NSA LIKELY READING WINDOWS SOFTWARE IN YOUR COMPUTER

NSA LIKELY READING WINDOWS SOFTWARE IN YOUR COMPUTER
Submitted by davidswanson on Tue, 2007-10-16 18:17. Spying

By Sherwood Ross

Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.

President Bush’s grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.

And if you’re upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.

European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special “keys” in Windows software starting with versions from 95-OSR2 onwards.

And the intelligence arm of the French Defense Ministry also asserted NSA helped to install secret programs in Microsoft software. According to France's Strategic Affairs Delegation report, “it would seem that the creation of Microsoft was largely supported, not least financially, by NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.” That report was published in 1999.

The French reported a “strong suspicion of a lack of security fed by insistent rumours about the existence of spy programmes on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” It noted the Pentagon was Microsoft’s biggest global client.
In the U.S., Andrew Fernandez, chief computer scientist with Cryptonym, of Morrisville, N.C., found Microsoft developers had failed to remove debugging symbols used to test his software before they released it.

more...

http://www.afterdowningstreet.org/?q=node/27750

if they're reduced to reading something as boring as MY Windows software. }(

Use Linux.

always made me wonder.

My machine with Vista doesn't aske that anymore but it's security software is insane. The software seems to think it's catching itself hacking into itself.

I read a Vista article by an IT security professional a while back, and he said in that article that Vista is the only OS he's ever seen that apparently breaches its own security.

If I ever do end up with Vista- and I almost certainly will, gamer that I am- it's going on a separate partition, and its network hardware will be disabled for everything but online gaming.

In anything, especially security, I would like to know how these special keys make it “orders of magnitude easier for the US government to access your computer.”

There are respected security experts that find security flaws in Microsoft systems all the time. I think that the chances are remote that this wouldn't have been discovered and documented.

And it doesn't/woulldn't surprise me one bit.

Separately, if there are flaws they are just extra little side gifts to their 'arrangement' with the right wing. Still, while acknowledging mistakes - how can Microsoft continue to test so poorly? And if their holes so serious, why do they update them only once a month?

chances are the malware authors would.

No doubt the NSA could crack a box if they had physical access to it, but online can make it more difficult if the user is knowledgeable and overly paranoid about security.

Aren't all programs required to allow back-dooring for police?

It is not my intent to challenge, merely to find confirmation. I believe I've read allusions to what L. Coyote wrote.

It also seems that knowing of all NSA activities is kind of like trying to find a time traveler like those characters playing major parts in the sci-fi flick Millennium. The Internet was built by NSA types, Darpanet was its name IIRC.

If you want to keep your computer private, never connect to anything and never turn on the wireless, and good luck!

Unless GNU/Linux is illegal. I can verify first-hand there is no backdoor.

I read an article awhile ago where the NSA was telling firewall companies that they needed to leave a hole open for their trojan "magic lantern" to enter the system. The firewall companies were aghast. "We can't sell our product to the world community with holes in it! They'd never buy it!"

When CALEA was passed in 1994, there was an explicit exemption for "information systems", but after BushCo took office, they extended the built-in bugging requirement to all telecom common carriers, "including facilities-based broadband Internet access providers" -- which means, anyone who operates a publicly accessible wi-fi system. I can see how that mandate might also be interpreted to include operating systems for networked computers. After all, the law requires "manufacturers of teclecommunications equipment (to) modify and design their rquipment, facilities, and services to ensure that they have the necessary surveillance capabilities."

See, http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=389&topic_id=2057343&mesg_id=2057343



However, if Windows had back-doors, beyond the ones we all know about at this point, I tend to agree that others would have found them by now. Of course, that certainly wouldn't stop NSA or any number of other agencies, foreign and domestic, from trying to slip them in.

If your computer has an on-line interface, you'd better believe the NSA can hack through any commercially available firewall, and grab your files and implant new ones. I'm sure they have spoofs that can trick software designed to detect that. The NSA doesn't even need to use the built-in MS OS backdoors to do it.

n/t

Up to Vista at least every packet of information that leaves and arrives on a Windows PC has been cataloged and analyzed. There is no evidence of an NSA back door. China demanded (and received) the Windows source code to check for this very thing. There was nothing. Its bunk.

"Up to Vista at least every packet of information that leaves and arrives on a Windows PC has been cataloged and analyzed."

You're assuming the versions tested were compiled against the same source code on the shelf.

"There is no evidence of an NSA back door."

Until Microsoft provides the sources for their retail builds to the public for examination, I'll not accept that a backdoor doesn't or can't exist.

"China demanded (and received) the Windows source code to check for this very thing. There was nothing."

Again, we have exactly no assurance that the sources China received hadn't been tampered with prior to being given to them.

Personally, Micro$oft has done so many things that violate US (and European) antitrust laws that I wouldn't feel one least littlest bit bad about our government exercising eminent domain over the Windows property. Too many of our government operations rely upon Windows for this OS to be anything but owned by the public.

this way you know that the source you have is compatible the compiled version. If the china story is true, I would like to see a source, then this proves there are no back doors in MS software from the NSA.

"The Chinese government has set up a lab to study Microsoft Windows source code. The Source Code Browsing Lab--set up in Beijing last week--is part of an existing government-run software site, the China Testing and Certification Center for Information Security Products, according a report in the People's Daily newspaper. ... previous reports have said that the search for backdoors installed by national intelligence agencies is also among the aims of the agreement ...

In February <2003>, the government-run China Information Technology Security Certification Center (CNITSEC) signed an agreement with Microsoft to participate in Microsoft's Government Security Program (GSP).

Under the GSP plan, Microsoft will share the source code underlying its Windows operating system with several international governments, a move designed to address concerns about the security of the operating system.

Microsoft has announced GSP agreements with Russia, NATO and the United Kingdom. The Redmond, Wash.-based software maker is in discussions with more than 30 countries, territories and organizations regarding their interest in the program."

http://www.infowar-monitor.net/modules.php?op=modload&name=News&file=article&sid=614

there you have it folks, no back doors. You can take the tin foil hats off now.

It's called payback. BushCo and NSA did a lot of special favors for the telcos. Now it is time to reciprocate.

:eyes:

even though Michael Hayden didn't know the 4th amendment requires probable cause before search or arrest, and got pissed at the reporter who tried to correct him about that!

corrupted the NSA, and so did Reagan. Don't know about Ford.

we're just realizing it at last.

I'll wait until I see any independently-corroborated evidence before I believe that particular backdoor exists. Given the speed at which new exploits are discovered, disseminated, and patched, it shouldn't be too hard, especially if this "investigative reporter" has knowledge of it.

that they discover on their own for months before they bother patching these holes in security. Most security vulnerabilities discovered outside of Microsoft are discovered by security experts who purposely try to "crack" the OS and open it up using buffer overflows, etc. Generally speaking, if there is a PURPOSEFUL backdoor for specific purposes, it wouldn't be expressed as a vulnerability, but as a specific access point or module for specific organizations to utilize without the user's knowledge. Without outside access and auditing of the source code of the operating system in question, it would be almost impossible to determine whether such a "backdoor" exists, unless discovered by accident.

Why do people that not understand much about this post like they are experts.

Anybody can track every packet sent in and out of their computer using 3rd party software and/or hardware. Do you think foreign governments that use windows don't already do this? If such a backdoor existed it would have been found already and Microsoft would have been out of business.

that should be kept private, like CC#'s etc. that are on unencrypted connections. Assuming Microsoft DID build a back door into Windows, I would assume it would only be accessed using an encrypted connection, in a case like that, the only information a packet sniffer could possibly detect would be the IP address of the computer attempting the connection, and that could be masked easily enough if you know what you are doing. Note, I'm not saying that Microsoft actually BUILT a back door, just saying that they could, if they wanted to. To be honest, I don't think they would, the big reason is, no matter how good the encryption, there is a remote possibility that a not so friendly government can crack that encryption, and Windows is used on government computers. Any back door would be a double edged sword, simply because of the fact that Microsoft OSes are so prolific worldwide.

Then again, Windows is generally insecure to begin with, so I strongly doubt that Microsoft wants to actually have its bad reputation in regards to security be made even worse by building in a back door.

even if they are encrypted. This would set off a huge alarm to anyone looking at this and someone out there would be dedicated enough to crack that encryption.

The internet is a community of millions of educated people that know what they are doing, if something like this was happening it would have been found a long time ago.

As you said, MS doesn't need to program any backdoors. Any software on that scale will always have back doors open, its a matter of how quickly you can patch them, and microsoft has been very good at patching them quickly. If you don't agree please show me some examples.

http://www.securityfocus.com/news/11313

Here's another:

http://www.eweek.com/article2/0,1895,2007643,00.asp

And yet another:

http://www.microsoft-watch.com/content/security/ani_patch_the_day_after.html

"Quickly" is such an inexact term, to me, patching a vulnerability within a week would be considered quick, but after 4 to 6 months? That isn't quick at all. There are numerous other examples, Google is your friend.

There are a lot of ways to hide information in ways that are nearly impossible to detect, no matter what tools you have or how smart you think you are. I won't link to the black-hat sites, but is a sample of things already in the wild (not necessarily NSA or MS):


Traceroute Based IP Channel for Sending Hidden Short Messages

http://www.springerlink.com/content/j3321g1480t17q25/


(Note that similar methods work for other message types.)



Microsoft is the cause of many security problems, but it is not the only one. Lately, Adobe has been one of the worst offenders. If you allow Flash/SWF or PDF on your systems, you can be "owned" instantly. Not just on MS Windows, but also possible on Mac and Linux. A little ActionScript within a SWF "movie"/"image", maybe a persistent transparent image overlaying your browser window and catching keystrokes and mouse clicks, then direct socket i/o to hide info in packet headers, ... Or maybe just download kiddie porn into your browser cache while making it appear that you did it manually. Or poison your browser cache with a fake for your banking site. Or turn on the mike or camera and see what you are really doing tonight, even if you knew to disable them in the Adobe security settings.

BTW that new disk drive you installed was pre-infected and just "virtualized" you machine before it even booted. It is storing data on you in part of the "extra" space on the drive typically used for bad block replacement.

Look around a bit before you become to smug.

I am posting from a Linux system using the w3m browser and I assume that someone/something might still get by.

You are still sending a packet. Are you telling me that with a windows userbase probably close to a billion, including foreign governments, none of that userbase is smart enough to detect this? If such an exploit existed it would have been detected by now, which is why you can make a logical conclusion that no such thing exists.

I often see your posts challenging various wild claims, some conspiracy and some not, and taking on posters like wyldwolf who often refuse to respond to well-researched responses.

The example I linked is just that; an example showing a method that could be used. Take note of the affiliations of the authors. I will not link to most of the sights discussing these kinds of things, whether black hat or white hat. And yes, various message packet types have been used to hide data. Google a bit on such things or visit some of the security web sites with searchable databases.

Enough stuff like this has been detected for one to know that a lot more is not being detected. Look at a couple of the admitted hacks of our gov: Naval War College (they are replacing all the hardware, because they understand that once compromised, it can never be re-secured) and related problems elsewhere in DoD; and the State Department (at the time of the missile tests by North Korea).

No one should have any false sense of security. I use NetBSD, Linux, and OpenVMS for much of my work, I believe them to be much more secure that most operating systems, but I have no illusions that I am secure. Same can be said for Open Source software.

I have over forty years of experience with networking software and protocols and with security, beginning with the systems that eventually evolved into Internet as we know it. Dismiss my warnings at your own risk.

I totally agree with you that any computer your are on can be unsecure. With 40 years of experiance you have way more knowledge in this area than I do. I am simply asking you a simple question related to this discussion, nothing else. Do you honestly believe that if Microsoft added this type of back door for the NSA it wouldn't have been detected already? Even if it hasn't been detected yet you would agree with me that there is a good chance it will be detected in the near future (if it exists). If this is true why would microsoft take such a huge business risk to keep the NSA happy? If this was discovered they would lose all their foreign government contracts and probably be out of business overnight.

And you are absolutely right, I post in these types of conspiracy threads all the time because of how ludacris they are. I have no doubt the government is collecting illegal information on us all the time. But a lot of what is posted around here in this regard is border line schizophrenia.

they said they'd decompiled windows XP to the core elements, and that 2 files were not removable- Those two files apparently had some sort of NSA sig on them.

To bad I suck at that sort of thing- I might know more.

:sarcasm:

this is a load of crap. Not trying to attack you or anyone else here personally but we need to be more careful about this type of bullshit popping up.

as I said, it was a long time ago. Feel free to find the original.

As to them signing their name, they don't have any problem doing it with AT&T and other companies, so why would they care if we knew this part too? Unless you opt not to have it as a system, there isn't much you can do.

we are not talking about telecommunication companies that operate strictly in the US. MS is global and their entire backbone depends on government contracts. This is the large reason as to why they release their source code to large governments such as China as a poster above pointed out.

How do you know the Chinese haven't developed there own OS for their most classified systems? At the very least, the most secret data is maintained off line, and files are converted and sent through encripted private networks. Just like us.

Everything else can just run on MS-based OS, potential for exploits, and all.

Anyone can check the packets entering and leaving your computer using various hardware and/or software. If such a thing existed this would have been caught a long time ago.

Google was the only one who failed to produce the email addy's only to have Gonzo drop the case against them 90 days later.

I suspect that in Florida, they are watching everyone!

http://www.nsa.gov/selinux/papers/ols2003-selinux/text0.html


http://www.google.com/search?hl=en&q=nsa+linux&btnG=Google+Search



:P

Too big to sink. And, all those watertight doors . . . impossible.

anyone they damned please

Believe it or not the only thing saving us right now is that the NSA and related intelligence gathering agenies are 'acquiring a million times more information than can be searched, translated, and followed up.'

The big technology push right now is 'data mining' -- which is the storing, organizing, filtering, and decoding of billions of bits of information.

The danger is that once information is 'acquired' for one 'legitimate' purpose, it can be accessed and used from hundreds of 'illegitimate' purposes.

:rofl:

I've been photographed on the street corner with a zoom lens shoved in my face by 'students' from the spy school there. I can't imagine that they haven't already been in my home and rifled through my stuff. I don't like it, but I really don't care.

I've been pretty active for five years or so, so I guess they lost interest or just don't care what I do, because I've never been confronted. I just assume though, that they check in on me. Funny, because I put ALL of my major thoughts and writings online, anyway.

The only thing that pisses me off is thinking that they could be watching me when they should be doing their real job catching criminals and 'terrorists.' What a waste of time.

um... I mean... :blush:

Like there was a NSA backdoor on an OS all of 1 floppy disk big that was never discovered, and IBM was forced to use it?

Re-write history drunk much Duncan Campbell?