Skip to main content

NSA and GCHQ reverse-engineered Kaspersky Labs

US and UK spy agencies have reverse-engineered anti-virus software with the goal of obtaining sensitive information from protected systems, The Intercept reported yesterday.

According to the report, the spy agencies NSA and GCHQ paid particular attention to Kaspersky Lab for two reasons – it is being used by more than 400m people and includes more than 270,000 corporate clients, and – it’s Russian.

The NSA is claimed by Snowden to have obtained sensitive customer information by monitoring email and web traffic on Kaspersky’s servers.

According to the latest Snowden revelations, instead of reporting on vulnerabilities they discover, the agencies kept quiet and used the knowledge to hack adversaries.

NSA agents embedded user-agent strings in HTTP requests on Kaspersky’s servers to uniquely identify the computing devices belonging to Kaspersky customers. In a statement emailed to The Intercept, Kaspersky Lab denied that its “User-Agent” strings could be used against its customers.

“The information is depersonalized and cannot be attributed to a specific user or company,” the statement read. “We take all possible measures to protect this data from being compromised, for example through strong encryption.”

The NSA paid particular attention to Kaspersky Lab, with its founder, Eugene Kaspersky, being educated at the KGB. He also worked for the Russian army.

“It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default,” Kaspersky says.

Cyber warfare has picked up in recent years, with the US, UK, China, Russia, Israel, North Korea, all taking part.