UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime researcher and hacker better known as Mudge in security circles, announced […]
Tag Archives: Government
Avast CEO speaks out about U.S. and U.K. spy agencies
For as long as there have been governments, there have been spy agencies, and for as long as there have been spy agencies, they’ve done spying. Spy agencies are always looking for ways to get information. Information is valuable, always has been, always will be. ~Avast CEO Vince Steckler
New documents from the many that were leaked by former US intelligence analyst Edward Snowden were published this week in The Intercept. They reveal that the U.S.’s National Security Agency (NSA) and its British counterpart, Government Communications Headquarters (GCHQ), spied on security companies including Avast, AVG, Kaspersky Lab, and Antiy. The spy agencies seem to be targeting non-American security companies; Avast and AVG are based in Prague, Czech Republic; Kaspersky is based in Moscow, Russia; and Antiy is Chinese. Together, these companies have nearly a billion users. No U.S. or U.K. -based companies were included in the list.
“Geopolitically, it makes sense that the NSA and GCHQ are targeting products that are prevalently used by foreign governments, like Kaspersky in Russia or CheckPoint in Israel,” said Steckler in an interview with RT News. “On the flip side, Russian or Chinese spy agencies may be similarly targeting products that the American government heavily uses, for example Symantec and McAfee. We’re hearing just one side of the story.”
Reportedly, the NSA and GCHQ experts reverse engineered the antivirus software in order to exploit it and prevent detection of their own activities.
“It is difficult to tell if the NSA, the GCHQ, or other government agencies have ever tried to reverse engineer our software,” said Steckler. “Even if they did, they would only be able to do so on the client side, which includes simple pattern detection. However, they could not reverse engineer our backend, which includes our sophisticated machine-learning classification.”
The documents also say that the organizations recommended monitoring customers who reported malware “to see if they’re into more nefarious activity.”
While some companies most likely partner with the governments in their home countries, that’s not something Avast does.
“The fact that the NSA may be targeting us – while some major U.S. and British security companies are left out from their list proves that we don’t work with the NSA and GCHQ,” said Steckler. “Ones not on the list quite likely provide their source code and thus there is no need to reverse engineer. Our commitment to our customers is to provide protection from all forms of spying.”
Mr. Steckler spoke to RT News, a Russian television network, about the new revelations. Watch the interview now,
NIST Drops Weak Dual_EC RNG From Official Recommendations
NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
Facebook Hires Ex-Yahoo CISO Alex Stamos
Facebook has hired away the top security executive at Yahoo, Alex Stamos, to become the company’s new CSO. Stamos said Wednesday that he is joining Facebook because he believes the company is in the best position to address some of the large security challenges facing users and companies right now. “There is no company in […]
Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates
A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services.
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy Report
Major telecoms like AT&T and Verizon continue to lag behind in the Electronic Frontier Foundation’s annual “Who Has Your Back” report.
Reddit to Move to HTTPS-Only
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the […]
OPM Breach Dates Back to December
The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM’s network. During a hearing on Capitol Hill Tuesday to address the […]
Amazon Transparency Report Shows Few Requests For User Data
Amazon has released its first transparency report, and for a company as large as Amazon, there is surprisingly little in the way of detail or explanation in the report. The company reported that it received 813 subpoenas, 25 search warrants, and 0-249 national security requests. Of the 813 subpoenas Amazon received in the first five […]
US Navy Soliciting Zero Days
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.