Jump to content


How NSA access was built into Windows

nsa back door windows

  • Please log in to reply
77 replies to this topic

#1 +zhiVago


    Pax Orbis

  • 9,319 posts
  • Joined: 04-October 01
  • Location: The Heartland
  • OS: Windows Seven

Posted 25 June 2013 - 09:52

NSA Built Back Door In All Windows Software by 1999


Government Built Spy-Access Into Most Popular Consumer Program Before 9/11


In researching the stunning pervasiveness of spying by the government (it’s much more wide spread than you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.


Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:

Duncan Campbell 04.09.1999


A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.


The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.


Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.


ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.


Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.


A second key


Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".


Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.


A third key?!


But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.


Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.


Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".


According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.


"For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US.


That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".


"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.


Can the loophole be turned round against the snoopers?


Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.


Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.


According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."

#2 srbeen



  • 1,014 posts
  • Joined: 30-November 11

Posted 25 June 2013 - 10:17

zip link is dead, well, only the 'special' are permitted to view... http://www.cryptonym.com/ Would sure love to change my key and become the NSA of my friends... Bravo MS!


Any reports on how OSX or any versions of BSD or linux are bugged? I can only presume Apple and Ubuntu are also targets.

#3 Steven P.

Steven P.


  • 32,142 posts
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 25 June 2013 - 10:22

It was already widely known back then that there was a NSA key in Windows 98.

#4 Mohitster



  • 1,461 posts
  • Joined: 12-October 05
  • OS: Windows 10
  • Phone: Lumia 525

Posted 25 June 2013 - 10:23

Not sure if serious  :o

#5 +DonC



  • 1,178 posts
  • Joined: 16-August 07
  • Location: England

Posted 25 June 2013 - 12:20

Look.  I don't like the secrecy around the NSA and GCHQ's processes either but this story is sensationalist claptrap.  This story reads as if the NSA and some other organisation has the ability to remotely access Windows PCs!


Yes, there are alternative keys for loading cryptographic modules into Windows but they are not backdoors.  You still need to install them with administrative privileges.  At the point this happens, you've already given access to your computer away no matter how the software persists.  There are plenty of places in Windows that you could install something to snoop on or modify the experience for users: the driver system being the most obvious to me.  If you're worried about HTTPS snooping in particular then you should realise that tools like Fiddler 2 can do this without magic crypto modules.


As for somehow turning this "backdoor" around, you should note that if you're in a position to change the NSAKEY or the third key then you're also in a position to change the first key.  At this point you could re-sign the typical cryptographic modules as well as foreign code with your own private key.  You gain nothing from the existence of the NSAKEY or the third.


The fact that the keys are separate tells me that Microsoft were unwilling to let the NSA have access to their private key.

#6 Osiris


    Neowinian God!

  • 11,794 posts
  • Joined: 31-October 01
  • Location: Australia
  • OS: WIndows 8.2
  • Phone: Nokia 930

Posted 25 June 2013 - 12:46

Despite the recent revelations I just don't buy that this was ever the case, with alll the governments, with all the users, and especially with all the people that hate windows, if any of them found that in the software they would be screamiing it fromt heir lungs and posting the proof everywhere.  Microsoft also would have had far too much to lose (as they were basically the only OS provider, no one else was getting roped in with them unlike the current matter) not to mention there was and still is no lehal basis for such a move and not withstanding that such a backdoor would likely break laws in some of the countries MS Windows is sold in.


Yes, that is different to now because the target of the current issue is around their carriage services - not the product - just about all our countries have laws surrounding the lawful use of carriage services (no I am not defending the invasion of our privacy but rather just because that is happening doesn't mean this happened).

#7 vetneufuse


    Neowinian Senior

  • 17,948 posts
  • Joined: 16-February 04

Posted 25 June 2013 - 12:51

Oh good gawd, this isn't what you think it is...... btw.. if you have RSA encryption, you know this was developed by the NSA right?..... lets start a trapdoor thing about that also!!!!! oh wait we already have....

#8 JonnyLH


    I say things.

  • 1,290 posts
  • Joined: 15-February 13
  • Location: UK
  • OS: W8, W7, WP8, iOS, Ubuntu
  • Phone: Nokia Lumia 920

Posted 25 June 2013 - 12:55

If the NSA was getting into your machine since '98 I'm pretty sure someone would of picked it up on the many years of constant wiresharking.



#9 vetneufuse


    Neowinian Senior

  • 17,948 posts
  • Joined: 16-February 04

Posted 25 June 2013 - 12:58

You guys do know if they where to put a hidden key.... they wouldn't call it NSAKEY! you know NSA does not stand for national security agency...... it was at the time meaning Name Space Assembly Key... had a completely different purpose then the tin foil hatters want you to think.... but lets just ignore all the development documentation on windows back in the 90's and name it some big conspiracy

#10 +Nik L

Nik L

    Where's my pants?

  • 35,114 posts
  • Joined: 14-January 03

Posted 25 June 2013 - 12:59

Well that was a whole bunch of misunderstandings, conspiracy theories and conjecture wrapped around something that was already widely know and moreover publicly stated.


Still, makes for a nice headline...

#11 TPreston


    e pluribus unum

  • 3,309 posts
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 25 June 2013 - 23:33

If the NSA was getting into your machine since '98 I'm pretty sure someone would of picked it up on the many years of constant wiresharking.



Don't forget process monitor and network firewalls, And what about all those people on slow wan links wouldn't they notice it ?

#12 Enron


    Ultra Masculine

  • 12,601 posts
  • Joined: 30-May 11
  • OS: Windows 10 Mobile Home
  • Phone: Lumia 130 Cardboard Edition

Posted 25 June 2013 - 23:40

I guess I'm immune to this since I'm running Windows for Workgroups.

#13 +warwagon


    Only you can prevent forest fires.

  • 29,153 posts
  • Joined: 30-November 01
  • Location: Iowa
  • OS: Windows 8.1
  • Phone: LG G3

Posted 25 June 2013 - 23:47

What was the name of that funny registry key from long ago.... was it nsakey?

#14 Hum


    totally wAcKed

  • 63,716 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 26 June 2013 - 00:00

That explains why my UFO photos disappeared ! :ninja:

#15 AnotherITguy



  • 1,018 posts
  • Joined: 15-October 10
  • Location: 'Merica
  • OS: Windows 8.1 Professional
  • Phone: Iphone 5C 16GB

Posted 26 June 2013 - 00:09

oh noes, zey know everaything... picks up his tin foil hat.... lolz