New Snowden Leaks Show NSA Attacked Anti-Virus Software 98
New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.
Re: (Score:2)
Only if they make the vulnerabilities known to the AV makers and (after a suitable period) to the general public so as to ensure that the US/UK populations are protected.
If they can crack it, so can other groups.
Wow. Just wow (Score:2, Insightful)
The NSA and GCHQ were doing their jobs!
Re:Wow. Just wow (Score:5, Insightful)
The NSA and GCHQ were doing their jobs!
That was essentially my thought. These organizations' charters include being able to attack adversaries if necessary, and they were looking into methods of attack. Where is the surprise? The technical arm of every other country's spy agencies are doing the exact same thing, though perhaps with less ability, so explain to me what about this is news?
Re: (Score:2)
Service announcement: we already have another story [slashdot.org] for GHCQ aliases wanting to talk to themselves.
Re: (Score:1)
They are intentionally weakening the protections we use to keep ourselves safe. Our government(s) excuse is that they are keeping us safe by doing it. That's not how reality works; maybe we should just realize that they are directly attacking citizens and are beyond power hungry.
Re:Wow. Just wow (Score:4, Insightful)
They are intentionally weakening the protections we use to keep ourselves safe.
No, the weaknesses were created by the AV vendors, not the NSA and GCHQ. Do you also object to other security researchers looking though code for weaknesses, and when they find something say they are weakening the software's security? (Unfortunately there are some companies that have tried that). The difference here is mainly in what is done with the knowledge once found, and what these organizations are doing with it is consistent with their missions. In the industry it is called equities [schneier.com], namely deciding what is in the nation's best interest, whether to reveal a flaw so it can be fixed, or keep it secret so it can be used against an adversary.
Re: (Score:3)
Now that's still no guarante
Re: (Score:1)
Good point. Somehow all the attention focussed on Kaspersky makes me think that they are not duty bound in any way to western intelligence. They have the resources to harden their software. Unfortunately it comes down to a matter or trust. Do you trust Kaspersky because they are not in the big 5 or do you trust the home grown product?
In the end I don't trust any of them, but I run Kaspersky to stop virii and most malware on a critical Win machine. It just makes me angry that security, lo that the net itself
Re: (Score:1)
It baffles me when people complain terrorists blow things up. The guys are just doing their jobs, and that makes them immune to criticism.
Sounds like Kaspersky is the software to use. (Score:1)
Unless you're using a Mac. According to the Apple genius, you don't need AV software. I was told that earlier this year on the exact day where Mac OS has been hit badly by malware.
Re: Sounds like Kaspersky is the software to use. (Score:3, Informative)
Um yeah... You might want to check your facts Fanboi.
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
Re: (Score:2)
Another way to put it, I don't know of any mac av products that add any sort of value that exceed the hit to resources. Is there a rational av solution that is not based in FUD?
Re: (Score:2)
I'm using a PC and I don't need AV software. I occasionally install AVGFree when 'something is acting funny' just to make sure (to date only once was it a remote-jack virus) or if I accidently clicked through an Ask.com toolbar installation on the latest bundle of aTube Catcher that I downloaded. Otherwise, I've been fine. Stay away from shady websites and don't install every *.exe you run across and you'll be fine
That's no domestic surveillance (Score:3, Insightful)
Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
Re: (Score:1)
World is not only USA
Re: (Score:3)
>No, but it does highlight just how much crap was happening, just how much everyone else in the world needs to stop trusting American (or any other) spy agencies,
Because you were trusting spy agencies before?
>and how whiny and idiotic Americans sound when they complain about China hacking them.
Of course people will complain. Everytime something happen to a country that is caused by another country, people will complain. How this is "whiny and idiotic" is beyond me. Complaining is a form of soft power.
Re: (Score:3, Insightful)
Who the fuck said it was? Americans have no fucking right to be fooling around with our computers and phones!
Re: (Score:1)
2 sentences, two "Fucks". Pretty good average. Shows passion.
Not as fucking good as this fucking one, you brainless fucktard.
Re: (Score:3, Informative)
>Who the fuck said it was?
People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
>Americans have no fucking right to be fooling around with our computers and phones!
"Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
Reality (Score:2)
Life is not a comic book! or a movie or even a book. Even with additional dimensions (to which a book can offer more,) real life contains more aspects than even a "complex" fictional villain.
Re:That's no domestic surveillance (Score:5, Insightful)
As one of those people, I'm very willing to forgive Snowden (and the journalists who are sorting through/releasing the info) if he accidentally mixed some disclosures of legitimate* NSA actions in with the many, many illegitimate ones.
Important caveats:
Re: (Score:2)
Fuck off, fascist.
Re: (Score:2)
We both know damn well you had no interest whatsoever in a "quality argument." If you had, I would have given you one.
Re: (Score:2)
Every instance of NSA surveillance that affects even a single person within the borders of the United States is illegitimate and illegal (specifically, a violation of the Fourth Amendment).
Re: (Score:3)
How about an example?
There's no "rights" until it's your rights getting fucked with. Then, you'll be surprised at how fast there are "rights".
Re: (Score:2, Insightful)
Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
Short attention span of American citizens confirmed! Easily distracted dolts like you are the no. 1 reason why the US government is able to get away with trashing the Constitution.
Re: (Score:3)
I'm not an american citizen.
Re: (Score:1)
Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
- ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
Re: (Score:3, Insightful)
More importantly once a virus is targeted at someone, anyone, that virus is released into the wild, where it will be captured, decoded, recoded and sent back out to commit crimes. Basically you have organised crime going on in security organisation meant to be upholding the law and as a result supplying those viral tools to criminals to be used against the citizens those security organisations are meant to be protecting.
Quite simply a global mass extortion campaign targeted at all sitting and potential p
Vietnam (Score:4, Insightful)
'It became necessary to destroy the town to save it'
Re: (Score:1)
> ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
Of course they are. But nothing in the article says that this is used in the context of the domestic surveillance programs - in fact it would be surprising if it was.
Re:That's no domestic surveillance (Score:4, Insightful)
Re: (Score:2)
The scandal is that AV software is being crippled, which reduces the security of US citizens. Any deliberate flaws in the software will be found an exploited by other people as well, e.g. Chinese security services and black hats. Like deliberately weakening encryption, the NSA and GCHQ and endangering their own people by doing this.
Also, the attacks on Kaspersky using state sponsored malware are evidence of the mounting cyber cold-war that the US is waging. US hypocrisy on cyber attacks and spying has been
Keep that Hockey Helmet ON! (Score:1)
This should not be rated insightful, it should be rated "Person posting must wear protection walking in hallways!"
Anyone using any of these AV products domestically were being targeted as well as the companies the NSA was hacking for the explicit purpose of circumventing protection. Eset, Kaspersky, F-Secure, Checkpoint, et.al. are protecting at least as many US people as the US made counterparts (interestingly only 2 companies were allegedly not targeted. If you don't at least consider the possibility of
Re: (Score:3, Insightful)
We're all citizens of the world, buddy. For someone with a six digit UID you should know that the internet has gone quite far in erasing international borders (Or at least blurring them a whole lot)
I don't care what's technically legal. I don't want the NSA attacking countries that are supposed to be friendly. We all live on this wet rock floating in space. That harms comes back to us. Comes back to me and my family.
Worse, you're really missing the point. It's become quite clear the NSA is working for someo
he really screwed up these releases (Score:2)
Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
He really screwed up the release of these documents. He needed to compile all the worst offenses and release them back to back to back. A year ago or so when he released the most damning one, Congress started fussing, but then he went quiet for another several months. Releasing it slowly allowed the public opinion to warm up to the idea of it, instead of adding fuel to fire we were trying to hold the NSA's feet to.
Now, the opportunity is lost, and will never be had again, except for maybe in the new country
Re: (Score:1)
nothing to do whatsoever with domestic surveillance.
Considering that American & UK anti-virus programs weren't targeted, that implies they already have in-built backdoors - which can easily be used for surveillance, whether domestic or international.
No wonder AV is so slow... (Score:5, Funny)
1) Get full copy of file to scan in memory
2) Check file for viruses
3) Send complete copy to national HQ, er, I mean, check the AV database
4) Open file
Re: (Score:2)
I think you missed the point... :-)
If you use an anti-virus its domestic surveilance (Score:5, Insightful)
If you dive into the article you'll see that all AntiVirus vendors are listed as "targets" except for the few that are U.S. and British based - presumably because they've already co-opted them into the Five Eyes Stasi population surveillance business group. This also shows the direct betrayal the NSA and Co. made years ago for the U.S. population (after the U.S. citizenry democratically said No to the Clipper Chip and U.S. government surveillance of their communications / computing related equipment). The NSA etc. betrayed that democratic choice in secret and deliberately kept hidden and has / is working for absolutely wide open computer / backbone equipment access for them & their Five Eyes partners with back doors in everything (even in your anti-virus software as this article shows) so they can spy on whomever, whenever, wherever they want (and we know that include lots of domestic surveillance). That also means the NSA chose this everything is vulnerable environment for the "bad guys" too - as back doors are open for everyone - another direct betrayal of the main computer related interest of the U.S. citizenry. JMHO...
Re: (Score:1)
That is a rather huge leap. They may well have read the article but are just too stupid to comprehend it. ;-)
"Attack"? (Score:4, Insightful)
Tsk Tsk. (Score:2)
"bath salts", you know, for your "bath" (Score:5, Interesting)
NSA Attacked Anti-Virus Software
And ya'll laughed at John McAfee and called him crazy!
I still laugh at him because he's crazy (Score:2)
which doesn't change the facts that when he looks towards Washington and spits, he's right.
One sentence. (Score:2)
already known (Score:2)
Antivirus and CompuSec Experts are Learning (Score:3)
What Voltaire taught long ago:
Il est dangereux d'avoir raison dans des choses où des hommes accrédités ont tort.
("It is dangerous to be right when established men are wrong.")
Re: (Score:1)
("It is dangerous to be right when established men are wrong.")
The phrase has no meaning to it, as it's equally dangerous to be wrong when established men are right or wrong along with you.
Fall not for catchy phrases, as they irrationally sway opinion. The rationalist is content with his own observation.
captch: Axioms
Who do we trust for AV? (Score:2)
I run AVG Free, and I'm wondering, should I be? Is there an AV that I can trust? One that won't be compromised by some governement?
Re: (Score:1)
Security is a process, not an application. No, there is no AV you can completely trust. Not a single one - even if you wrote it yourself there is a compiler that you did not write on an operating system that you did not write. Trust is something you give as little of as possible. So, be careful what you download, do not have things run at higher privileges than required, pay attention to your system to look for anomalous behaviors, and be weary of what you download.
I, myself, use a backup tool from Acronis