Friday, June 7, 2013

How NSA Access Was Built into Windows

This is from a 1999 report by Heise.de:

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.
Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

A second key

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

A third key?!

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.[...]

According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

6 comments:

  1. Lol. Now they can see how I went from an unquestioning sheep to an awakened (sheep) while inversely windows went from decent to crap in less than a decade.

    ReplyDelete
  2. Replies
    1. NSA has a backdoor in linux since 2.6.0-test3

      https://en.wikipedia.org/wiki/Security-Enhanced_Linux#Overview

      Delete
    2. RayZ NSA has No backdoor in Linux Kernel. Linus Torvalds controls the Linux Kernel and only Linus, he is very protective of the kernel. Research this and you will see. Linux is the most secure OS to date.

      Delete
  3. I trust Schneier on this issue. This looks like its not true and he makes some good points in this article.

    http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI

    ReplyDelete
  4. On a completely unrelated subject: The DOJ initiates investigation of Microsoft in 1998. Wonder if there were any changes taking place at Apple in 2012? Nope. Can't think of any.

    ReplyDelete