Department of Roosting Chickens: The NSA and GCHQ

The fact that chickens usually come home to rest and sleep has long been known, but the idea was used figuratively only in 1809, when Robert Southey wrote, “Curses are like young chickens, they always come home to roost” (The Curse of Kehama).

Documents leaked by Edward Snowden from the National Security Agency and the United Kingdom’s Government Communications Headquarters (GCHQ) show that the two spy agencies— GCHQ in particular—targeted antivirus software developers in an attempt to subvert their tools to assure success in computer network hacking attacks on intelligence targets. Chief among their targets was Kaspersky Labs, the Russian antivirus software company.

That’s right. Your tax dollars were used by the United States to write software to make your personal computer less safe.

And it worked. In fact, it is working in ways that the NSA and GCHQ never intended.

Through their hacking efforts,1 NSA and GCHQ successfully developed malware which anti-virus tools couldn’t detect. The spy agency tools subverted the protections. By spying on emails between anti-virus companies and their customers, by illegally reverse-engineering the anti-virus software and by hacking into those companies’ own development systems the spy agencies built malware that could not be detected. Some of the malware was very nasty stuff.

And then used it to spy on nations, corporations and individuals who thought they were protected by anti-virus software.

The problem with computer spyware is that once it is out there in the wilds of the Internet, anyone can find it and adapt it to their own purposes. Nor was either spy agency shy about sharing it. There are credible reports, for example, that there are Israeli-sponsored efforts using the malware that the NSA and GCHQ built. And there are indications – it’s difficult to get hard data on this – that the tools being used by the suspected Chinese hackers to crack federal records derive from the NSA’s and GCHQ’s malware.

So  Robert Southey was exactly right; the chickens really do come home to roost. The tools developed illegally and unethically by the United States and Great Britain are being used to steal secrets from the United States. If there weren’t millions of victims, it would almost be funny. But it isn’t all that amusing: once again, the U.S. and its clumsy spying have created a greater problem than it originally set out to address.

  1. WC is admittedly simplifying here. If you want the coding details, visit The Intercept’s article breaking the story, or see Ars Technica’s report