Stories
Slash Boxes
Comments

SoylentNews is people

NSA & GCHQ Attempted to Subvert Popular Security Software Tools

posted by janrinok on Wednesday June 24 2015, @09:17AM   Printer-friendly
from the so-that's-why-the-antivirus-programs-run-so-slowly dept.

zocalo writes:

The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden, according to a story at Glen Greenwald's Intercept. The document, a GCHQ warrant renewal request written in 2008 and provided under Section 5 of the U.K.'s 1994 Intelligence Services Act, must be renewed by a government minister every six months and seeks authorization for GCHQ activities that "involve modifying commercially available software to enable interception, decryption and other related tasks, or 'reverse engineering' software."

Of note is that while Kaspersky Labs is particularly singled out, Bitdefender, ESET, Avast, AVG, and F-Secure are also mentioned as specific targets, while the US/UK based McAfee, Symantec and Sophos are all notable by their absence raising questions over whether they have might colluded with the NSA and GCHQ, or whether the other vendors mentioned might have colluded with their own national security services. Should that be the case then the debate over the merits of whether or not compromising encryption tools is a good idea given the potential for the backdoor to be found and exploited by foreign governments and criminals perhaps ought to apply to more general security software as well.

Original Submission

 
This discussion has been archived. No new comments can be posted.
NSA & GCHQ Attempted to Subvert Popular Security Software Tools | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by kaszz on Wednesday June 24 2015, @11:12AM

    by kaszz (4211) on Wednesday June 24 2015, @11:12AM (#200324) Journal

    The absence of McAfee, Symantec and Sophos is probable simple, they got NSL'd or got physical access op'd. As for the rest. They are perhaps harder to get into with gray papers and without exposure:

    Bitdefender - Romania (NATO since 2004, EU since 2007)
    ESET - Slovakia (NATO since 2004, EU since 2004)
    Avast - Czech Republic (NATO since 1999, EU since 2004)
    AVG Technologies - Netherlands (founding NATO 1949, EU 1957)
    F-Secure - Finland (EU since 1995)
    Kaspersky Labs - Russia

    Ie, don't trust any security from 5-6 eyes or any other big power. And don't forget that the operating system used by these software packages is notorious for sloppy coding and being headquartered in the land of NSL'd.

    Using the anti-virus software is kind of neat because you defeat the defense system, have access to all files even when encrypted and have a phone-home-line that can be co-opted to send data back. Perfect..

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=2, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 0) by Anonymous Coward on Friday July 03 2015, @02:27AM

    by Anonymous Coward on Friday July 03 2015, @02:27AM (#204519)

    IMO bitdefender free sucks
    try their free rescue (LiveCD)