doing it. We can think it's senseless, but they do it anyway. There are some exceptional cases that make sense, such as the case with Israel (those people can't even trust the U.S anymore), but otherwise I agree it needs stopped.

As to the effectiveness of the NSA and its counterparts, well, it's government, it always has been and always will be prone to stupidity and worthless endeavors. Remember, bureaucracy screws up everything it touches. You're an ex Army man, I'm pretty sure you've seen that first hand too.

 

[Der.Reisende]

Well i actually agree to what you said and of many others for the most part, yet i do want to highlight some legal part that has been left out in most media coverage and news topic's.
Agencies are indeed in a weird spot, on one hand they are suppose to uphold the law and make sure that their bosses and chiefs have first grade Intel, on the other hand they are breaking the law and creating unnecessary problems for their host nation and the rest of the parties that are involved.
The reason why i am saying this is simple, on one hand you have the law on the other hand you do have a "need".
And its publicly known that a "need" cannot always be done within the framework of the law. I can accept that and i think that anyone with a bit of brains can understand and accept that a agency sometimes has to break laws in order to uphold it.
Yet with this in mind intelligence services are far from perfect, and it has been proven beyond the reasonable doubt that all the filters and systems cost a insane amount of money and do more harm to those who are within the law then those who operate outside it.
Some years back when i was in the army we did deal with serious issues when it comes to first grade Intel and accurate Intel.
Finding a building, a Airplane, a navy vessel, a drug speedboat, or any vehicle / machine or object is actually very easy.
Within the army when we where on "mission" our targets could do literally nothing without being detected, monitored and eventually neutralized/captured or whatever objective we did have.
Yet this is practical intelligence that does not hurt anyone with the exception of the target (s) itself.
Nothing wrong no harm done, there is always a paper trail or a data stream regarding the target and breaking laws to get to them is one thing.

But profiling millions and millions of people knowing what their political, social, economic, family and online flavors and habits are is just criminal and there is not a single justification that would stick to explain it. Specially if you consider that true criminals and terrorists escape and evade detection for years on end making NSA and their counterparts look like amateurs.
Let me tell you from my own extensive experience that 8 out of 10 terrorists are known, monitored and within 48 hours reach regardless where they are. And this is done by state of the art techniques and hard build infiltration networks.
It is so effective that the capture rate is nearly a 100% IF such order is given. (A exception here for those that still have a part to play for god knows what political or strategic reason.) And none of this is being done with data centers and world wide internet filters.
Sure on the internet lots of things go on and they are for a large part known, so hiding is actually so much harder online then in the real world and there is no point in having a huge internet sniffer system running.
If you are a terrorist or a name that has special attention then a agency like NSA or its Western EU counterparts know almost in real-time what you are up to without having to sift trough petabytes of meta data. You might slip detection for some time but they just known where you are and know when you pop-up.
So the billions and billions of dollars invested in all these internet monitor systems are just total bullshit.. it does not add anything, it does not help anyone and it only creates miss trust.
Now lets say for a second that these systems are being used to monitor nations like: North Korea, Iran, Syria, Libya, Egypt or even Russia and China for that matter then you got a justifiable reason since these nations have clearly shown that they "need" this kind of attention.
But why spying your own population? Your friends? Allies? and nations that have a 50+ years of peaceful and friendly track-record?
Why mass spying the world population? Why stealing company data to enhance your own industry? Yet being a big voice in the UN Council claiming that others do it? you cannot uphold international law if you do not follow it yourself.
I left out so many reasons and motives here as it would make this reply to huge but the bottom line is that the whole national security thing has nothing to do anymore with security and all the political and lawyer sweet talk to find some justification just does not fly either.
Target your enemies sure ill go with that... but why targeting a 5 year old kid? or a citizen that never did have just as much as a speeding ticket? Or why targeting a 70+ year old granny who does facebook with her kids? and millions and millions more that have a near perfect track record. And the real kicker is that the NSA has proven to be one of the most ineffective and costly agencies out there.
Sure they got huge capacity and great in-house skills which should make them awesome yet they have become to large and by the time a piece of Intel reaches the right people the world trade center would have collapsed twice and still they would have needed weeks to get all the data on a file.
That said focused intelligence works as i have seen it myself and know first hand how extremely effective it is. Its clean, its realtime, its fast and it does not harm anyone.

Large or mass surveillance and profiling + the laws and rules that are being created to justify these things and the slowly but targeted deterioration of US constitutional core values (Something hundreds of thousands if not millions gave their life's for) is just a crime
These schemes are internationally outlawed and by international laws forbidden since Hitler, Stalin and Mao Zedong.
Nations have been bombed back to the stone age because of this, Look at the WOII look at the cold war millions fought to make these practices stop. And while upholding the so called good Samaritan look at the UN security council as the police cop of the world, the US is fast tracking into a authoritarian regime that does not take care of the mass, but it only takes care of a few.
And that does ring a bell for anyone that is still alive and has seen the horrors in the time when these key figures (Hitler, Stalin and Mao Zedong.) where doing pretty much the same.
So how far does one have to fall to do exactly the things you have been fighting against for the past 50 years.

And that to me can only lead to more problems....

Cheers

Hello Nico@FMA,

sorry for replying late.

I'm very impressed by your argumentation!

If I got you right, Intel is trying to collect big data about us all rather than pursuing the real criminals?

However, great comparison. On the one hand, Intel can harm us all but on the other side, evading the common AVs can really help to prevent crime.

Sure there's no way to get under the radar, hopefully, Intel uses it's power to the well-being of those being respectable.

 

[comfortablynumb15]

Wait, I'm confused. How can evading common AV software prevent crime? I mean, I get that if you evade the AV, then you can slip in undetected..but you can do that anyway. AV software is absolutely atrocious at detecting and preventing government-level malware, and that's really the only malware anyone should lose sleep over. There's no need to break the software and cause probable reputation hits to innocent vendors. And yes, intelligence agencies aren't trying but are succeeding in collecting mass data in the, publicly spoken at least, hope of capturing criminals. But I very much believe it goes much further than that, and that things are going to get much, much worse.

I don't mind intelligence agencies doing their jobs, it's necessary. I do mind collecting everything on everyone and just hoping to catch bad guys while storing data on good guys God knows where for God knows what purpose. How do we fix that though? No idea.

 

[Der.Reisende]

Good morning comfortablynumb15.

As I understood, they use evasion from the AV (via unknown Zero Day Leaks or Viruses) to infiltrate the bad guys PCs.

I agree with you that a targeted attack might not be prevented by common AV.

Also, you might be right if common viruses can't be stopped, they might not only be used for preventing crime, but in fact for stealing data and money as soon as the security flaw is discovered widely.

As time goes on, yes, things might get worse as technology becomes better and more and more people reach out their hands for "smart" devices (fridges and so on), without thinking about how the necessary internet connection might be abused.

Sure, it's impossible to avoid being monitored by gov, Intel etc. (in times of Facebook, Google... which also me regularly use to communicate with the world) so it might only lead to paranoia if bothering to much about that.

I only found the article to be alarming and rather interesting for the community here, so I decided to share.

Of course you can't stop the trend things do, but you can (and probably should) take track on it.

Data collection btw is not only a big problem Intel seems to have, but all big internet companies whom services we tend to use.

I have to admit to have had serious doubts if using Chrome is a good idea when the first reports on the massive (really?) data collection by Google showed up. But heck, which search provider one usually uses?

Also, you use Android (or Apple), M$, YouTube, Facebook, Flickr (in my case), therefore, you might have to make up your mind in favor of the benefits we can have from sharing data (we can't prevent it anyway), of course trying to not share more than needed.

Same goes for Intel, I'm a honest citizen, I work for the government (trainee at the tax dept), therefore, they might not bother me more than necessary.

 

[LabZero]

Now there remains little to be taken to keep alive the hope of not being spied on when we are in front of the computer screen, smartphone or tablet.

Seems to have dropped the last wall separating our lives from myriad digital snoops, worse, cyber criminals who do not expect more than a misstep to steal the credentials to the website of the Bank or PC's to steal photos of relatives and children and blackmail the unsuspecting users.

The last frontier against the web dangers it was called antivirus ...

 

[Der.Reisende]

Good evening Klipsh, bleak forecast you're drawing here. Therefore, the last barrier to not get infected is Brain.exe (is it called like this?) - the user himself which has to become more and more cautious on the things he runs /receives on his PC. Directed attacks live the gov ones might of course not possible to be avoided in some cases.

Hopefully, AV vendors have the chance to keep track and protect us as much as they can, I pay money for a secure environment with pleasure.

 

[comfortablynumb15]

You've got to have some balance though between legitimate fear and worry and the "sky is falling oh God we're all doomed!" mindset. Every single last piece of technology humans have ever created has been used for both good and bad purposes. Humans are just weird like that, we can't leave well enough alone. The NSA intentionally trying to break AV software is worrisome, but pretty expected if you keep in mind it's their job to break everything. Remember, these organizations also create new security methods too. The world is about to become a really sucky place, but hope for better only dies if you quit caring and quit hoping.

 

[LabZero]

Good evening Klipsh, bleak forecast you're drawing here. Therefore, the last barrier to not get infected is Brain.exe (is it called like this?) - the user himself which has to become more and more cautious on the things he runs /receives on his PC. Directed attacks live the gov ones might of course not possible to be avoided in some cases.

Hopefully, AV vendors have the chance to keep track and protect us as much as they can, I pay money for a secure environment with pleasure.

Yes, Brain.exe the best and inviolable security product.

 

[comfortablynumb15]

Yes, Brain.exe the best and inviolable security product.

Until Google finishes it's next project and wires your head, lol.

 

[LabZero]

Until Google finishes it's next project and wires your head, lol.

Edit : Yes, Brain.exe the best and inviolable security product (for now... ) lol

 

[Deleted member 21043]

Up until now I haven't really commented about this to anyone much, but I personally think that what is happening is bad and shouldn't be happening (the NSA and GCHQ spying on security vendors and finding ways to bypass the protection via exploits to attack someones computer without it being detected by the targetted vendor).

Security vendors (like Kaspersky, ESET, Avast) are working hard to provide us security software to protect us all. Now the NSA/GCHQ are working closely together to exploit the software they provide (and other vendors provide) to attack someones system? Not only does this mean that they can potentially abuse their privileges with this should they ever need too, but they are creating exploits to help them in preventing detection from the security software and even potentially leverage them onto the system. This shouldn't happen, especially with agencies like NSA, GCHQ. I personally think they should spend their time more wisely by fighting real crimes occuring on the internet/in real life, as opposed to working out how they can attack and exploit specific security software.

Not only this, but if the work the NSA/GCHQ ever got out to the public, then malware writers may find this and find their way around vendors security software (before it's patched up, that is if the vendor actually knows how to patch it up, some exploits can be extremely tricky to patch up).

For anyone who does not already know, an exploit is when a vulnerability is used as an advantage to do something, usually for malicious activity.

Exploiting security software should not be done by the agencies. This is malicious behaviour from them themselves; they should really know better. Although, I do understand there may be reasons behind it, it should still not happen. Of course they may wish to spy on suspects of certain crimes, but they might not even know if the suspect was actually involved in something/was responsible, and everyone deserves their privacy. Innocent until proven guilty. I do no think the agencies like it when they are spied on.

Exploiting security software is bad enough on it's own, but intercepting e-mail traffic from the employees makes the whole situation even worse.

Instead of the NSA/any other agency making exploits, rootkits to attack people and bypass specific security software, they could spend their time helping the vendor patch up any exploits they managed to find in the software to help secure the security of people using the security software product. This would be activity I would expect from an agency, not the opposite, using it as an advantage to spy/attack individuals when they may be feel like it (although we do not actually know how they exactly use the work they have all the time).

The above is just my opinion, everyone has their own opinion... Hopefully no one minds about mine too much.
Cheers.