Results 1 to 13 of 13

Thread: Did the Government engineer a back door to Windows?

  1. #1
    Banned gmcd33's Avatar
    Join Date
    Nov 2000
    Location
    Hillsdale. NJ 07642
    Posts
    2,223

    Did the Government engineer a back door to Windows?

    What do you think of this:

    How NSA access was built into Windows

    Duncan Campbell 04.09.1999
    Careless mistake reveals subversion of Windows by NSA.


    A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

    The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

    Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

    ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run crypographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.

    Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.


    A second key


    Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".

    Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.


    A third key?!


    But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.

    Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

    Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".

    According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

    "For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".

    "How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.


    Can the loophole be turned round against the snoopers?


    Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.

    Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.

    According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."

  2. #2
    Quote "What do you think of this"

    I haven't got time to write what I think of that gmcd33, it would take a lot of typing to convey how I really feel.

    Thanks for posting it, very interesting, and very "big brother"
    Doesn't surprize me, but still irks me.
    What's next, will we have to give up one room in our houses for the NSA to use in thier covert operations?

    I wonder how all the foreign governments are going to deal with this. That's very intrusive of the NSA to have such access to foreign PC's, not to mention how the public is going to feel here and in the U.S.
    The strange thing is, nothing will ever become of it, most people will just forget about it, or never know in the first place.

  3. #3
    Sprinkler Dude IranianHobo's Avatar
    Join Date
    Jun 2001
    Location
    Not Iran
    Posts
    1,651
    **** suckers...I am seriously considering Linux right now
    ---the Iranian Fury

  4. #4
    Uninsured for your health
    Join Date
    Jan 2001
    Location
    Stockton, CA
    Posts
    10,030
    what' the file name in Win98??

    I searched for ADVAPI.DLL, but couldn't find it...I hodid find ADVAPI32.DLL , would this be the file in question?
    Quote Originally Posted by Three Rivers Designs
    America! Love it or give it back!

  5. #5
    Elite Member blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,857
    Originally posted by CiscoCert
    what' the file name in Win98??

    I searched for ADVAPI.DLL, but couldn't find it...I hodid find ADVAPI32.DLL , would this be the file in question?
    I believe so.
    Last edited by blebs; 10-05-01 at 08:02 PM.

  6. #6
    I have been searching the web for related articles and what I have found is scary.

    Everything that the author talks about can be verified.

    I'm in shock.

    I think I'm gonna pass this on to Steve Gibson over at www.grc.com and see what he or the others in that newsgroup have to say about this.

    I'm quite unnerved by this.

    ...formerly the omnipotent UOD

  7. #7
    EgoKilla messiah's Avatar
    Join Date
    Jan 2000
    Location
    northeast teXas
    Posts
    3,746
    I have some links about entrapment, and .dat files dropped on web servers. The nsa .dll turns out to be nothing bad. you can use your debuger to see what your system dlls are used for.


    MS does "track" though, alot of companies/sites do.

    Remember the Oracle/CIA thread I posted. Thats more of a concern, in my opinion. Think about all the companies that the CIA would have access too.

  8. #8
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Norfolk, VA
    Posts
    5,716
    Figures. Glad I got off Windblows. No spyware in Linux! M$ sucks, and NOW do you all believe me when I say that?

    Thank you.

  9. #9
    SG Stud ColdFusion's Avatar
    Join Date
    Oct 2000
    Location
    Vancouver, BC
    Posts
    3,561
    Originally posted by Paft
    Figures. Glad I got off Windblows. No spyware in Linux! M$ sucks, and NOW do you all believe me when I say that?

    Thank you.
    Amen!

    Guys, I think alot of people are going to move over to Linux. Once people learn how ****ty MS is, its gonna be all linux baby!

    I cant wait.. btw, linux 0wns j00.

  10. #10

    everyone knew that

    everyone knew that or at least suppected that not only the NSA has or had acces to our pcs BIll GATES has acces to or to generalize microsoft have acces all those worn " REDCODE....."
    those are back doors that were INTENCIONALLY PLACED by then .

    Just thikn about this if you are a programer ( WINDOWS PROGRAMER ) tell me that you wouldnt do the same create a back door to see what the ppl do on their PCs.

    If you build a house you ll know all entraces and exit even you ll create some secretes entraces just to scape from home at night ( I HAVE NEVER DONE THAT )

    Microsoft have the power and no instutution will ask then to review thier OS

    now going to another point have you ever seen ANTITRUS i am not saying that thats correct but always they take something from real life or some rumors and they put them into a movie

    you could say i ll siwitch to another OS MAC? mac sucks there is just a few games,software etc that are compatible wiht it

    linux?? same thing that MAC i think

    even routers' companies they only give you garanty if youOS is windows if not they wont be give any kind of tech support

    so it is a difficult problem to solve but the desition is your compatibility and security or security and less compatibility

    and the only thing i want to avoid is that some hacker get into my pc and erase some files so i have to reinstall everything because i don have any clasificated information etc so whats the big deal they are tracing me OH becareful !!!

    well everyone has a different point of view and that was mine

  11. #11
    Banned gmcd33's Avatar
    Join Date
    Nov 2000
    Location
    Hillsdale. NJ 07642
    Posts
    2,223
    WOW the NSA makes Linux now too.


    http://www.nsa.gov/selinux/index.html

    This is insane

  12. #12
    SG Enthusiast FunK's Avatar
    Join Date
    Aug 2000
    Posts
    2,726
    quoted from nsa.gov

    Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security.
    Is Linux being used for that reason, or is it because they don't trust MS? Or is it just becasue they can already access all MS OS computers?

    Hmmmmmm


    FunK
    Simply run adaware, spybot, ZoneAlarm, HijackThis, AVG, update windows daily, have a router, don't open e-mail, turn off action scripting, don't use P2P networks, don't violate EULAs, and wear a condom to get Windows secured.

    People say Linux is alot of work!

  13. #13
    SG Enthusiast FunK's Avatar
    Join Date
    Aug 2000
    Posts
    2,726
    Hmmmmmm, I did a little research for the information from cryptonym's site and found a few links.

    http://www.cryptonym.com/hottopics/msft-nsa.html

    However the page can't be viewed. If you go to the main page, it says "This page intentionally left blank".

    Did MS or the NSA take down their site?

    CONSPIRACY!!!
    Simply run adaware, spybot, ZoneAlarm, HijackThis, AVG, update windows daily, have a router, don't open e-mail, turn off action scripting, don't use P2P networks, don't violate EULAs, and wear a condom to get Windows secured.

    People say Linux is alot of work!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •