How NSA access was built into Windows

By +Mirumir
in It's a Conspiracy!

 Share

Recommended Posts

Grand Master

+Mirumir Subscriber¹

Posted
  • Subscriber¹
Posted

NSA Built Back Door In All Windows Software by 1999

 

Government Built Spy-Access Into Most Popular Consumer Program Before 9/11

 

In researching the stunning pervasiveness of spying by the government (it?s much more wide spread than you?ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.

 

Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:

 
 
Duncan Campbell 04.09.1999

 

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

 

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

 

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

 

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.

 

Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

 

A second key

 

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".

 

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

 

A third key?!

 

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.

 

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

 

Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".

 

According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

 

"For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US.

 

That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".

 

"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.

 

Can the loophole be turned round against the snoopers?

 

Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.

 

Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.

 

According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."

Proficient

srbeen

Posted
Posted

zip link is dead, well, only the 'special' are permitted to view... http://www.cryptonym.com/ Would sure love to change my key and become the NSA of my friends... Bravo MS!

 

Any reports on how OSX or any versions of BSD or linux are bugged? I can only presume Apple and Ubuntu are also targets.

Veteran

+DonC Subscriber²

Posted
  • Subscriber²
Posted

Look.  I don't like the secrecy around the NSA and GCHQ's processes either but this story is sensationalist claptrap.  This story reads as if the NSA and some other organisation has the ability to remotely access Windows PCs!

 

Yes, there are alternative keys for loading cryptographic modules into Windows but they are not backdoors.  You still need to install them with administrative privileges.  At the point this happens, you've already given access to your computer away no matter how the software persists.  There are plenty of places in Windows that you could install something to snoop on or modify the experience for users: the driver system being the most obvious to me.  If you're worried about HTTPS snooping in particular then you should realise that tools like Fiddler 2 can do this without magic crypto modules.

 

As for somehow turning this "backdoor" around, you should note that if you're in a position to change the NSAKEY or the third key then you're also in a position to change the first key.  At this point you could re-sign the typical cryptographic modules as well as foreign code with your own private key.  You gain nothing from the existence of the NSAKEY or the third.

 

The fact that the keys are separate tells me that Microsoft were unwilling to let the NSA have access to their private key.

Grand Master

Osiris

Posted
Posted

Despite the recent revelations I just don't buy that this was ever the case, with alll the governments, with all the users, and especially with all the people that hate windows, if any of them found that in the software they would be screamiing it fromt heir lungs and posting the proof everywhere.  Microsoft also would have had far too much to lose (as they were basically the only OS provider, no one else was getting roped in with them unlike the current matter) not to mention there was and still is no lehal basis for such a move and not withstanding that such a backdoor would likely break laws in some of the countries MS Windows is sold in.

 

Yes, that is different to now because the target of the current issue is around their carriage services - not the product - just about all our countries have laws surrounding the lawful use of carriage services (no I am not defending the invasion of our privacy but rather just because that is happening doesn't mean this happened).

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

You guys do know if they where to put a hidden key.... they wouldn't call it NSAKEY! you know NSA does not stand for national security agency...... it was at the time meaning Name Space Assembly Key... had a completely different purpose then the tin foil hatters want you to think.... but lets just ignore all the development documentation on windows back in the 90's and name it some big conspiracy

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

Well that was a whole bunch of misunderstandings, conspiracy theories and conjecture wrapped around something that was already widely know and moreover publicly stated.

 

Still, makes for a nice headline...

Grand Master

TPreston

Posted
Posted

If the NSA was getting into your machine since '98 I'm pretty sure someone would of picked it up on the many years of constant wiresharking.

 

/thread

Don't forget process monitor and network firewalls, And what about all those people on slow wan links wouldn't they notice it ?

Mentor

thomastmc

Posted
Posted

Any articles from last decade? Or, better yet, this decade?

 

Forget about encryption, if they wanted a real backdoor to any system and it was built from the lab into all RTM and retail copies that left MS, no one except those developers would ever know it was there. It would lay dormant until activated over the net or locally by an NSA agent. If it's ever needed it's activated and then loses much of it's stealth, but unless you know what you're looking for and how to look for it, it would be almost impossible to detect because it would use the OS's internal mechanisms legitimately to disguise it's activity. It wouldn't be "malware", or a rootkit, it would be a kernel level legitimate function of the system, designed to work with the system as any other legitimate mechanism does. It might even be wrapped by a legitimate and benign piece of the standard system.

 

It would probably also communicate through a protocol that is hidden intentionally on the network, by other additions by the NSA into software, such as routers. You'd probably have to write special code to even have a chance of finding it, and you'd have to know what you're looking for to write the code. Chicken and the egg. Then you'd still have to get the NSA to activate the backdoor on a system you're testing. By the time even someone educated and paranoid (or curious) enough found what they were looking for, it'd be too late, at least for them.

Mentor

JonnyLH

Posted
Posted

Any articles from last decade? Or, better yet, this decade?

 

Forget about encryption, if they wanted a real backdoor to any system and it was built from the lab into all RTM and retail copies that left MS, no one except those developers would ever know it was there. It would lay dormant until activated over the net or locally by an NSA agent. If it's ever needed it's activated and then loses much of it's stealth, but unless you know what you're looking for and how to look for it, it would be almost impossible to detect because it would use the OS's internal mechanisms legitimately to disguise it's activity. It wouldn't be "malware", or a rootkit, it would be a kernel level legitimate function of the system, designed to work with the system as any other legitimate mechanism does. It might even be wrapped by a legitimate and benign piece of the standard system.

 

It would probably also communicate through a protocol that is hidden intentionally on the network, by other additions by the NSA into software, such as routers. You'd probably have to write special code to even have a chance of finding it, and you'd have to know what you're looking for to write the code. Chicken and the egg. Then you'd still have to get the NSA to activate the backdoor on a system you're testing. By the time even someone educated and paranoid (or curious) enough found what they were looking for, it'd be too late, at least for them.

Hows the tin foil hat?

Veteran

REM2000

Posted
Posted

Hows the tin foil hat?

 

yeah it's not like the NSA has been caught accessing information from all major cloud providers... oh wait

 

It's pretty obvious that Windows has had a back door for use by government organisations, i wouldn't be surprised if MacOSX had it too. Oh course they are not going to be using it all the time, however i can imagine some kind of remote execution ability. Linux and Open source in general i would be more surprised about as it would be a lot easier to discover this through open source.

 

However it's worth taking stock, we know that government agencies have had access to cloud services, a few years ago it was proven that BlackBerry has done the same for it's messaging systems

 

http://www.guardian.co.uk/technology/2010/nov/17/india-blackberry-monitored-emails

 

It's the way of the world, it would be nice if governments were a little more transparent and i hope people continue to fight for freedoms of information, but this kind of stuff has been going on for centuries with governments intercepting, phone calls, letters, telegrams etc.. The only difference is that with each passing year it's getting easier and easier to collect more and more information.

Mentor

JonnyLH

Posted
Posted

yeah it's not like the NSA has been caught accessing information from all major cloud providers... oh wait

 

It's pretty obvious that Windows has had a back door for use by government organisations, i wouldn't be surprised if MacOSX had it too. Oh course they are not going to be using it all the time, however i can imagine some kind of remote execution ability. Linux and Open source in general i would be more surprised about as it would be a lot easier to discover this through open source.

 

However it's worth taking stock, we know that government agencies have had access to cloud services, a few years ago it was proven that BlackBerry has done the same for it's messaging systems

 

http://www.guardian.co.uk/technology/2010/nov/17/india-blackberry-monitored-emails

 

It's the way of the world, it would be nice if governments were a little more transparent and i hope people continue to fight for freedoms of information, but this kind of stuff has been going on for centuries with governments intercepting, phone calls, letters, telegrams etc.. The only difference is that with each passing year it's getting easier and easier to collect more and more information.

To protect National Security? Do you condone events like Boston or a possible terrorist threat on the Olympics? 

 

The people which create these programs are normal people, they're doing it to protect national security not to see what porn people are watching. If there was a backdoor to any software system, it would of been found by now. You'd be able to spot it a mile off. Another point is, who's computer here actually has a public IP address? If not, you're sitting behind a NAT which will not let any un-prompted connections incoming unless the client initialized it. So a backdoor wouldn't even work in todays Internet.

 

So once again, hows the tinfoil hat?

Mentor

JonnyLH

Posted
Posted

Oh dear.  You just threw your entire argument out of the window with that one ridiculous yet (hopefully) rhetorical question.

Condoning a system which supports national security is indirectly related to events like this. Stop being so up-tight.

Mentor

thomastmc

Posted
Posted

A possible terrorist threat on the Olympics?

 

Oh my gosh, you're so paranoid. How's the tin foil flack jacket? (That game can be played both ways. Don't dismiss what I said as if I'm paranoid. I was just stating what is possible, as you just did).

 

If there was a backdoor to any software system, it would of been found by now. You'd be able to spot it a mile off. Another point is, who's computer here actually has a public IP address? If not, you're sitting behind a NAT which will not let any un-prompted connections incoming unless the client initialized it. So a backdoor wouldn't even work in todays Internet.

 

So once again, hows the tinfoil hat?

 

You don't know what you're talking about, by the way.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • AI is indeed eliminating jobs, and Oracle just proved it

      By leonsk29 · Posted

      Exactly, this is just the beginning. I hope that by that time, our inept politicians devise something like a Universal Basic Income, because unemployment and poverty rates will skyrocket otherwise. And believe me, robots that perform physical work aren't a matter of IF, but WHEN. No career is truly safe from AI/robots, it's just a matter of time.
    • Politically funny images of the World

      By +primortal · Posted

    • Subtitle Edit 5.0.0

      By Copernic · Posted

      Subtitle Edit 5.0.0 by Razvan Serea Subtitle Edit is a powerful, free, and user-friendly subtitle editing tool designed for creating, editing, and converting subtitles for videos. It supports a wide range of subtitle formats, including SRT, ****, and SUB, allowing users to easily modify and adjust subtitles for accurate timing and formatting. With its intuitive interface, Subtitle Edit provides a variety of features such as waveform audio display, spell-check, subtitle synchronization, and real-time video preview, making it an ideal choice for both beginners and professionals. The software also includes powerful tools for batch processing, translating subtitles, and converting between different subtitle formats. Subtitle Edit features: Create/adjust/sync/translate subtitle lines Convert between SubRib, MicroDVD, Advanced Sub Station Alpha, Sub Station Alpha, D-Cinema, SAMI, youtube sbv, and many more (300+ different formats!) Cool audio visualizer control - can display wave form and/or spectrogram Video player uses mpv, DirectShow, or VLC media player Visually sync/adjust a subtitle (start/end position and speed) Audio to text (speech recognition) via Whisper or Vosk/Kaldi Auto Translation via Google translate Rip subtitles from a (decrypted) dvd Import and OCR VobSub sub/idx binary subtitles Import and OCR Blu-ray .sup files - bd sup reading is based on Java code from BDSup2Sub Can open subtitles embedded inside Matroska files Can open subtitles (text, closed captions, VobSub) embedded inside mp4/mv4 files Can open/OCR XSub subtitles embedded inside divx/avi files Can open/OCR DVB and teletext subtitles embedded inside .ts/.m2ts (Transport Stream) files Can open/OCR Blu-ray subtitles embedded inside .m2ts (Transport Stream) files Merge/split subtitles Adjust display time Fix common errors wizard....and more. Subtitle Edit 5.0.0 changelog: Subtitle Edit 5 is a major new release and a big step for the project. For the first time, Subtitle Edit runs natively on Windows, macOS, and Linux from a single, modern, cross-platform codebase. The builds are self-contained, so no separate .NET installation is required, and on macOS and Linux the needed media components (mpv/ffmpeg) are bundled in. Please read before upgrading: Subtitle Edit 5 is a new application, not just an update of Subtitle Edit 4. It has been rebuilt from the ground up to be cross-platform, so: It is not 100% the same app. The look, layout, and some workflows have changed. Some things are in different places, and a few behave differently than in SE4. Not every SE4 feature exists in SE5 yet. SE5 covers all the core editing, conversion, sync, video playback, OCR, and online services, but some of the more specialized SE4 tools are not available yet. Features will continue to be added. If you rely on a specific SE4 feature that is missing, please keep SE4 installed alongside SE5. The easiest way to run both side by side is to use the Portable versions of SE4 and SE5, which keep their settings separate and do not interfere with each other. Which version should I use? Subtitle Edit 5: recommended for most users on Windows 10 (22H2) or newer, macOS 12+, and Linux. Subtitle Edit 4: please continue to use SE4 if you are on an older Windows version (Windows 7/8), or on older / slower computers where SE5 may not run well. SE4 remains available and is the right choice in those cases. To run SE4 and SE5 at the same time, use the Portable versions - you can try SE5 while keeping SE4 as a fallback. Download: Subtitle Edit 5.0.0 | ARM64 | ~60.0 MB (Open Source) Download: Subtitle Edit Portable | 103.0 MB View: Subtitle Edit Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Google Pixel 11 series: Here's what to expect

      By Hamid Ganji · Posted

      Google Pixel 11 series: Here's what to expect by Hamid Ganji Google Pixel 10 series In recent years, Google has successfully turned its Pixel devices into worthy contenders in the smartphone market. The search giant is now preparing to launch the Pixel 11 series in just a few months, and many Pixel fans are likely wondering what Google has in store for them this year. The next lineup of Google smartphones includes four devices: the Pixel 11, Pixel 11 Pro, Pixel 11 Pro XL, and Pixel 11 Pro Fold. This year, we don’t expect Google to bring revolutionary upgrades to its handsets, and the Pixel 11 series is likely to receive modest hardware improvements alongside a slew of AI-powered features. Here are the rumored specifications of the Google Pixel 11 series ahead of its official debut: When will the new Pixel phones be unveiled? The last two generations of Google Pixel phones (Pixel 9 series and Pixel 10 series) were launched in August, unlike the previous three generations that debuted in October. With that in mind, we expect Google to unveil the Pixel 11 series sometime in August 2026. The exact launch date has yet to be confirmed. Google Pixel 11 CAD renders - Image via AndroidHeadlines How much will the Pixel 11 series cost? Predicting the final price of upcoming smartphones has become increasingly difficult. As you may know, RAM and memory prices are rising sharply, leading to significant increases in the cost of consumer electronics. Recently, Apple CEO Tim Cook said that price increases for some future Apple products are unavoidable, suggesting that the iPhone 18 series could become more expensive. Google has remained tight-lipped about any potential price increases for the Pixel 11 series. If the company manages to maintain last year’s pricing structure, here’s what the lineup could cost: Pixel 11: $799 Pixel 11 Pro: $999 Pixel 11 Pro XL: $1,199 Pixel 11 Pro Fold: $1,799 Given current market conditions, it may be difficult for Google to avoid raising prices unless it adopts cost-saving measures, such as equipping the base model with 8GB of RAM. Google Pixel 11 series anticipated specs: We expect the Google Pixel 11 series to debut with a new Tensor G6 processor as well as an upgraded camera system. The overall design, however, is expected to remain largely unchanged across the lineup. Specifications Pixel 11 Pixel 11 Pro Pixel 11 Pro XL Pixel 11 Pro Fold Display 6.3-inch LTPO AMOLED / 120Hz refresh rate / up to 3100 nits of brightness 6.3-inch Super Actua LTPO OLED, 120Hz refresh rate, up to 3600 nits of brightness 6.8-inch Super Actua LTPO OLED, 120Hz refresh rate, up to 3600 nits of brightness 8-inch inner screen and 6.4-inch outer display, 120Hz refresh rate, up to 3600 nits of brightness RAM & Processor Tensor G6 / 8-12GB of RAM Tensor G6 / 12-16GB of RAM Tensor G6 / 12-16GB of RAM Tensor G6 / 16GB of RAM Storage options 128GB or 256GB 256GB, 512GB, 1TB 256GB, 512GB, 1TB 256GB, 512GB, 1TB Camera 50MP main sensor, 13MP ultra-wide, 10.8MP 5x telephoto, 10.5MP front camera 50MP main camera, 48MP ultra-wide, 48MP telephoto with 5x optical zoom, 42MP selfie camera 50MP main camera, 48MP ultra-wide, 48MP telephoto with 5x optical zoom, 42MP selfie camera 50MP main camera, 10.5MP ultra-wide camera, 10.8MP telephoto camera, 10MP front camera, 10MP inner camera Battery 4,840 mAh 4,707 mAh 5,000 mAh 4,658 mAh Software Android 17 Android 17 Android 17 Android 17 The Pixel 11 series won’t be a major departure from its predecessor, with Google instead focusing on subtle improvements and AI additions such as Gemini Intelligence. However, a patent filed by Google suggests the company is working on a removable battery for its smartphones, and we could see this feature make its way to the Pixel 11 Pro Fold. Given that nearly all smartphones today lack removable batteries, such a feature would be a welcome addition to future Pixel devices. That said, it may not arrive with this year’s lineup after all, and the final decision is yet to be made by Google. The Pixel 11 series could also face an uphill battle in the market. In the Android segment, Samsung is performing well with the Galaxy S26 series, while the Galaxy Z Fold 8 lineup is also expected to launch next month. On the other hand, Apple is preparing to unveil the iPhone 18 Pro and iPhone 18 Pro Max in September alongside its first foldable iPhone.
    • AMD confirms 26.6.2 FSR driver breaks on many Windows PCs

      By +Eternal Tempest · Posted

      At least AMD is still taking Windows 10 seriously (after the oops) before it consumer extended support ends. @WaltC - Memories, 2x Voodoo in SLI with a Riva TNT with an Aureal A3D soundcard.

  • Recent Achievements

    • One Month Later
      timbobit earned a badge
      One Month Later
    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      476
    2. 2
      +Edouard
      172
    3. 3
      PsYcHoKiLLa
      105
    4. 4
      Michael Scrip
      88
    5. 5
      Steven P.
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!