back to article GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely …

Silver badge
Trollface

Notably, US-based vendors McAfee and Symantec and Britain's own Sophos are nowhere to be seen.

Any idea why....

36
1
Pint

Kaspersky Lab was singled out in the report, with the NSA and GCHQ paying special attention to studying its software for weaknesses.

In 2008, GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations and stated it needed to reverse engineer it to find ways to "neutralise the problem".

Kaspersky's marketing people must be mildly pleased by these latest "revelations." Can't imagine they could have phrased it any better themselves.

26
0

What a ludicrous conspiracy theory... 4 clowns and counting voted that garbage up: scary to think they may even dare to vote...

So in your implicit delusion "Kaspersky's marketing people" planted a 2008 GCHQ warrant for some 7 years late staged marketing ploy involving Snowden and Greenwald unveiling his leaks: your tin foil hat is showing.

0
39
Silver badge

@Sensi - I don't believe anyone mentioned planting things. However, GCHQ have now officially called Kaspeski software effective; therefore endorsing it, albeit they didn't realise that the docs would spread at the time. That's going to make it easier to sell (and I know I would be sending an "As endorsed by GCHQ" campaign to the printers right about now were it down to me). Their product being made easier to sell pleases marketing people. No conspiracy required.

27
0
g e

Errrr WTF?

No.

Their marketing people must be pleased because an org like GCHQ complaining that software like Kaspersky's is making life infecting computers for their own ends awkward is great marketing copy.

Makes me want to avoid Sophos and McAfee at all costs, though, conversely. Perhaps their marketing conspiracy just collapsed?

9
0

@moiety

The OP appeared to do just that putting quotes around "revelations", or maybe i misread it and if that is the case: my bad.

7
0
Silver badge

I'm not sure why "revelations" had quotes round it either. It was probably sarcasm but that might have been El Reg's commentards generally favourable reaction to Saint Snowden (and would have also explained the use of the word revelations). That was how I saw it anyway.

I don't see any way for it to be a marketing stunt, unless Kaspeski has some way of interfering with Snowden releases; which seems unlikely. Having happened, though, and Kasperski having being singled out as a program that makes pwning computers difficult is definitely a gift to the marketing people. Making computers difficult to hack is more or less the entire point of the software and if Kasperski don't run with it I'd be quite surprised.

I didn't downvote you by the way. I rarely do, unless something really pisses me off or unless the word 'sheeple' is used in apparent earnestness.

4
0
Silver badge
Meh

An upvote for Sensi for the admission but a verbal (and entirely hypocritical) downvote for using the expression "my bad"...

Therefore the icon of 'Meh' to represent the perfect balance of good and evil.

3
0
Roo
Silver badge

Re: Errrr WTF?

"Makes me want to avoid Sophos and McAfee at all costs, though, conversely. Perhaps their marketing conspiracy just collapsed?"

I would be hugely surprised if you weren't already avoiding McAfee. :)

9
0
Anonymous Coward

Goodness me Sensi. Humour bypass, much?

It made me chuckle. Whilst (obviously) there was no conspiracy here, I agree that it is a nice endorsement tor Kas.

1
0

This post has been deleted by its author

Silver badge

"Notably, US-based vendors McAfee and Symantec and Britain's own Sophos are nowhere to be seen.

Any idea why...."

NSA aren't allowed to their own nationals so did everyone elses. Then they swap data with GCHQ

0
0
Silver badge

@Sensi

What part of the word "could" did you fail to understand?

0
0
Silver badge

What springs first to my mind

is that McAfee may be thought of by others much as I think of it - a black hole for CPU cycles that drains the life out of a PC. When the agency I worked for installed it we figured out in short order that tolerable performance could be had only with a multi core CPU and plenty of memory. Some applications (Oracle development tools, as I recall) took over half an hour to start up unless they were "trusted" and excluded from the scan.

Then again, maybe the agencies have an in with some manufacturers, or the design of the products is such as to make reverse engineering unnecessary.

2
0
Silver badge

"Any idea why...."

Presumably because products created by those companies have built-in back doors.

4
0
Bronze badge

> ...downvote for using the expression "my bad"...

I know these archaic linguistic expressions can be confusing to those who haven't studied them, and indeed are often seen as a bit pompous. However, be assured its meaning is similar to "mea culpa".

2
0

Built in back doors, certainly. But it's quite possible that they weren't intentional back doors. Maybe McAfee is as competent at making its AV secure as it at making it not screw up performance? That would surely guarantee a reasonable number of back doors? More than a decade ago I persuaded my employer (with help from the sysops team) to ditch Symantec and adopt Trend on the grounds that doing so would vastly improve security an singnificantly reduce costs, and no-one has ever suggested to me that Symantec has at any time reached anything like the same security capability as Trend or Kapersky.

0
0

This post has been deleted by its author

Silver badge

The major US and UK ones, yes. It's the minor players, the Europeans and Russkies that are "a problem".

It seems logical that you shouldn't be using Kaspersky if you've anything to hide from the Russian authorities or their oligarch mates, but they should be a better bet than (say) Symantec if you wanted to reduce your exposure to snooping by the NSA.

A better approach than relying on security software to defend your secrets is to not connect your private computer systems to the internet. Whilst there's plenty of ways of bridging an air gap, they are only likely to be used for known + high value targets.

10
1
Anonymous Coward

Methinks that's the point.

Those "agreements" being "agreed" with all the major vendors falling under those governments control. That would appear not to include the major Russian vendor then.

3
0
Megaphone

>A better approach than relying on security software to defend your secrets is to not connect your private computer systems to the internet.

Yes yes that's fine for the State Department (although they are too stupid to do it completely as shown by Manning) but some of us actually enjoy using the internet for our home computers. As a compromise for example I do banking solely off an encrypted usb stick that boots into OpenBSD (both secure and also obscure) with no other software but what is necessary to login to my bank (including necessary security browser addons). I don't even know my bank passwords (which are random 20+ characters) and never enter them directly as I use keepassx which stores them encrypted locally only. Tails OS is also a good option but I like OpenBSD. I use another BSD as my main OS off the hard drives. Again secure (fairly) obscure and best of all no systemd or svchost.exe or vital need for antivirus (other than clam for an occasional paranoid scan).

5
0

" I don't even know my bank passwords"

Go directly to jail. Until you can tell the judge your password.

5
0
Silver badge

wow

Can't believe I am saying this living in the land of the free (for corporations) but the US are actually a bit more progressive on this for once. It seems to still be ambiguous and on a case by case basis if a judge can hold you contempt for not do so as opposed to being enshrined in law like in the UK.

0
0

Kapersky works together with law enforcement and security agencies in countries round the world, including in the USA, Japan, the UK and several other European countries, also with Interpol and Europol. Maybe they are quite safe to use to deny access to your data by the Russian state, and maybe not. For some other AV vendors I might say are maybe quite safe to use to deny access to the average script kiddy, and maybe not.

0
0
Joke

"spooks reverse-engineered software products in order to obtain intel"

They fell for the label that said 'intel inside'.

44
0
Pint

Re: "spooks reverse-engineered software products in order to obtain intel"

Well played.

2
0
Silver badge
Pint

GCHQ ... described Kaspersky software as an obstruction to its hacking operations

The best marketing that money can't buy.

5
0
Silver badge

Re: "spooks reverse-engineered software products in order to obtain intel"

Nice one, Tromos :)

0
0
Big Brother

The definition of "security"

So, some security agencies are trying to disable security software in order to keep us all secure (from whatever threat of the day may be). And some of these security software companies apparently don't need to be fought/hacked/persuaded for unclear (read: obvious) reasons.

Seems to me that there are a number of different definitions of "security" out there.

"I go down to Speaker's Corner I'm thunderstruck [...] Two men say they're Jesus – one of them must be wrong..."

6
0
Silver badge

Re: The definition of "security"

There's 2 definitions: There's the normal one; which everybody else uses; and there's the spook's definition; which means that they are secure and fuck everybody else.

7
0
Silver badge
Unhappy

Re: The definition of "security"

I've already beaten this horse to death, but one more time....These sigint agencies are doing more damage to actual IT security than any hacker collective could do.

"Let's take working AV software and compromise it. What's the worst that could happen?"

11
0
Silver badge

Ringing Endorsement?

"GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations"

6
0
Silver badge
Pirate

Time to write our OWN antivirus program

With Blackjack. And hookers!

5
0

Re: Time to write our OWN antivirus program

The dream of Open Source endures!

2
0
Anonymous Coward

Re: Time to write our OWN antivirus program

Like this?

0
0
Silver badge
FAIL

Prioties

So... While the best and the brightest computer whizkids that the state could hoover up where engaged in breaking security and spying on (mostly) law-abiding citizens, the Chinese managed to hack into government computers and steal the very private details of 18 million citizens.

Bravo chaps, well played. What's next? While cracking down on pornographic material coming in from Europe you miss a massive paedophile ring in Parliament...

(I know GCHQ and the NSA are different agencies, but they're effectively the same team now.

9
0
Bronze badge
Angel

Re: Prioties

Who *knows* that the Chinese *actually* "hacked into ..."?

Would it not be easier that the Chinese simply asked for a little favour in return for something. Perhaps a password or even a private VPN to the inside of the firewall from some of the rice-bowl-a-day techies at the outsourced data processing facility in Bangalore or whatever - 1500 quid will go a long way in the 3'rd world and it's knot that the techies are any dumber "there" than "here", they also know that their job can always go to a cheaper place, so .... What Loyalty, Exactly!

There is also the problem that China trains and educates 250000 engineers per year; it would be strange if not 2500 of these are really good, 250 of those really love their country above all others and maybe 100 of these travel to "The West" to work at leading tech businesses. cdr150622

1
0
Roo
Silver badge
Windows

Re: Prioties

"Bravo chaps, well played. What's next? While cracking down on pornographic material coming in from Europe you miss a massive paedophile ring in Parliament..."

You may be being unfair there. There is plenty of evidence to support the hypothesis that the establishment were are actively suppressing any investigation and prosecution of themselves. I am surprised that our allegedly free press and democratically elected MPs have not made more of the fact that evidence and investigations are being systematically buried until the day after the perps are buried.

5
0
Roo
Silver badge
Windows

And yet we still have people making assertions such as the following found in an el Reg comment section just 9 days ago:

"But plainly turning off our anti-malware software today is nonsense."

It is now official: switching off AV software is the first step to securing your system...

4
1
Silver badge

"It is now official: switching off AV software is the first step to securing your system..."

I installed Norton once, I had to leave the room and nuke it through the window. Never again.

I monitor my outbound connectivity and CPU processes for anything suspicious and turn off everything that isn't immediately required in my browser.

I've never had a virus, only the odd bit of adware etc, and those fscking toolbars got installed once when I was in a rush - so I must be getting old. With that in mind I'm moving to a VM based solution and just run a vanilla Vista image to browse the net. If it gets infected it's gone when I shut the thing down.

0
0
Facepalm

"We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our profits if customers start dropping our products cos they suspect their government spooks might be spying on them through our software."

0
0
Silver badge

Sue them under the DMCA?

As most companies would argue, reverse-engineering software like this is a violation of various patents and is circumventing copyright mechanisms, so thus would be fair game under the DMCA...

I also wonder if they bothered getting proper licenses for those products anyway. Might be a fun lawsuit to see the government hoisted up by shitty laws they rushed through...

0
2
Silver badge

Re: Sue them under the DMCA?

Won't happen. Any lawsuit filed against the government or one of it's agencies has to be "approved" by the government before it can go to court. There's not been many, if any, that have been "approved" over the years.

3
0
Anonymous Coward

Re: Sue them under the DMCA?

What country are you in? Here in the UK the Government gets taken to court a LOT, across all its public sector agencies.

The Government and the judiciary are separate systems. The government pays for the Judiciary, and passes laws that the Judiciary uphold. But the Judiciary decisions are independant of Government, is tbe model.

Now, if you want a public Criminal prosecution, rather than private Civil, then CPS comes into play. They do decide if it reaches the courts or not. They are also supposed to be independent, but they can listen to Government opinion on that...

0
0
Silver badge
Facepalm

Re: Sue them under the DMCA?

The whole point of the article is that they asked for a warrant to bypass the legal restrictions on reverse engineering.

Also the DMCA contains a law enforcement/intelligence services free pass.

Oh, and the DMCA is a USA law, and this is GCHQ we are talking about.

2
0
Silver badge

Re: Sue them under the DMCA?

Ah.. I'm in the US. We can sue but fat chance the case will ever be heard. Given the way all the governments are acting.. bad assumption on my part. My bad and I'll go stand in the corner.

0
0
Silver badge

Re: Sue them under the DMCA?

"Also the DMCA contains a law enforcement/intelligence services free pass."

Yeah, US intelligence services and Law Enforcement...

"Oh, and the DMCA is a USA law, and this is GCHQ we are talking about."

So sue GCHQ in a US federal court. People use those courts to sue foreign countries all the time. Or maybe in Texas's courts, who just love copyright laws.

But overall, I just want to see it happen, I am not saying it would produce any sort of benefit for anyone, just a symbolic gesture to the GCHQ that breaking our security products is uncool.

0
0
Anonymous Coward

You act like...

...it's wrong to catch and prosecute perps.

0
3
Silver badge

Re: You act like...

Not at all. But it IS wrong to treat the entire population as perps-in-waiting by spying on them all the time.

4
0
Silver badge

Bugger of a Blot on the Landscape which paints Parliamentarians as Co-Conspirators?

You act like it's wrong to catch and prosecute perps. ... AC

It does appear to be considered wrong in certain perverse and corrupt circles, although it is taking the hiding in full sight defence strategy to ridiculous extremes which are bound to fail .........http://www.independent.co.uk/news/uk/politics/lord-janner-abused-children-in-parliament-claims-labour-mp-simon-danczuk-10340214.html

1
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017