Kaspersky has slammed the NSA and GCHQ following reports the agencies targeted it with "reverse engineering" cyber attacks.
A Kaspersky statement sent to V3 labeled the reports are "worrying" and said that, if true, the GCHQ and NSA are leaving businesses and general web users dangerously vulnerable.
"As noted during the recent Duqu 2.0 nation-state sponsored attack, we find it extremely worrying that government organisations are targeting security companies instead of focusing their resources against legitimate adversaries and are actively working to subvert security software that is designed to keep us all safe," the company said.
"We are closely reviewing and investigating the information disclosed today in order to assess the potential level of risk it may pose to our infrastructure and how to effectively mitigate it."
The spokesperson cited the attacks as evidence of the need for increased collaboration between security service providers combating state surveillance.
"Once again, we would like to stress the need for security companies to work together as a community and fight for user privacy, the right to privacy on the Internet, thwart mass surveillance and make the world a safer place," they said.
Reports of the reverse engineering attacks broke via The Intercept, which uncovered the campaign while examining leaked Snowden documents.
"Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ's CNE [Computer Network Exploitation] capability, and SRE [Software Reverse Engineering] is essential in order to be able to exploit such software and to prevent detection of our activities. Examination of Kaspersky and other such products continues," read one of the leaked documents.
The warrant renewal request also states that GCHQ reverse engineers anti-virus programs to assess their fitness for use by government agencies.
A GCHQ spokesperson declined to confirm the reports, but added that any intelligence activities undertaken by the agency are within the law.
"It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate," the spokesperson said.
"[There] is rigorous oversight, including from the secretary of state, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."
The secret warrant was reportedly granted to GCHQ by the UK foreign secretary and is designed to keep intelligence officers involved in surveillance exempt from prosecution.
The warrant is one of many ways that GCHQ protects intelligence officers from prosecution.
Reports broke in March claiming that the government aids GCHQ in this effort when the Computer Misuse Act was covertly amended to grant law enforcement agencies immunity from prosecution for a variety of what would otherwise be illegal activities during surveillance operations.
Despite the protections, the report suggests that some officers' actions were illegal, claiming that a "top-secret document states that some GCHQ staff lapsed in following the agency's authorisation protocols for staying within the bounds of the law".
The Intercept reported that the NSA and GCHQ have accrued a "stockpile" of exploitable vulnerabilities and exploits for the targeted security services that let them hack into supposedly protected systems at will.
The news follows wider concerns about Kaspersky's security tools. Kaspersky fell victim to a targeted attack that exploited the sophisticated Duqu 2.0 malware earlier in June.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance