- Dec 27, 2014
- 3,423
Found this one on Heise Security today...
The secret services try to learn how to bypass the antivirus when attacking computer. German manufacturer Avira was apparently be spied.
Nearly two weeks after it was revealed that anti-virus vendor Kaspersky had become target of a hacker attack, now seems likely that the NSA and its British counterpart GCHQ were behind. Also the attack was probably not an isolated case, as the Snowden documents suggest. Competitors Kaspersky like Avast, AVG, Eset, F-Secure and the German manufacturer Avira should also have been spied. Probably, the intelligence's main target was to learn about how to bypass the virus protection of individual producers in case of an attack on the target's computer.
Virus guard in his sights
NSA and GCHQ are suspected to have disassembled programs and intercepted the e-mail traffic of employees of the companies - all about piling up knowledge about vulnerabilities in software as well as background knowledge. The code name for the appropriate project is therefore "Camberdada". This is clear from internal NSA films and an extension request for powers of GCHQ, which has published the investigative website "The Intercept".
As the conducted by GCHQ reverse engineering may be contrary to applicable copyright in the United Kingdom, the Secret Service probably sought legal advise with this request. In addition to anti-virus programs, it is also about all kinds of other software, such as online forums, server management systems and encryption software.
Learning from malware writers
The documents suggests that the NSA is spies also on reports of AV programs to the mothership. Therefore, intelligence might be gathering data about current malware epidemics and find malicious code, which is not recognized for the moment by the virus scanners. Such viruses can then be used for their own purposes.
Kaspersky Lab is mentioned in the documents very often. The Russian company appears to be a prominent target of NSA and GCHQ, which in turn suggests that the recently discovered attack might be on behalf of these services or their allies , the Five Eyes. Also, the technical structure used by the trojan, which was given the name Duqu 2.0, seems to support this theory.
(Mainly translated by Google, there might be some mistakes in there i didn't recognize.)
The secret services try to learn how to bypass the antivirus when attacking computer. German manufacturer Avira was apparently be spied.
Nearly two weeks after it was revealed that anti-virus vendor Kaspersky had become target of a hacker attack, now seems likely that the NSA and its British counterpart GCHQ were behind. Also the attack was probably not an isolated case, as the Snowden documents suggest. Competitors Kaspersky like Avast, AVG, Eset, F-Secure and the German manufacturer Avira should also have been spied. Probably, the intelligence's main target was to learn about how to bypass the virus protection of individual producers in case of an attack on the target's computer.
Virus guard in his sights
NSA and GCHQ are suspected to have disassembled programs and intercepted the e-mail traffic of employees of the companies - all about piling up knowledge about vulnerabilities in software as well as background knowledge. The code name for the appropriate project is therefore "Camberdada". This is clear from internal NSA films and an extension request for powers of GCHQ, which has published the investigative website "The Intercept".
As the conducted by GCHQ reverse engineering may be contrary to applicable copyright in the United Kingdom, the Secret Service probably sought legal advise with this request. In addition to anti-virus programs, it is also about all kinds of other software, such as online forums, server management systems and encryption software.
Learning from malware writers
The documents suggests that the NSA is spies also on reports of AV programs to the mothership. Therefore, intelligence might be gathering data about current malware epidemics and find malicious code, which is not recognized for the moment by the virus scanners. Such viruses can then be used for their own purposes.
Kaspersky Lab is mentioned in the documents very often. The Russian company appears to be a prominent target of NSA and GCHQ, which in turn suggests that the recently discovered attack might be on behalf of these services or their allies , the Five Eyes. Also, the technical structure used by the trojan, which was given the name Duqu 2.0, seems to support this theory.
(Mainly translated by Google, there might be some mistakes in there i didn't recognize.)
Last edited: