OT - NSA back door in to Windows.greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
NSA Builds Security Access Into Windows (09/03/99, 2:05 p.m. ET) By Duncan Campbell, TechWeb
A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system.
Computer-security specialists have been aware for two years that unusual features are contained inside a standard Windows driver used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions including the Microsoft Cryptographic API (MS-CAPI). In particular, it authenticates modules signed by Microsoft, letting them run without user intervention.
At last year's Crypto 98 conference, British cryptography specialist Nicko van Someren said he had disassembled the driver and found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with U.S. export regulations. But the reason for building in a second key, or who owned it, remained a mystery.
Now, a North Carolina security company has come up with conclusive evidence the second key belongs to the NSA. Like van Someren, Andrew Fernandes, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY." The other was called "NSAKEY."
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to the "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code.
Within Microsoft, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.
No researchers have yet discovered a programming module which signs itself with the NSA key. Researchers are divided about whether it might be intended to let U.S. government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by the NSA's burgeoning corps of "information warriors."
According to Fernandes of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward.
"For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers.
"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a 'back door' for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said.
Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday.
Fernandes said he believed the NSA's built-in loophole could be turned round against the snoopers. The NSA key inside CAPI could be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorized third parties, unapproved by Microsoft or the NSA. This is exactly what the U.S. government has been trying to prevent.
A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.
According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said.
This from http://www.techweb.com/wire/story/TWB19990903S0014
Watch six and keep your...
-- eyes_open (email@example.com), September 07, 1999
Microsoft says it is an 'unfortunate choice' for a file name.
-- J (firstname.lastname@example.org), September 07, 1999.
I've got to get Linux working on my PC.
-- Tim the Y2K nut (email@example.com), September 07, 1999.
-- J (firstname.lastname@example.org), September 07, 1999.
Thanks for the links. Very helpful.
-- eyes_open (email@example.com), September 07, 1999.
Wow, I need to reload my beta of Win2000 Adv. Server and hunt through ADVAPI.DLL with a hex editor. (Being in MS' ISV program and an MSDN member have certain advantages...) I haven't seen any funkiness in any 32-bit Windows version's file I/O API yet and I crawl through it almost constantly on all 32-bit platforms.
I'm rather fortunate in that I'm more shielded than the norm against sensitive data dissemination, primarily because I write shareware and commercial DoD-grade data destruction software. I won't mention what products I'm involved with so as to not ruin what I'm about to say with shameless plugs: Find and purchase a good, reliable data destruction package and USE it. It won't protect against live data being sucked out by hackers (fed.gov or otherwise) but at least you won't have any surprises from data you thought you eliminated. And believe me, you'd be amazed what you can recover from a recently repartitioned and reformatted hard drive.
Last time I looked, there were 22 data destruction packages on the market, two of which I wrote and two more of which I consulted on, so there are plenty of choices. There's also one retail package out, which is the first of the genre to go retail. (The demand for data- shredding software is only starting to pick up in the retail channel.) Of these about a dozen claim to meet or exceed the recommendations listed in the DoD 5220.22-M (NISPOM) manual on data security.
This plus a strong security protocol and close system/network monitoring should make it harder for anyone, fed.gov included, to slip you a digital mickey and get anything useful from it...
Don't delete... destroy...
-- OddOne (firstname.lastname@example.org), September 07, 1999.