Edwardsnowden.com recently released an internal document titled “An Easy Win: Using SIGINT to Learn about New Viruses”, which details the “Camberdada” program, a plan implemented by US and UK intelligence agencies since 2007. This program primarily monitored targets, including Russia’s Kaspersky Lab, to obtain new virus samples and other information.

On the morning of June 23, Antiy’s emergency response team discovered relevant documents and conducted a correlation analysis. The analysis revealed that these documents disclosed that intelligence agencies had fully utilized their global network surveillance capabilities, primarily targeting vendors like Kaspersky, to monitor and obtain emails sent by users worldwide to antivirus vendors, extracting virus samples and other information, with the intention of analyzing, containing, and exploiting these samples. The document listed “More Targets” of planned surveillance, covering 23 antivirus vendors in 16 countries across Europe and Asia, including Antiy. Regarding the above events, Antiy hereby issues the following two statements.

First: Statement regarding technical errors in some media reports

This incident has been reported by multiple media outlets. Some reports are relatively objective, but others contain technical errors. For example, some reports claim that the security vendors involved were hacked or their networks were compromised. However, the facts are that the methods disclosed in the documents primarily involve intelligence agencies monitoring public network channels to obtain emails reported by users to the vendors, not attacks on the security vendors’ own network systems and products. While past experience has shown that no single vendor can effectively counter attacks from a major power or even an intelligence alliance, the information in the documents is indeed unrelated to whether these vendors were hacked. We understand the pressure faced by media professionals in such a narrow field, and our statement is not intended to be accusatory. However, because Antiy is involved, we hope to clarify this matter from an objective and rational perspective. Furthermore, the reports regarding Antiy’s geographical distribution, main business, and user numbers are inaccurate, and we will not correct these in this statement. Like many other security vendors, Antiy consistently prioritizes providing users with effective and reliable detection capabilities and protection methods, while also actively focusing on improving the security of its own systems.

Second: Statement regarding the actions of relevant intelligence agencies attempting to monitor security vendors.

Security vendors’ mission is to provide security for users. As a member of the security vendor community, we believe that listening to alert emails from malware victims to gain some benefit or advantage is a despicable act. More importantly, the release of this surveillance “target list” will further divide the already fractured and suspicious global security industry. Global antivirus vendors, in their nearly thirty years of combating malware, have long established a foundation of mutual trust and cooperation, built resource exchange systems, and established basic mechanisms for jointly responding to threats. However, intelligence agencies view international antivirus and security vendors outside their own countries as stumbling blocks to their global attacks and surveillance activities, while simultaneously engaging subtly with their own country’s security vendors. This is a forced division of camps among antivirus and security vendors. If this mindset spreads, it will inevitably destroy the hard-won security industry cooperation and emergency response coordination mechanisms among countries, significantly damage the basic trust of users in other countries in the security vendors of the countries where these intelligence agencies are located, and ultimately force the cybersecurity industry back into a geo-economic framework defined by “fences”. Threat intelligence is difficult to share, transnational crimes are difficult to track, and the global cybersecurity order has been severely impacted… We believe this is far from the cyber landscape that most people expect.

Beyond this statement, Antiy sincerely thanks friends from all walks of life for their attention to our company, and thanks CSDN, Security Bull, E-Travel, Bitnet, and others for their professional and objective reporting. Some media analyses suggest that Antiy’s systematic analysis and publication of its findings regarding APT attacks such as Stuxnet and Flame may have led to its being targeted. Given the lack of other corroborating information at present, we can only consider this speculation. We are deeply grateful for the trust and recognition placed in us by our media friends, fellow vendors, and industry experts.

Antiy has always maintained that “malicious code and security threats are Antiy’s only enemy”. Faced with security threats, security vendors must fulfill their responsibilities, providing users with reliable and effective products and services, and releasing objective and rigorous information to the public. No matter where the threat comes from, no matter how powerful the adversary, as an independent security vendor, we will join hands with more security professionals to jointly shoulder integrity and responsibility.

Antiy,
June 24, 2015