back to article GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely …

  1. Destroy All Monsters Silver badge
    Trollface

    Notably, US-based vendors McAfee and Symantec and Britain's own Sophos are nowhere to be seen.

    Any idea why....

    1. Antonymous Coward
      Pint

      Kaspersky Lab was singled out in the report, with the NSA and GCHQ paying special attention to studying its software for weaknesses.

      In 2008, GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations and stated it needed to reverse engineer it to find ways to "neutralise the problem".

      Kaspersky's marketing people must be mildly pleased by these latest "revelations." Can't imagine they could have phrased it any better themselves.

      1. Sensi

        What a ludicrous conspiracy theory... 4 clowns and counting voted that garbage up: scary to think they may even dare to vote...

        So in your implicit delusion "Kaspersky's marketing people" planted a 2008 GCHQ warrant for some 7 years late staged marketing ploy involving Snowden and Greenwald unveiling his leaks: your tin foil hat is showing.

        1. Anonymous Coward
          Anonymous Coward

          @Sensi - I don't believe anyone mentioned planting things. However, GCHQ have now officially called Kaspeski software effective; therefore endorsing it, albeit they didn't realise that the docs would spread at the time. That's going to make it easier to sell (and I know I would be sending an "As endorsed by GCHQ" campaign to the printers right about now were it down to me). Their product being made easier to sell pleases marketing people. No conspiracy required.

          1. g e

            Errrr WTF?

            No.

            Their marketing people must be pleased because an org like GCHQ complaining that software like Kaspersky's is making life infecting computers for their own ends awkward is great marketing copy.

            Makes me want to avoid Sophos and McAfee at all costs, though, conversely. Perhaps their marketing conspiracy just collapsed?

            1. Roo

              Re: Errrr WTF?

              "Makes me want to avoid Sophos and McAfee at all costs, though, conversely. Perhaps their marketing conspiracy just collapsed?"

              I would be hugely surprised if you weren't already avoiding McAfee. :)

          2. Sensi

            @moiety

            The OP appeared to do just that putting quotes around "revelations", or maybe i misread it and if that is the case: my bad.

            1. Anonymous Coward
              Anonymous Coward

              I'm not sure why "revelations" had quotes round it either. It was probably sarcasm but that might have been El Reg's commentards generally favourable reaction to Saint Snowden (and would have also explained the use of the word revelations). That was how I saw it anyway.

              I don't see any way for it to be a marketing stunt, unless Kaspeski has some way of interfering with Snowden releases; which seems unlikely. Having happened, though, and Kasperski having being singled out as a program that makes pwning computers difficult is definitely a gift to the marketing people. Making computers difficult to hack is more or less the entire point of the software and if Kasperski don't run with it I'd be quite surprised.

              I didn't downvote you by the way. I rarely do, unless something really pisses me off or unless the word 'sheeple' is used in apparent earnestness.

            2. Doctor_Wibble
              Meh

              An upvote for Sensi for the admission but a verbal (and entirely hypocritical) downvote for using the expression "my bad"...

              Therefore the icon of 'Meh' to represent the perfect balance of good and evil.

              1. Anonymous Coward
                Anonymous Coward

                > ...downvote for using the expression "my bad"...

                I know these archaic linguistic expressions can be confusing to those who haven't studied them, and indeed are often seen as a bit pompous. However, be assured its meaning is similar to "mea culpa".

        2. Anonymous Coward
          Anonymous Coward

          Goodness me Sensi. Humour bypass, much?

          It made me chuckle. Whilst (obviously) there was no conspiracy here, I agree that it is a nice endorsement tor Kas.

        3. Doctor Syntax Silver badge

          @Sensi

          What part of the word "could" did you fail to understand?

    2. This post has been deleted by its author

    3. John Brown (no body) Silver badge

      "Notably, US-based vendors McAfee and Symantec and Britain's own Sophos are nowhere to be seen.

      Any idea why...."

      NSA aren't allowed to their own nationals so did everyone elses. Then they swap data with GCHQ

    4. tom dial Silver badge

      What springs first to my mind

      is that McAfee may be thought of by others much as I think of it - a black hole for CPU cycles that drains the life out of a PC. When the agency I worked for installed it we figured out in short order that tolerable performance could be had only with a multi core CPU and plenty of memory. Some applications (Oracle development tools, as I recall) took over half an hour to start up unless they were "trusted" and excluded from the scan.

      Then again, maybe the agencies have an in with some manufacturers, or the design of the products is such as to make reverse engineering unnecessary.

    5. Roj Blake Silver badge

      "Any idea why...."

      Presumably because products created by those companies have built-in back doors.

      1. Tom -1

        Built in back doors, certainly. But it's quite possible that they weren't intentional back doors. Maybe McAfee is as competent at making its AV secure as it at making it not screw up performance? That would surely guarantee a reasonable number of back doors? More than a decade ago I persuaded my employer (with help from the sysops team) to ditch Symantec and adopt Trend on the grounds that doing so would vastly improve security an singnificantly reduce costs, and no-one has ever suggested to me that Symantec has at any time reached anything like the same security capability as Trend or Kapersky.

  2. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      The major US and UK ones, yes. It's the minor players, the Europeans and Russkies that are "a problem".

      It seems logical that you shouldn't be using Kaspersky if you've anything to hide from the Russian authorities or their oligarch mates, but they should be a better bet than (say) Symantec if you wanted to reduce your exposure to snooping by the NSA.

      A better approach than relying on security software to defend your secrets is to not connect your private computer systems to the internet. Whilst there's plenty of ways of bridging an air gap, they are only likely to be used for known + high value targets.

      1. Anonymous Coward
        Megaphone

        >A better approach than relying on security software to defend your secrets is to not connect your private computer systems to the internet.

        Yes yes that's fine for the State Department (although they are too stupid to do it completely as shown by Manning) but some of us actually enjoy using the internet for our home computers. As a compromise for example I do banking solely off an encrypted usb stick that boots into OpenBSD (both secure and also obscure) with no other software but what is necessary to login to my bank (including necessary security browser addons). I don't even know my bank passwords (which are random 20+ characters) and never enter them directly as I use keepassx which stores them encrypted locally only. Tails OS is also a good option but I like OpenBSD. I use another BSD as my main OS off the hard drives. Again secure (fairly) obscure and best of all no systemd or svchost.exe or vital need for antivirus (other than clam for an occasional paranoid scan).

        1. Tom Chiverton 1

          " I don't even know my bank passwords"

          Go directly to jail. Until you can tell the judge your password.

          1. asdf

            wow

            Can't believe I am saying this living in the land of the free (for corporations) but the US are actually a bit more progressive on this for once. It seems to still be ambiguous and on a case by case basis if a judge can hold you contempt for not do so as opposed to being enshrined in law like in the UK.

      2. Tom -1

        Kapersky works together with law enforcement and security agencies in countries round the world, including in the USA, Japan, the UK and several other European countries, also with Interpol and Europol. Maybe they are quite safe to use to deny access to your data by the Russian state, and maybe not. For some other AV vendors I might say are maybe quite safe to use to deny access to the average script kiddy, and maybe not.

    2. Anonymous Coward
      Anonymous Coward

      Methinks that's the point.

      Those "agreements" being "agreed" with all the major vendors falling under those governments control. That would appear not to include the major Russian vendor then.

  3. Tromos
    Joke

    "spooks reverse-engineered software products in order to obtain intel"

    They fell for the label that said 'intel inside'.

    1. Anonymous Coward
      Pint

      Re: "spooks reverse-engineered software products in order to obtain intel"

      Well played.

    2. Anonymous Coward
      Pint

      GCHQ ... described Kaspersky software as an obstruction to its hacking operations

      The best marketing that money can't buy.

    3. Anonymous Coward
      Anonymous Coward

      Re: "spooks reverse-engineered software products in order to obtain intel"

      Nice one, Tromos :)

  4. Frank Bitterlich
    Big Brother

    The definition of "security"

    So, some security agencies are trying to disable security software in order to keep us all secure (from whatever threat of the day may be). And some of these security software companies apparently don't need to be fought/hacked/persuaded for unclear (read: obvious) reasons.

    Seems to me that there are a number of different definitions of "security" out there.

    "I go down to Speaker's Corner I'm thunderstruck [...] Two men say they're Jesus – one of them must be wrong..."

    1. Anonymous Coward
      Anonymous Coward

      Re: The definition of "security"

      There's 2 definitions: There's the normal one; which everybody else uses; and there's the spook's definition; which means that they are secure and fuck everybody else.

      1. Anonymous Coward
        Unhappy

        Re: The definition of "security"

        I've already beaten this horse to death, but one more time....These sigint agencies are doing more damage to actual IT security than any hacker collective could do.

        "Let's take working AV software and compromise it. What's the worst that could happen?"

  5. Anonymous Blowhard

    Ringing Endorsement?

    "GCHQ released a warrant which described Kaspersky software as an obstruction to its hacking operations"

  6. WonkoTheSane
    Pirate

    Time to write our OWN antivirus program

    With Blackjack. And hookers!

    1. Anonymous Coward
      Anonymous Coward

      Re: Time to write our OWN antivirus program

      The dream of Open Source endures!

      1. Anonymous Coward
        Anonymous Coward

        Re: Time to write our OWN antivirus program

        Like this?

  7. scrubber
    FAIL

    Prioties

    So... While the best and the brightest computer whizkids that the state could hoover up where engaged in breaking security and spying on (mostly) law-abiding citizens, the Chinese managed to hack into government computers and steal the very private details of 18 million citizens.

    Bravo chaps, well played. What's next? While cracking down on pornographic material coming in from Europe you miss a massive paedophile ring in Parliament...

    (I know GCHQ and the NSA are different agencies, but they're effectively the same team now.

    1. fajensen
      Angel

      Re: Prioties

      Who *knows* that the Chinese *actually* "hacked into ..."?

      Would it not be easier that the Chinese simply asked for a little favour in return for something. Perhaps a password or even a private VPN to the inside of the firewall from some of the rice-bowl-a-day techies at the outsourced data processing facility in Bangalore or whatever - 1500 quid will go a long way in the 3'rd world and it's knot that the techies are any dumber "there" than "here", they also know that their job can always go to a cheaper place, so .... What Loyalty, Exactly!

      There is also the problem that China trains and educates 250000 engineers per year; it would be strange if not 2500 of these are really good, 250 of those really love their country above all others and maybe 100 of these travel to "The West" to work at leading tech businesses. cdr150622

    2. Roo
      Windows

      Re: Prioties

      "Bravo chaps, well played. What's next? While cracking down on pornographic material coming in from Europe you miss a massive paedophile ring in Parliament..."

      You may be being unfair there. There is plenty of evidence to support the hypothesis that the establishment were are actively suppressing any investigation and prosecution of themselves. I am surprised that our allegedly free press and democratically elected MPs have not made more of the fact that evidence and investigations are being systematically buried until the day after the perps are buried.

  8. Roo
    Windows

    And yet we still have people making assertions such as the following found in an el Reg comment section just 9 days ago:

    "But plainly turning off our anti-malware software today is nonsense."

    It is now official: switching off AV software is the first step to securing your system...

    1. Sir Runcible Spoon

      "It is now official: switching off AV software is the first step to securing your system..."

      I installed Norton once, I had to leave the room and nuke it through the window. Never again.

      I monitor my outbound connectivity and CPU processes for anything suspicious and turn off everything that isn't immediately required in my browser.

      I've never had a virus, only the odd bit of adware etc, and those fscking toolbars got installed once when I was in a rush - so I must be getting old. With that in mind I'm moving to a VM based solution and just run a vanilla Vista image to browse the net. If it gets infected it's gone when I shut the thing down.

  9. Amorous Cowherder
    Facepalm

    "We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our profits if customers start dropping our products cos they suspect their government spooks might be spying on them through our software."

  10. Crazy Operations Guy

    Sue them under the DMCA?

    As most companies would argue, reverse-engineering software like this is a violation of various patents and is circumventing copyright mechanisms, so thus would be fair game under the DMCA...

    I also wonder if they bothered getting proper licenses for those products anyway. Might be a fun lawsuit to see the government hoisted up by shitty laws they rushed through...

    1. Mark 85

      Re: Sue them under the DMCA?

      Won't happen. Any lawsuit filed against the government or one of it's agencies has to be "approved" by the government before it can go to court. There's not been many, if any, that have been "approved" over the years.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sue them under the DMCA?

        What country are you in? Here in the UK the Government gets taken to court a LOT, across all its public sector agencies.

        The Government and the judiciary are separate systems. The government pays for the Judiciary, and passes laws that the Judiciary uphold. But the Judiciary decisions are independant of Government, is tbe model.

        Now, if you want a public Criminal prosecution, rather than private Civil, then CPS comes into play. They do decide if it reaches the courts or not. They are also supposed to be independent, but they can listen to Government opinion on that...

        1. Mark 85

          Re: Sue them under the DMCA?

          Ah.. I'm in the US. We can sue but fat chance the case will ever be heard. Given the way all the governments are acting.. bad assumption on my part. My bad and I'll go stand in the corner.

    2. Justicesays
      Facepalm

      Re: Sue them under the DMCA?

      The whole point of the article is that they asked for a warrant to bypass the legal restrictions on reverse engineering.

      Also the DMCA contains a law enforcement/intelligence services free pass.

      Oh, and the DMCA is a USA law, and this is GCHQ we are talking about.

      1. Crazy Operations Guy

        Re: Sue them under the DMCA?

        "Also the DMCA contains a law enforcement/intelligence services free pass."

        Yeah, US intelligence services and Law Enforcement...

        "Oh, and the DMCA is a USA law, and this is GCHQ we are talking about."

        So sue GCHQ in a US federal court. People use those courts to sue foreign countries all the time. Or maybe in Texas's courts, who just love copyright laws.

        But overall, I just want to see it happen, I am not saying it would produce any sort of benefit for anyone, just a symbolic gesture to the GCHQ that breaking our security products is uncool.

  11. Anonymous Coward
    Anonymous Coward

    You act like...

    ...it's wrong to catch and prosecute perps.

    1. John Brown (no body) Silver badge

      Re: You act like...

      Not at all. But it IS wrong to treat the entire population as perps-in-waiting by spying on them all the time.

    2. amanfromMars 1 Silver badge

      Bugger of a Blot on the Landscape which paints Parliamentarians as Co-Conspirators?

      You act like it's wrong to catch and prosecute perps. ... AC

      It does appear to be considered wrong in certain perverse and corrupt circles, although it is taking the hiding in full sight defence strategy to ridiculous extremes which are bound to fail .........http://www.independent.co.uk/news/uk/politics/lord-janner-abused-children-in-parliament-claims-labour-mp-simon-danczuk-10340214.html

    3. Anonymous Coward
      Anonymous Coward

      Re: You act like...

      You act like...

      ...it's wrong to catch and prosecute perps.

      You act like…

      …it's right to smash the windows of your car/house in to do a search of your property and belongings without a warrant.

  12. x 7

    "However US-based vendors McAfee and Symantec and Brit-based Sophos were notable by their absence"

    Simple reason for that - all three are bloody useless at detecting malware and viruses in the real world. GCHQ / NSA don't need to "beat" them. Strange really - Sophos have some really sharp people working for them and are always on top of the latest threats.....but somehow that knowledge never gets transferred to "in the field" protection

  13. iLuddite

    on the other hand

    The alphabet agencies cannot protect government data, cannot help corporations protect their data, and apparently cannot knock barbarians off the internet. Perhaps we over estimate them.

    1. Roo
      Windows

      Re: on the other hand

      "The alphabet agencies cannot protect government data, cannot help corporations protect their data, and apparently cannot knock barbarians off the internet. Perhaps we over estimate them."

      Nah, I think they are oversold by people who want to eliminate privacy.

  14. Chairo
    Flame

    Doesn't this fit nicely

    to this story about Microsoft implementing a new "Antimalware Scan Interface" (AMSI) in Windows 10, that will effectively hand over all opened documents unencrypted to the installed AV product?

    How convenient!

    1. Roo
      Windows

      Re: Doesn't this fit nicely

      Indeed.

      The down voters won't present a rational counter-argument because they don't have one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like