TUCoPS :: Truly Miscellaneous :: nsa-win.txt

A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system.


A careless mistake by Microsoft programmers has shown that special
access codes for use by the U.S. National Security Agency (NSA) have
been secretly built into all versions of the Windows operating system.

Computer-security specialists have been aware for two years that unusual
features are contained inside a standard Windows driver used for
security and encryption functions. The driver, called ADVAPI.DLL,
enables and controls a range of security functions including the
Microsoft Cryptographic API (MS-CAPI). In particular, it authenticates
modules signed by Microsoft, letting them run without user intervention.

At last year's Crypto 98 conference, British cryptography specialist
Nicko van Someren said he had disassembled the driver and found it
contained two different keys. One was used by Microsoft to control the
cryptographic functions enabled in Windows, in compliance with U.S.
export regulations. But the reason for building in a second key, or who
owned it, remained a mystery.

Now, a North Carolina security company has come up with conclusive
evidence the second key belongs to the NSA. Like van Someren, Andrew
Fernandez, chief scientist with Cryptonym of Morrisville, North
Carolina, had been probing the presence and significance of the two
keys. Then he checked the latest Service Pack release for Windows NT4,
http://www.microsoft.com/ntserver/nts/downloads/recommended/sp5/allsp5.asp
"Service Pack 5. He found Microsoft's developers had failed to remove or
"strip" the debugging symbols used to test this software before they
released it. Inside the code were the labels for the two keys. One was
called "KEY." The other was called "NSAKEY."

Fernandez reported his re-discovery of the two CAPI keys, and their
secret meaning, to the "Advances in Cryptology, Crypto'99" conference
held in Santa Barbara. According to those present at the conference,
Windows developers attending the conference did not deny the "NSA" key
was built into their software. But they refused to talk about what the
key did, or why it had been put there without users' knowledge.

But according to two witnesses attending the conference, even
Microsoft's top crypto programmers were stunned to learn that the
version of ADVAPI.DLL shipping with Windows 2000 contains not two, but
three keys. Brian LaMachia, head of CAPI development at Microsoft was
"stunned" to learn of these discoveries, by outsiders. This discovery,
by van Someren, was based on advance search methods which test and
report on the "entropy" of programming code.

Within Microsoft, access to Windows source code is said to be highly
compartmentalized, making it easy for modifications to be inserted
without the knowledge of even the respective product managers.

No researchers have yet discovered a programming module which signs
itself with the NSA key. Researchers are divided about whether it might
be intended to let U.S. government users of Windows run classified
cryptosystems on their machines or whether it is intended to open up
anyone's and everyone's Windows computer to intelligence gathering
techniques deployed by the NSA's burgeoning corps of "information
warriors."

"How is an IT manager to feel when they learn that in every copy of
Windows sold, Microsoft has installed a 'back door' for the NSA --
making it orders of magnitude easier for the U.S. government to access
your computer?" -- Andrew Fernandez Cryptonym

According to Fernandez of Cryptonym, the result of having the secret key
inside your Windows operating system "is that it is tremendously easier
for the NSA to load unauthorized security services on all copies of
Microsoft Windows, and once these security services are loaded, they can
effectively compromise your entire operating system". The NSA key is
contained inside all versions of Windows from Windows 95 OSR2 onward.

"For non-American IT managers relying on WinNT to operate highly secure
data centers, this find is worrying," he added. "The U.S government is
currently making it as difficult as possible for 'strong' crypto to be
used outside of the U.S. That they have also installed a cryptographic
back-door in the world's most abundant operating system should send a
strong message to foreign IT managers.

"How is an IT manager to feel when they learn that in every copy of
Windows sold, Microsoft has installed a 'back door' for the NSA --
making it orders of magnitude easier for the U.S. government to access
your computer?" he said.

Van Someren said he felt the primary purpose of the NSA key might be for
legitimate U.S. government use. But he said there cannot be a legitimate
explanation for the third key in Windows 2000 CAPI. "It looks more
fishy," he said on Friday.

Fernandez said he believed the NSA's built-in loophole could be turned
round against the snoopers. The NSA key inside CAPI could be replaced by
your own key, and used to sign cryptographic security modules from
overseas or unauthorized third parties, unapproved by Microsoft or the
NSA. This is exactly what the U.S. government has been trying to
prevent.

A demonstration "how to do it" program that replaces the NSA key can be
found on Cryptonym's
http://www.cryptonym.com/hottopics/msft-nsa/ReplaceNsaKey.zip website.

According to one leading U.S. cryptographer, the IT world should be
thankful the subversion of Windows by NSA has come to light before the
arrival of CPUs that handle encrypted instruction sets. These would make
the type of discoveries made this month impossible. "Had the
next-generation CPUs with encrypted instruction sets already been
deployed, we would have never found out about NSAKEY," he said.

http://www.techweb.com TW

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH