Tag Archives: Computer security

NSA Built Back Door In All Windows Software by 1999

Company trade secrets, personal information, webcam and microphone access, OnStar vehicle access, VoIP calls, etc., all open to snooping thanks to the good ol’ Uncle Sam. No secret to me… my answer TOR Browser

 

via Washington’s Blog

In researching the stunning pervasiveness of spying by the government (it’s much more wide spread than you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.

Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:

A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren [an expert in computer security]. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

***

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft’s developers had failed to remove or “strip” the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called “KEY”. The other was called “NSAKEY”.

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to “Advances in Cryptology, Crypto’99″ conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the “NSA” key was built into their software. But they refused to talk about what the key did, or why it had been put there without users’ knowledge.

A third key?!

But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was “stunned” to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the “entropy” of programming code.

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone’s and everyone’s Windows computer to intelligence gathering techniques deployed by NSA’s burgeoning corps of “information warriors”.

According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

***

“How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a ‘back door’ for NSA – making it orders of magnitude easier for the US government to access your computer?” he asked.

We have repeatedly pointed out that widespread spying on Americans began prior to 9/11.

Leave a comment

Filed under Man

ISPs Now Monitoring for Copyright Infringement

via http://www.wired.com

Photo: imallergic/Flickr

The nation’s major internet service providers on Monday said they are beginning to roll out an initiative to disrupt internet access for online copyright scofflaws.

The so-called “Copyright Alert System” is backed by the President Barack Obama administration and was pushed heavily by record labels and Hollywood studios.

The plan, more than four years in the making, includes participation by AT&T, Cablevision Systems, Comcast, Time Warner Cable and Verizon. Others could soon join.

After four offenses, the historic plan calls for these residential internet providers to initiate so-called “mitigation measures” (.pdf) that might include reducing internet speeds and redirecting a subscriber’s service to an “educational” landing page about infringement.

The plan does not prevent content owners from suing internet subscribers. The Copyright Act allows damages of up to $150,000 per infringement.

The Center for Copyright Information, the new group running the program, maintains it is not designed to terminate online accounts for repeat offenders. However, the Digital Millennium Copyright Act demands that internet service providers kick off repeat copyright scofflaws.

The program monitors peer-to-peer file-sharing services via internet snoop MarkMonitor of San Francisco. The surveillance was to have been deployed sooner. But the various delays included Hurricane Sandy and ISP reluctance to join.

Peer-to-peer monitoring is easily detectable. That’s because IP addresses of internet customers usually reveal themselves during the transfer of files. Cyberlockers, e-mail attachments, shared Dropbox folders and other ways to infringe are not included in the crackdown.

To be sure, the deal is not as draconian as it could have been.

The agreement, heavily lobbied for by the Recording Industry Association of America and the Motion Picture Association of America, does not require internet service providers to filter copyrighted material transiting their networks. U.S. internet service providers and the content industry have openly embraced that kind filtering. The Federal Communications Commission, in crafting its net neutrality rules, has all but invited the ISPs to practice it.

On a scofflaw’s first offense, internet subscribers will receive an e-mail “alert” from their ISP saying the account may have been misused for online content theft. On the second offense, the alert might contain an “educational message” about the legalities of online file sharing.

On the third and fourth infractions, the subscriber will likely receive a pop-up notice “asking the subscriber to acknowledge receipt of the alert.”

Leave a comment

Filed under Man