A Hacking Group Has Been Undermining Anti-Virus Software, but It’s Not Who You Think

The NSA is really everywhere.

Security companies may be moving away from the anti-virus model of cataloging and scanning for threats, but if that’s all you have on your computer, it’s still better than nothing. Unless the security program you’re running has been compromised by the National Security Agency, in which case it’s time to hurl your computer against a brick wall and go to Dairy Queen.

Surfacing new documents from the Snowden trove, the Intercept reports that the NSA and the British surveillance agency Government Communications Headquarters, or GCHQ, have had initiatives to undermine anti-virus software to facilitate government tracking, data surveillance, and assorted intelligence-gathering.

The documents indicate that the agencies reverse-engineered numerous anti-virus offerings, especially products from Moscow-based Kaspersky Lab, which has a holding in the United Kingdom. The company says it has 270,000 corporate clients and protects a total of 400 million people worldwide.

Monitoring anti-virus software is valuable for intelligence agencies because it identifies new malware and can reveal trends in cyberattacks. By undermining these security measures, the NSA can get information about new threats and even prevent monitoring software from detecting its own surveillance malware.

Additionally, operating systems tend to give anti-virus trusted status, making it a valuable jumping-off point for network surveillance. Security software has increasingly come under scrutiny for being vulnerable to attack, so it makes sense that the NSA worked on infiltrating various products. For example, when researchers in Singapore tested 17 popular anti-virus offerings last year, they were able to find vulnerabilities in 14.

The good news for many American consumers is that the Intercept did not find mention of McAfee or Symantec (Norton) products in the documents. But it’s just another example of how thorough surveillance agencies have been in finding ways to get the data they want, even if it means compromising the cybersecurity of millions of people.