Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.
Ironically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.
That tool, of course, is your garden variety antivirus program.
According to an article published Monday on The Intercept, the spooks have been busy figuring out ways to exploit antivirus software, used on absolutely every Windows server in every data center on the planet.
“The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which…claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.”
If I were Kaspersky, I’d be really pissed right about now.
It seems that the NSA, along with Brit spies at Government Communications Headquarters (GCHQ), have had their noses so far up Kaspersky’s…er, code, that they know what every sub-routine in it’s software smells like.
The information comes from — where else? — documents supplied by the NSA’s nightmare-that-won’t-go-away, Edward Snowden.
The spooks have been reverse engineering. They’ve been dismantling Karpersky’s software, searching for weaknesses. They’ve been mining sensitive data by monitoring the email chatter between Kaspersky client and server software. In other words, while IT security folks outside the U.S. have been keeping a wary eye on their Windows servers while trusting their antivirus to be a tool to help them secure the unsecurable…well, their antivirus software has been being a Trojan in the truly Homeric sense of the word.
Although this week’s article concentrates on the NSA’s activities against Karpersky, it indicates that antivirus software from other companies has also been under scrutiny, as all antivirus software is a thorn in spy agencies’ sides.
“Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.”
Although it’s not known exactly what the NSA and GCHQ have gained from the man-hours they’ve put into examining Kaspersky’s and others’ code, my guess is that they’re primarily interested in the heuristics — that part of antivirus programs that attempts to identify a potential threat not through virus definitions but by looking for suspicious behavior within the system. By knowing exactly what the heuristic programs are monitoring, they hope to be able to avoid triggering an alarm.
In the meantime, Windows becomes less safe by the minute for corporations and governments hoping to keep private data private. I’m certain that Red Hat, SUSE, and even Ubuntu are taking advantage.
Help keep FOSS Force strong. If you like this article, become a subscriber.