From owner-imap@chumbly.math.missouri.edu Fri Nov 22 13:30:17 2002
Date: Wed, 20 Nov 2002 14:41:21 -0600 (CST)
From: David Bean <beand@earthlink.net>
Subject: Careless mistake reveals subversion of Windows by NSA
Article: 147266
To: undisclosed-recipients:;
(http://www.heise.de/tp/english/inhalt/te/5263/1.html)
A careless mistake by Microsoft programmers has revealed that special
access codes prepared by the US National Security Agency have been
secretly built into Windows. The NSA access system is built into every
version of the Windows operating system now in use, except early
releases of Windows 95 (and its predecessors). The discovery comes
close on the heels of the revelations earlier this year that another
US software giant, Lotus, had built an NSA help information
trapdoor into its Notes system, and that security functions on other
software systems had been deliberately crippled.
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.
Computer security specialists have been aware for two years that
unusual features are contained inside a standard Windows software
driver
used for security and encryption functions. The driver,
called ADVAPI.DLL, enables and controls a range of security
functions. If you use Windows, you will find it in the
C:\Windows\system directory of your computer.
ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run crypographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.
Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.
Two weeks ago, a US security company came up with conclusive evidence
that the second key belongs to NSA. Like Dr van Someren, Andrew
Fernandez, chief scientist with Cryptonym of Morrisville, North
Carolina, had been probing the presence and significance of the two
keys. Then he checked the latest Service Pack release for Windows NT4,
Service Pack 5. He found that Microsoft's developers had failed to
remove or strip
the debugging symbols used to test this
software before they released it. Inside the code were the labels for
the two keys. One was called KEY
. The other was called
NSAKEY
.
Fernandes reported his re-discovery of the two CAPI keys, and their
secret meaning, to Advances in Cryptology, Crypto'99
conference held in Santa Barbara. According to those present at the
conference, Windows developers attending the conference did not deny
that the NSA
key was built into their software. But they
refused to talk about what the key did, or why it had been put there
without users' knowledge.
But according to two witnesses attending the conference, even
Microsoft's top crypto programmers were astonished to learn that
the version of ADVAPI.DLL shipping with Windows 2000 contains not two,
but three keys. Brian LaMachia, head of CAPI development at Microsoft
was stunned
to learn of these discoveries, by outsiders. The
latest discovery by Dr van Someren is based on advanced search methods
which test and report on the entropy
of programming code.
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.
Researchers are divided about whether the NSA key could be intended to
let US government users of Windows run classified cryptosystems on
their machines or whether it is intended to open up anyone's and
everyone's Windows computer to intelligence gathering techniques
deployed by NSA's burgeoning corps of information warriors
.
According to Fernandez of Cryptonym, the result of having the secret
key inside your Windows operating system is that it is tremendously
easier for the NSA to load unauthorized security services on all
copies of Microsoft Windows, and once these security services are
loaded, they can effectively compromise your entire operating
system
. The NSA key is contained inside all versions of Windows
from Windows 95 OSR2 onwards.
For non-American IT managers relying on Windows NT to operate
highly secure data centres, this find is worrying
, he added.
The US government is currently making it as difficult as possible
for
.
strong
crypto to be used outside of the US. That they have
also installed a cryptographic back-door in the world's most
abundant operating system should send a strong message to foreign IT
managers
How is an IT manager to feel when they learn that in every copy of
Windows sold, Microsoft has a 'back door' for NSA—making
it orders of magnitude easier for the US government to access your
computer?
he asked.
Dr van Someren feels that the primary purpose of the NSA key inside
Windows may be for legitimate US government use. But he says that
there cannot be a legitimate explanation for the third key in Windows
2000 CAPI. It looks more fishy
, he said.
Fernandez believes that NSA's built-in loophole can be turned
round against the snoopers. The NSA key inside CAPI can be replaced by
your own key, and used to sign cryptographic security modules from
overseas or unauthorised third parties, unapproved by Microsoft or the
NSA. This is exactly what the US government has been trying to
prevent. A demonstration how to do it
program that replaces
the NSA key can be found on Cryptonym's website.
According to one leading US cryptographer, the IT world should be
thankful that the subversion of Windows by NSA has come to light
before the arrival of CPUs that handles encrypted instruction
sets. These would make the type of discoveries made this month
impossible. Had the next-generation CPU's with encrypted
instruction sets already been deployed, we would have never found out
about NSAKEY.