NSA and GCHQ target security firm including Kaspersky

Pierluigi Paganini June 23, 2015

Documents leaked by Edward Snowden show the NSA and the GCHQ efforts to compromise security software companies including Kaspersky Lab.

 A new collection of documents leaked by the popular whistleblower Edward Snowden reveals that both UK and US government intelligence agencies are targeting principal security firms and security companies. Kaspersky Lab calls nation-states’ targeting of security companies ‘extremely worrying.’

If confirmed, the circumstance is really disconcerting, nation-state hacking against security firm makes security systems worldwide weaker. According to Snowden’s documents published by The Intercept, the NSA and the GCHQ have hacked information security companies from as far back as 2008.

“The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report.” states the post published by The Intercept.

The list of companies hacked by the intelligence agencies is long and includes prestigious names like Kaspersky Lab, F-Secure, ESET, Avast, BitDefender, AVG, and Checkpoint.

“The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.” states The Intercept.

NSA spying on Kaspersky and other firms

GCHQ reverse-engineered Kaspersky’s defensive software searching for vulnerabilities to exploit to avoid detection. The NSA also spied on Kaspersky Lab experts, in particular the US intelligence was interested in accessing inbound email messages looking for customers’ reports of new malware.

“The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities. The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack.” continues The Intercept.


The documents leaked by Snowden comes a few weeks after the discovery of a sophisticated malware-based attack against the Kaspersky Lab. The company discovered a new strain of Duqu malware, Duqu 2.0 that had compromised its corporate network.

As remarked by Eugene Kaspersky, CEO of Kaspersky, it is extremely worrying that intelligence agencies are targeting security companies working to subvert security software that is designed to secure systems worldwide.

Intelligence agencies contribute making the cyberspace a dangerous place!

Pierluigi Paganini

(Security Affairs – Kaspersky, Intelligence)

you might also like

leave a comment