phonebill

In researching the stunning pervasiveness of spying by the government (it’s much more wide spread than you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software…Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:

A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors)…

“The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren [an expert in computer security]. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA…

“According to Andrew Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards…”

We have repeatedly pointed out that widespread spying on Americans began prior to 9/11.

Barry Ritholtz picked this up from Washington’s Blog and as part of his journey as a recovering Republican he’s republished this at his own blog…There certainly aren’t any longtime geeks who are surprised to read details of Microsoft putting in backdoors for the NSA.



  1. B. Dog says:

    Knock me over with a feather.

  2. Liberace says:

    Do you need a better reason to switch to Linux? If memory serves, M$ also gave source code and backdoors to the Chinese government.

    • msbpodcast says:

      I did, back in the day.

      Unix and Linux have always been better development and run-time platforms. No oil companies run with anything but Unix at the drilling and back-office sites. No banks who give a shit about security run with anything else either.

      I’ve always used Macs at home, partly because they’re more secure, partly because I worked with PCs all day and partly because I couldn’t possibly be accused of software/hardware/data theft on my home systems since they were Macs.

      • deegee says:

        You do realize that the last few generations of Mac’s use “PC” hardware… and that almost all data files are transferable between platforms… don’t you? I guess not. /facepalm

      • mrsurfboard says:

        Many banks and Casinos run IBM’s iSeries (AS/400) Servers.

      • pedro says:

        “I’ve always used Macs at home, partly because they’re more secure…
        … I couldn’t possibly be accused of software/hardware/data theft on my home systems since they were Macs”

        By large, the joke of the day

  3. Yankinwaoz says:

    Never attribute to conspiracy that which can easily explained by incompetence.

    So.. that “Back Door” sounds like your run of the mill virus that exploits stupid mistakes in MS. The fact that spy agencies from all over the world are using viruses to spy and do mischief should be no surprise. Look at the Stux virus. That contains some amazing exploits that No one knew about.

    Honestly. I would not be at all surprised if the US gov’t has stolen Windows source code and has been using that to find holes for years.

    This all comes from incompetence on Microsoft’s part. They wrote crappy code. Then then let the source code get nicked by spooks.

    • msbpodcast says:

      If you’re a black hat, you ignore the source and go with the actual binaries.

      This way you’re not influenced and misled by the incomplete or just plain wrong documentation, you’re dealing with what the code itself is really doing.

      If it looks like I respect their attitude its because I do.

      I used to write interpreters, compilers and optimizing JIT inter-pilers.

      It takes some very special and valuable near-autistic/Asperger skillz to do this kind of run-time code analysis and execution profiling.

  4. Dallas says:

    The real back door trick are those found in Cisco routers.

  5. Admfubar says:

    NSA = The National Stasi Ageny

    the terrorist have won… and they are us

  6. jeanne says:

    So, Dallas, I’ll bite. Which back door Cisco tricks are you talking about?

    • msbpodcast says:

      Cisco routers handle huge amounts of internet traffic. They have a huge capacity to snap up, copy and then route packet traffic.

      They are the best place to put deep packet sniffers. If you were the NSA would you bother with penny ante websites or would you go for the really big iron.

      There’s a big “Welcome To Utah” fork in the road for all of your packets guys.

      • Dallas says:

        Good summary! Also, you won’t find Huawai Routers in government installations or Cisco Routers in Chinese government installation.

    • Phydeau says:

      You may not believe this, but…

      I had a friend who worked at Cisco. They shipped routers to someone in Argentina. The customer complained about a bug they saw in the router. Cisco said no way, that bug was in version N of the OS, we fixed it in version N+1 that we shipped to you. But as it turned out, the routers *did* have version N installed on them. So somewhere between the shipping dock at Cisco and when the routers arrived in Argentina, someone removed version N+1 and put version N back on. The guys at Cisco were pissed, until someone from the govt came to visit the boss. After he left, the boss came out of his office, pale as a ghost, and said, don’t worry about this, don’t talk about it any more.

      • pedro says:

        But I guess that only happened on Republican governments. We’re safe now.

  7. pedro says:

    Yawn!!!!!

  8. msbpodcast says:

    Widespread spying on US citizens started back in 1769 and has only had a few periods of relaxation since due to minor distractions, like wars…

    The US is paranoid about its own people and has been since the French showed the world what happens to the 1%ers and the oligarchs during a revolution.

    It will happen again…

    The ‘States will find its soil stained again with the bood of patriots, but mostly with the butchered corpses of the 1%ers.

    That’s what keeps the greedy bastards up at night going through your mail, your emails, your IMs looking for a sign that We The People have finally and fatally had enough.

  9. JimD says:

    Anyone surprised ???

    “Please do not block your SpyCam, Mr Winston – otherwise we have some RATS we’d like you to meet !!!”

  10. deegee says:

    What a load of bologna (baloney?).
    Talk about your conspiracy theory nutcases.

    Maybe they are watching you right now through your webcam!! /facepalm

    I have been professionally developing software for mainly the PC platform since the early 1980s, from low-level driver and service tools to desktop apps, and for the last 15 years I have also been doing corporate IT on the side, so I’m not a noob regarding the OS.

    There is no “back door” in place for government agencies to spy on you on your computer. And if there was just block it with a firewall.

    This so-called “NSA back door” is probably just a reference to the _NSAKEY variable name in the Windows crypto keys. A crypto key which can be replaced easily by any other crypto service. And which is not a back door of any type in the first place. Wikipedia it if you need to see for yourself (search _NSAKEY).

    The only “holes” are software bug exploits that malware takes advantage of, which those holes have nothing to do with the NSA, and if you get infected with malware it is usually because you should not have gone to that pr0n site and downloaded their stripping girl software.

    If the NSA were somehow secretly installing spyware then it would have hit mainstream news years ago, because it would have been caught by many users.
    If Windows were secretly sending information to the NSA then network admins would have caught the packet transfers through their routers years ago.

    • Mike P says:

      You had me going until you wrote, “it would have hit mainstream news years ago.” I don’t know about “conspiracy nutcases”, but I do understand people living in a vacuum by choice.

      • deegee says:

        Perhaps you didn’t understand my comment.

        If Microsoft’s _NSAKEY was actually some backdoor snooping system, the news of this would have reverberated through the entire tech industry, and you would find millions of tech people and programmers discussing it and millions of websites with patches to close the hole.

        The fact is, as I stated in another post here, if you are sending anything out onto a public network (ie the Internet) then 1. don’t expect privacy, and 2. there doesn’t need to be any secret back door in Windows for the government to be able to capture and store your public network data.

    • The Ipragmatist says:

      Mainstream news is owned and controlled by corporations and government agencies that want to make sure we don’t get these stories. You can’t really be that ignorant to have said that in truth can you?

      Secondly, wikipedia can’t be considered the bastion of truth either. Many of their claims of conspiracy theory etc. are completely made up of lies.

      I can’t attest to what you’re saying about the key not being real etc., but the fact that Verizon, AT&T et al selling a decade of what should have been private cell phone data to the government for millions of dollars ought to at least make us think twice about these kinds of stories. I don’t buy what you say, and I know a lot of people who agree….I don’t think that a simplistic explanation like you laid out here would have gotten the German government to have required that many of their government and military servers be replaced with Linus. They have some sharp people there, and again, I don’t buy that this isn’t a possibility.

  11. tooold says:

    Lol, just read 1984. I am not going to tell you why you are wrong to right or tell you what’s really going on. 1984 covers enough ground. Read animal farm after that.

    Evethying is disclosed to the public in one form or another. The question is will the people do anything about it? Do people even know how the “new wold” was created by what corperation? Go read the verginia charter if you can’t answer that question.

    PS evey comment I read from msbpodcsst makes me chukkle on how incorrect it is.

  12. MikeN says:

    In 1999, Bill Clinton was President, not a Republican, so why Eiditor chooses to bring that up?

    Plus what does putting something on a blog have to do with not being a Republican?

    • pedro says:

      “Plus what does putting something on a blog have to do with not being a Republican?”

      It has to do with a self preservation mechanism in the brains of liberuls to cope with the cognitive dissonance reality creates in them.

  13. jeanne says:

    Deegree: I am not saying that this is happening but there are lots of ways for covert packet sniffing to happen: If the sniffing was done with wire-speed switches with the uplinks in scan (monitoring) mode, then network admins would never notice any deviation from normal traffic patterns. What if router / switch manufacturers, under the request from a 3-letter government agency, put in a backdoor for remote SNMP management?

    Of course, the above might result in way too much data. Which is probably why they go through secret FISA courts.

    • deegee says:

      If the network traffic is going out to a public network, ie the Internet, then imho there is no real security or privacy. And anyone with enough knowledge, the proper equipment, and access to the network, can sniff packets sent through anyone’s public network. Whether they can decrypt any encrypted data is another matter, and varies by the system used.

      Spending the time and money on attempting to hide embedded snoop code in OS’s or routers isn’t even required. We all already know that our internet emails, tweets, surfing, cookies, etc., are already fair game for snooping and tracking, because they are disseminated out to a public network.

      I have no doubt that cell and phone and voip calls are also monitored in many cases, if even just by nosey employees listening in, because these calls are going out through another network that is not under our explicit control.

      But on a corporate LAN it would be pretty much impossible to implement any type of snooping on the internal network with hidden data forwarding out to the government. And if it was going on, any IT person who has half a brain would notice it. And for those networks that don’t have a live Internet connection, the government would get nothing, making the entire affair pointless to begin with. There are enough network security specialists out in the private sector that if this was going on someone would have squealed a long time ago with actual proof, otherwise it would have to be a massive coverup on a massively large scale. So stating that Microsoft has some hidden government enforced snoop code integrated into the OSes is nothing but crazy conspiracy theory talk.

      • jpfitz says:

        Cut all outside cables and build a Faraday cage.
        Throw away your cell phones.
        The only way to be secure.
        If your that worried about your data.

  14. MikeN says:

    Net neutrality means that all tech companies are equally servants of the government.

    • noname says:

      I am ok with that, as long as the government is a servant of the people (for the people by the people)!

  15. deowll says:

    http://www.infowars.com/dhs-wants-equipment-for-riot-control-situations/

    The more paranoid these guys get the less I trust them.

    • jpfitz says:

      111 of this and 123 of that are odd orders for riot control. Wouldn’t the numbers be in the thousands if there was any credence to the articles paranoia.

  16. Glenn E. says:

    And I’ll wager that the NSA has also been behind many of the early virus and worm attacks and Windows exploits. In order to force us to stop using pre-Win98 OSes, they had no control over. No surprise to me that Windows was compromised. I always wondered what favor Bill Gates had to do the govt. in order to get the DOJ off his back, for that anti-trust suit? I wondered if some suggested code alterations weren’t put into place. And Steve Gibson’s discovery of the WMF Metafile “back door”, was only one of them. For that, the govt. very likely killed Steve’s own VPN product. By insisting that it had back doors too, or be declared a “munition”. Just as PGP once was.

    Apparently you can trust PGP not to be compromised, because the Operating System it works thru, is already compromised. Time to switch to Linux, and hope that too hasn’t already been f*cked with. And if not, expect the govt. to unleash a barrage of viruses and worms against in, to change your minds. Or at least compromise the Linux OS, from the outside.

    When you think about it. This “bugging” of billions of Windows PCs, goes way beyond keeping tabs on just a handful of terrorists. Why bug EVERYONE, in order to catch 1/100ths of one percent of the world population, planning a destructive action. And they still manage to get away with most of these actions, anyway! So far they’ve only managed to stop the most amateur of them. And even not all of them, by last month’s Boston bombing. So it appears that there’s a lot more going on than just govt.s worrying about what terrorists are up to. Because bugging billions of home PCs, is hardly a practical way to do it.

    • deegee says:

      I heard rumblings years ago that perhaps it was MS themselves releasing virii since they wanted to kill off use of their earlier OS’s. Conspiracy theory to the maximum. :-)

      Regarding the WMF Backdoor, just another conspiracy theory. Google it or see Debunking the WMF backdoor at securityfocus-dot-com/columnists/382

      Why is this site and many of its commentors seem to be going more and more towards the loony side of life?
      Get a grip people.
      We have known for years that our governments are corrupt. We have known for years about wire-tapping, email reading, etc.
      But y’all seem to be looking for conspiracies under every rock these days. Sometimes an OS bug is just a bug.

      • pedro says:

        Because that’s the way people with low iq / not enough info can cope with what they’re being presented.

        By the logic of Glenn E, there was no case to make people get off post win98SE OS’ using new viri because they’re all exposed. I wouldn’t make any sense whatsoever to make viri for new OS.

        For this kind of logic, patches are the way of the companies to say “oops, we were caught, let’s close the exploit we left!”

  17. Glenn E. says:

    All this makes me want to dust off my old Commodore Amiga, and start using it again. I’m pretty sure they didn’t compromise its OS, like they did Windows. In fact that might be why the company failed. The govt may have gone to Commodore’s CEO and CFO, and told them to either comply, or take the company’s money and run. And they did the latter. And then Motorola dealt the final death blow to Amiga (and also, almost to Apple Macs). by refusing to keep up with Intel and AMD, in processor speed development. Makes you wonder what deal Motorola had with the NSA? As well as Intel and AMD? Is there some code in the BIOS, the NSA wants there?

  18. fred says:

    so that’s why windows runs so fecally
    spies, using their wares, to try and get in the back door…
    the hole thing smells really bad

    • pedro says:

      Because it was only MS who admitted they catered to the three letter overlords. Geez, are these people for real or they learn to be this naive in school?

      “From this same blog (and editor) “The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk…”

      And I’m sure IBM doesn’t open their doors to men in black, for those naive people who extol the virtues of Unix & Linux & any other non-MS OS