believer@telepath.com) Subject: ip: TechNews: NSA Builds Security Access Into Windows Cc: starla_pureheart@yahoo.com http://www.guncontrolvictories.com/enemies_ms.html Gun Control Victories ECHELON (NSA) in Windows Technology News NSA Builds Security Access Into Windows A careless mistake (what a crock my comment) by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system. Computer-security specialists have been aware for two years that unusual features are contained inside a standard Windows driver used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions including the Microsoft Cryptographic API (MS-CAPI). In particular, it authenticates modules signed by Microsoft, letting them run without user intervention. At last year's Crypto 98 conference, British cryptography specialist Nicko van Someren said he had disassembled the driver and found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with U.S. export regulations. But the reason for building in a second key, or who owned it, remained a mystery. Now, a North Carolina security company has come up with conclusive evidence the second key belongs to the NSA. Like van Someren, Andrew Fernandes, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY." The other was called "NSAKEY." Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to the "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge. But according to two witnesses attending the conference, even Microsoft's top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code. Within Microsoft, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers. No researchers have yet discovered a programming module which signs itself with the NSA key. Researchers are divided about whether it might be intended to let U.S. government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by the NSA's burgeoning corps of "information warriors." According to Fernandes of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward. "For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers. "How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a 'back door' for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said. Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday. Fernandes said he believed the NSA's built-in loophole could be turned round against the snoopers. The NSA key inside CAPI could be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorized third parties, unapproved by Microsoft or the NSA. This is exactly what the U.S. government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website. According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said. Related Stories: U.S. Uses Key Escrow To Steal Secrets Report: U.S. Uses Key Escrow To Steal Secrets Posted (09/03/99, 2:05 p.m. ET) By Duncan Campbell, TechWeb WANT TO KNOW MORE? http://www.guncontrolvictories.com/enemies_ms.html THEN SCROLL DOWN.... http://www.guncontrolvictories.com/00_contents.html - =============== http://news.bbc.co.uk/hi/english/sci/tech/newsid_437000/437967.stm BBC News | Sci/Tech | Windows 'back door' security alert Friday, September 3, 1999 Published at 22:18 GMT 23:18 UK Sci/Tech Windows 'back door' security alert By Internet Correspondent Chris Nuttall Cryptographers mark up code for a new key found in Windows [ Picture ] Cryptographers are sounding the alarm on a major security issue involving Microsoft Windows that could eclipse its Hotmail public relations disaster. The BBC's Kathy Riddell: "This has set alarms bells ringing" The findings of a computer security expert that America's National Security Agency (NSA) may have been given a back door into every copy of Windows 95, 98, NT4 and 2000 worldwide are being debated across the Internet. Microsoft has issued a strong denial of allegations of misuse of a second encryption "key" in Windows. "These are just used to ensure that we're compliant with US export regulations," said Scott Culp, Microsoft's security manager for its Windows NT Server software. "We have not shared the private keys. We do not share our keys." But cryptographers in the UK described the implications of the findings as "immense". Windows is installed on more than 90% of the world's computers. Second key for Windows Andrew Fernandes, Chief Scientist at the Ontario-based Cryptonym Corporation, is credited with discovering the identity of a second key used by Windows for encryption purposes. The BBC's Chris Nuttall: "Windows is used on 90% of the world's computers" Caspar Bowden, director of London-based Internet think-tank FIPR, said: "The allegation is that every copy of Windows contains an extra 'magic number' which would permit it to work with encryption modules designed by the US National Security Agency, as well as those approved by Microsoft." The approval mechanism was introduced to ensure that the weak encryption in non-US versions of Windows could not be replaced with stronger software without it being checked against a "key" embedded in Windows, proving that it had been digitally signed off by Microsoft. Two years ago, cryptographers found an alternative, and apparently superfluous, second embedded key. The new details came to light through debugging information erroneously left in the latest service pack for Windows NT. Significantly, the key has the data tag "_NSAKEY" giving rise to speculation that the NSA persuaded Microsoft to give it special access to Windows in a secret deal. Microsoft says it called its function an "NSA key" because the body reviews technical details for the export of data-scrambling software. MS talked with NSA It is known that Microsoft negotiated with the NSA on including encryption in its product. The export of strong encryption is banned by the Clinton administration, which fears terrorists and other criminals could turn it against the US. There are two theories on why this unnecessary second key is included in Windows: * Conspiracy theorists say the key can be used to infiltrate targeted computers. It gives the NSA a direct way of doing this without having to use Microsoft's own key. * A more charitable theory is that Microsoft allowed the NSA a special key to secure the thousands of government computers running Windows. "The innocent explanation is that the US wished to create bespoke encryption modules for official use on government systems without reference to Microsoft," said Mr Bowden. "Ironically, introducing the second key has created a major security loophole in a mechanism which was designed to enforce US export controls on strong cryptography." Microsoft suffered serious embarrassment on Monday when hackers exposed a simple way of breaking into the mailboxes of more than 40 million users of its Hotmail e-mail service. --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'