Activist hacker group Wikileaks has released a trove of documents outlining the CIA's efforts to crack antivirus software, and it's not pretty
PARIS—Throughout the 8,000 pages of purported Central Intelligence Agency hacking data released March 8 by WikiLeaks are reviews of some of the world’s most popular antivirus products.
CIA experts are quoted taking potshots at antivirus firms, suggesting the American intelligence agencies are keenly aware of flaws in the products meant to be keeping us all safe online.
The data published by WikiLeaks isn’t systematic enough to draw firm conclusions about the reliability of one product or another, and the uncertain dates means the CIA’s critiques provide more of a snapshot than an overview.
Still, the posts show America’s top cyberspies aren’t particularly impressed with commonly used security software. Here’s a few entries:
The CIA appears to give mixed praise to the antivirus solution by Comodo, a self-described “global leader in cyber security solutions.”
One post by an apparent CIA hacker published by WikiLeaks said Comodo is “a colossal pain in the posterior. It literally catches everything until you tell it not to.”
Just don’t upgrade to Comodo 6.
That version “doesn’t catch nearly as much stuff,” the hacker appears to say, describing a particularly glaring vulnerability as a “Gaping Hole of DOOM.”
Melih Abdulhayoglu, Comodo’s chief executive, emphasized the first part of the post, saying that being called a pain by the CIA was “a badge of honour we will wear proudly.” In a statement, he said that the trick described by the CIA was obsolete. Comodo 6 was released in 2013; Comodo 10 was released in January.
This is one of the world’s leading providers of endpoint protection. But it may not keep you safe from the CIA.
A flaw in the code “enables us to bypass Kaspersky’s protections,” according to another CIA hacker.
Founder Eugene Kaspersky dismissed the comment, saying in a Twitter message that the flaw identified in the CIA leak was fixed “years ago.”
A statement from his company said a second flaw apparently identified by the agency was fixed in December 2015.
The CIA apparently has a neat trick to defeat AVG that was “totally sweet.” As for Avira, a CIA hacker appears to say the German-engineered antivirus product is “typically easy to evade.”
The Netherlands-based Avast, AVG’s owner, said it was preparing a statement on the disclosure. Avira said in a statement that it had fixed what it described as “a minor vulnerability” within a few hours of the WikiLeaks release.
It added that it had no evidence that any of its users had been affected by the bug.
One CIA hacker appeared to be particularly scathing about this Finnish firm’s security software. It’s a “lower tier product that causes us minimal difficulty,” one post said.
F-Secure noted that the company was described elsewhere , along with Avira, as an “annoying troublemaker.” It said there was a broader point to be made about the CIA’s apparent decision not to warn anti-virus companies about the flaws in their products.
The agency “considered it more important to keep everybody unsecure … and maybe use the vulnerability for its own purposes or counter terrorism purposes,” F-Secure’s chief research officer Mikko Hypponen said in a statement.
The posts aren’t complete for Bitdefender, a Romanian antivirus product, but it seemed to cause CIA hackers a lot of trouble.
One post appears to suggest that Bitdefender could be defeated by a bit of tinkering.
Or maybe not.
“Alas, we’ve just tried this,” a response to the post said. “Bitdefender is still mad.”
Bitdefender’s Marius Butechi said the only conclusion to draw was that “we are detecting the CIA tools.”