In the scenario where NSA gave Microsoft a public key to include in the product Microsoft doesn't have the private key. That's the point-- NSA would want their own root-of-trust in the product.
I think that's the point the comment you are replying to made: if it was legitimately a microsoft key that just serves a different purpose, it would be trivial for microsoft to prove it by just signing a message or anything with the corresponding private key.
The fact that they haven't reinforces the argument that they don't own the private key (likely, the NSA does as the conspiracy goes)
Well I don't know if that would necessarily prove anything, since in this scenario, microsoft and the nsa are working closely enough together to modify one of their drivers. In that case, couldn't the point of contact at microsoft simply send the message to the nsa to have it signed, and then show it as proof that the key is owned by microsoft?
> it would be trivial for microsoft to prove it by just signing a message or anything with the corresponding private key.
It would also be trivial for Microsoft to call up the NSA and say "they're ON TO US and it looks bad to our customers, can you please sign this message?" That is, the test you suggest proves nothing-- you can't prove that only you hold a private key.
Pardon my pedantry but I think you meant conspiracy theory.
Conspiracies happen all the time, and by itself the word doesn't imply anything far-fetched or unproven, just plotting to do harm.
AFAIK, NSAKEY was a mechanism where the NSA could install their own cipher suites on their Windows machines, without needing to know or trust Microsoft's signing key (and vice-versa.)
DoD and IC use Suite A algorithms, which are classified. So they needed NSAKEY, or a private build of Windows that would let them do what they wanted. I think all they could do maliciously with this key is install backdoored crypto suites on victims' computers, which would require Administrator access anyway.
Disclaimer: work at MS, this is well before my time, I have no inside knowledge.
That's a seperate key, which doesn't seem to have an interesting name, not _NSAKEY:
> In addition, Dr. Nicko van Someren found a third key in Windows 2000, which he doubted had a legitimate purpose, and declared that "It looks more fishy".
"Van Someren has published numerous papers in the field of computer security. In 1998 he co-authored a paper[13] with Adi Shamir introducing the concept of key finding attacks. A statistical key finding attack was used by van Someren to locate the signature verification keys used by Microsoft to validate the signatures on MS-CAPI plug-ins. One of these key was later discovered to be referred to as the NSAKEY by Microsoft, sparking some controversy.[14]"
"The Microsoft Windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data."
===End Excerpt===
Observation: MS-CAPI -- would seem to be, prima facie, similar to Linux's OpenSSL...
I'm not entirely sure what your point is here, but the fact of the matter remains that the key that is being referred to in ryanlol's quote is not _NSAKEY.
> Microsoft said that the key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. cryptography export controls, and the key ensures compliance with U.S. export laws.
People have speculated elsewhere in the thread about why they need a second key to be compliant, but as far as I'm aware we don't actually know.
I wonder if this just suggests that there’s nothing interesting to know.
“the _NSAKEY backdoor” would still make an excellent blackhat/defcon talk today if someone could actually demonstrate its existence and explain practical exploitation.
On the other hand “I looked and couldn’t find anything” isn’t really a very meaningful or interesting statement.
How do you mean? The presence of a public key doesn't tell us what has been encrypted with it or if the private key has been shared with anyone. How will a debugger tell us any of that?
Is it not by creating whatever software you want and signing it as Microsoft software.
You could essentially replace core windows components and the OS would run them without warning.
No, I don't have enough insight into how WU verification/certificates work to make such a strong claim in confidence actually.
Would be curious to learn why this wouldn't be so, though.
Given Microsoft's close relationship in NSA programs in the past (PRISM, Snowden leaks, others), it's not far-fetched to assume they have a key for a root CA or whatever else is needed for such an attack.
Microsoft has no relationship with the NSA in PRISM according to the Snowden leaks. The slides show they handle wiretaps for specific people under court order for the FBI, which we already knew.
But if it's really the key to a backdoor, it has to be used somewhere in the code. E.g., some part of Windows had to check something signed with the key or encrypt something with it.
Windows used _NSAKEY (and another key) to check that Cryptographic Service Providers are signed. Otherwise it wouldn't allow them to be used. This was explained in the article.
Although, this still fails to explain the mechanism via which such Cryptographic Service Provider would land on your computer (assuming this is still supposed to be a backdoor).
If you mean the relationship between NSA and the vulnerability, then no, there actually is: it was NSA who discovered the vulnerability and it has not been used in the wild (according to NSA themselves; source: https://twitter.com/briankrebs/status/1217082363391377408)
If it looks and sounds like a duck then its probably a duck.
I can't see MS admitting to giving out a backdoor key. In any case it's irrelevant as you should always assume everything you don't have source to is compromised.
Normally, I'd agree with you, but this seems a bit too on-the-nose for me. When people have to talk about a shady or immoral activity or put mentions of it in writing, they usually get very creative in finding an inconspicuous name for it.
As such, if this were really a backdoor, I'd expect it's identifiers to look maximally boring and no direct reference to the NSA given anywhere.
Conspiracy theories tend to hinge on the idea that the conspirators are simultaneously 5-dimensional chess playing lizard people from the future and, at the end of the day, dumb as a rock.
Coincidence theories tend to hinge on the idea that everyone is incompetent and that nobody could ever collude together in secret for any sort of malicious or self interested purpose.
They hinge on the idea that the greater the value of T or N, the less likely a conspiracy will remain a secret, where T is time and N is the number of conspirators. N is usually the dominate factor.
Well, I would think so as well, but we have at least some anecdata (N=1) in the other direction [0]:
> In doing this I discovered that the NSA public key had an organizational name of "MiniTruth", and a common name of "Big Brother". Specifically what I saw in my debugger late one night, which was spooky for a short moment was:
That was specifically a key escrow-style system, so you're right there. Lotus Notes wanted to provide strong encryption abroad, in the bad old days of ITAR. they used a hybrid of an exportable-sized key (~50 bit encryption) and a stronger, backdoored key (MiniTruth.)
They were very public about it, though. It sucked they had to water down their encryption, but that was the reality until PGP challenged ITAR head-on.
I'd wager that there's a high probability that an arbitrary engineer tasked with implementing things like this either doesn't care or is antagonistic, thereby calling the duck a duck.
Also, the name was never supposed to be known - it was due to early releases mistakenly having debug symbols included.
Also, there are at least several other instances that make Microsoft highly suspicious in regards to this stuff, starting with:
- how they bought Skype not long after the NSA was promising billions of dollars (in government contracts most likely) to the company that would bypass Skype's encryption somehow
- changing Skype's architecture to be intercept-able
- Skype entering the PRISM program the moment Microsoft bought it
- some other suspicious "bugs" and design choices in regards to how Bitlocker works, including storing the encryption keys on its servers or defaulting to break-able OEM encryption. Plus the fact that you never do hear about law enforcement being thwarted by laptop encryption
- silently adding root certificates in Windows with no official documentation, some for some oppressive regimes, other for the U.S. government
- Not to mention that the first thought that came to my mind after hearing about all the hidden tracking stuff built into Windows 10 was that Windows 10 must have been designed based on a FBI/NSA wishlist.
If you've ever done anything "wrong" on your Windows 10 machine, the U.S. government will know about it, because Microsoft will know about it. At least Microsoft revealed to us that half of the government's orders to the company were secret and came with gag orders -- too bad they never really fought the government on it and ended-up supporting it with the Cloud Act.
There are probably others I missed myself or forgot about. Nadella must think of us all as idiots if he thinks we'll buy the idea that a specially-made encryption key for various governments doesn't equal a backdoor.
The NSA has built absolutely fuck off massive datacenters in multiple places in the United States. The parent is suggesting the telemetry from Windows 10 is mostly getting passed off to the NSA
I actually didn't say that Microsoft is directly passing all the data to NSA, just that the NSA (and FBI, and DEA, and IRS, etc) can request that data on anyone at anytime, and it's half of the time a secret request with a gag order.
But now that you mention it, there is a non-zero chance that Microsoft could pass some of the data directly to the US government, too, but maybe just for some services, like Skype.
Also "all that telemetry data" is probably counted in tens or hundreds of TBs a year, which is nothing for a company like MS or an agency like the NSA. Telemetry doesn't take that much space, just a few strings for each event.
Are you completely unaware of the fact that Microsoft does collect telemetry on every app you open, every file you have on your PC, every search you do (locally), and other stuff like that? Because that's exactly what they're doing -- Bing it, if you will. Do you think they're tracking all that data without actually storing it and analyzing it?
> everything you don't have source to is compromised.
Everything for which you haven't read, fully understood, and compiled from the source can be compromised. Just because there's source for something somewhere doesn't mean the binary you downloaded is secure.
> Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.
That reminds me of an answer on Quora where a compiler was infected and would insert white supremacy messages into the compiled program. And if you tried to recompile the compiler, it would inject its code into the new compiler[0].
Even if this _NSAKEY thing is not to do with an actual NSA backdoor(s) into Windows, does anyone here really believe the NSA hasn't leveraged their position to suggest Microsoft (and others) give them ways to access things (or else)? If not it suggests that through software defects they have complete access anyway?
This is sort of circular, or tautological: “I believe in it because it’s so believable “
FWIW, I am rather skeptic. And I even have reasons: if the NSA has the power to coerce, Apple wouldn’t repeatedly gotten into fights with the US government to unlock iPhones.
Cooperating with the NSA is also clearly not in the companies’ interests. If (when) it comes out, they’d be at risk to lose a lot of business in other countries.
In any case, my usual argument about cynicism applies: spreading such theories becomes self-fulfilling, because why should MS work for the NSA/every politician take bribes/every cook spit in your food, if that’s what the people believe anyway, no matter what you actually do?
Microsoft is listed as a provider in the NSA's Prism program in Powerpoint slides released in the Snowden leak. In fact, the timeline indicates that they were the first on board.
I'm making an educated guess rather than saying it's 100% true. As others have stated from the PRISM leaks and so on it's not like these companies are not already complicit in supplying data.
>if the NSA has the power to coerce, Apple wouldn’t repeatedly gotten into fights with the US government to unlock iPhones.
The fights that we know about can be nothing more than a marketing stunt. They were what Apple wanted public to know; when leaks happen that Apple doesn't want public to know, Apple's "commitment to privacy" rather pales. Apple was listed as a PRISM data provider, they were accused in using their employee's message data against them. Now they also admit to looking into iCloud photos.
In the case of the FBI claiming they needed Apple's help to retrieve encrypted data from an iPhone, it's reasonable to suspect that it was simply a ploy to pressure Apple into making concessions in the face of public pressure. A third party firm was quick to assist the FBI, but I doubt the technique used to bypass Apple's security on the iPhone was entirely novel. I would guess the firm was surprised the government didn't have enough resources to overcome the obstacle themselves long before anyone else. The San Bernardino shooting was a low stakes case of terrorism that may have been classified as a normal workplace shooting, and the FBI didn't have to make haste nor use all of the tools at their disposal. At the same time, the FBI's request to Apple can be considered legitimate after some hand waving because most of the FBI was probably told that it was technically impossible to crack into an iPhone because the necessary tool is classified and kept in reserve.
Also, I don't think any number of people believing to any extent that a corporation may have been compromised removes an important incentive for that corporation to maintain its integrity. For a security-conscious company, reputation and trust don't go that far so it would be safer to assume that Apple can be or has been compromised maybe even without their knowledge. That company would have to look after its own security and use custom protocols / devices. If it was forced to trust Apple, it would have to find an ingenious way to ensure that was not at all in the interest of Apple to betray them.
"Microsoft said that the key's symbol was '_NSAKEY' because the NSA is the technical review authority for U.S. crypography export controls, and the key ensures compliance with U.S. export laws"
Plus there is so much problems, corruption, conflicts of interest in plain sight with little to no accountability that is laughable someone is going the extra mile to hide their steps.
Using an intentionally built in Windows backdoor, it did, yes. Instead they relied on good ol' completely unencrypted traffic flowing across wires they had hooks in.
It did though, didn't it? Intelligence organisations worldwide execute their operations in total secrecy and have hidden agreements with international counterparts to share information on each others' citizens in a way that bypasses the laws and constitutions of their host nations. Secret plans that circumvent the law is pretty much the definition of conspiracy.
Just because they didn't need to 'circumvent the law' doesn't mean what they did was any less than subversive. Thanks to secret courts the law is whatever they want it to be.
They weren't breaking your crypto to snoop on you though. Turns out the public information about you is enough to generate a pretty reliable profile of a person.
PRISM utilized entirely public info? Information regarding every phone call you've ever made, including time, recipient, length, and location are public?
One thing to remember is the fear that surrounded the export of cryptographic technology from the US and ITAR and all the rest of it at the time. And then there was the whole key escrow fiasco with Lotus Notes.
So just be careful viewing the incident from 2020 with the purported benefit of decades of hindsight.
Disclaimer: I’m the guy who first found it and announced it at the rump session of the Crypto conference in Santa Barbara that year...
117 comments
[ 3.3 ms ] story [ 155 ms ] threadThat means either the conspiracy theorists were right, but the NSA only used it for hyper targeted attacks, or Microsofts explanation was correct.
I doubt anyone will ever know.
Hm, wouldn't Microsoft make a proof by singing something publically with a private key?
The fact that they haven't reinforces the argument that they don't own the private key (likely, the NSA does as the conspiracy goes)
It would also be trivial for Microsoft to call up the NSA and say "they're ON TO US and it looks bad to our customers, can you please sign this message?" That is, the test you suggest proves nothing-- you can't prove that only you hold a private key.
Pardon my pedantry but I think you meant conspiracy theory. Conspiracies happen all the time, and by itself the word doesn't imply anything far-fetched or unproven, just plotting to do harm.
Maybe next time I'll write a paragraph shrugs
Time for me to find another community.
DoD and IC use Suite A algorithms, which are classified. So they needed NSAKEY, or a private build of Windows that would let them do what they wanted. I think all they could do maliciously with this key is install backdoored crypto suites on victims' computers, which would require Administrator access anyway.
Disclaimer: work at MS, this is well before my time, I have no inside knowledge.
"the conspiracy theorists were right, but the NSA only used it for hyper targeted attacks"
Why not both?
So it’s not controversial that this was utterly unexploitable without pre-existing local access?
Nobody has ever described how this purported backdoor would be used.
> In addition, Dr. Nicko van Someren found a third key in Windows 2000, which he doubted had a legitimate purpose, and declared that "It looks more fishy".
Excerpt:
"Van Someren has published numerous papers in the field of computer security. In 1998 he co-authored a paper[13] with Adi Shamir introducing the concept of key finding attacks. A statistical key finding attack was used by van Someren to locate the signature verification keys used by Microsoft to validate the signatures on MS-CAPI plug-ins. One of these key was later discovered to be referred to as the NSAKEY by Microsoft, sparking some controversy.[14]"
https://en.wikipedia.org/wiki/Microsoft_CryptoAPI
Excerpt:
"The Microsoft Windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data."
===End Excerpt===
Observation: MS-CAPI -- would seem to be, prima facie, similar to Linux's OpenSSL...
> Microsoft said that the key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. cryptography export controls, and the key ensures compliance with U.S. export laws.
People have speculated elsewhere in the thread about why they need a second key to be compliant, but as far as I'm aware we don't actually know.
“the _NSAKEY backdoor” would still make an excellent blackhat/defcon talk today if someone could actually demonstrate its existence and explain practical exploitation.
On the other hand “I looked and couldn’t find anything” isn’t really a very meaningful or interesting statement.
All it takes is compromising the ISP, the DNS provider or the local network admin.
Do you have any evidence to back up this claim?
Would be curious to learn why this wouldn't be so, though.
Given Microsoft's close relationship in NSA programs in the past (PRISM, Snowden leaks, others), it's not far-fetched to assume they have a key for a root CA or whatever else is needed for such an attack.
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-...
I can't see MS admitting to giving out a backdoor key. In any case it's irrelevant as you should always assume everything you don't have source to is compromised.
As such, if this were really a backdoor, I'd expect it's identifiers to look maximally boring and no direct reference to the NSA given anywhere.
> In doing this I discovered that the NSA public key had an organizational name of "MiniTruth", and a common name of "Big Brother". Specifically what I saw in my debugger late one night, which was spooky for a short moment was:
O=MiniTruth CN=Big Brother
[0]: http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html
They were very public about it, though. It sucked they had to water down their encryption, but that was the reality until PGP challenged ITAR head-on.
Also, the name was never supposed to be known - it was due to early releases mistakenly having debug symbols included.
https://www.theverge.com/2020/1/13/21064267/microsoft-encryp...
Also, there are at least several other instances that make Microsoft highly suspicious in regards to this stuff, starting with:
- how they bought Skype not long after the NSA was promising billions of dollars (in government contracts most likely) to the company that would bypass Skype's encryption somehow
- changing Skype's architecture to be intercept-able
- Skype entering the PRISM program the moment Microsoft bought it
- some other suspicious "bugs" and design choices in regards to how Bitlocker works, including storing the encryption keys on its servers or defaulting to break-able OEM encryption. Plus the fact that you never do hear about law enforcement being thwarted by laptop encryption
- silently adding root certificates in Windows with no official documentation, some for some oppressive regimes, other for the U.S. government
- Not to mention that the first thought that came to my mind after hearing about all the hidden tracking stuff built into Windows 10 was that Windows 10 must have been designed based on a FBI/NSA wishlist.
If you've ever done anything "wrong" on your Windows 10 machine, the U.S. government will know about it, because Microsoft will know about it. At least Microsoft revealed to us that half of the government's orders to the company were secret and came with gag orders -- too bad they never really fought the government on it and ended-up supporting it with the Cloud Act.
There are probably others I missed myself or forgot about. Nadella must think of us all as idiots if he thinks we'll buy the idea that a specially-made encryption key for various governments doesn't equal a backdoor.
Doesn't this conspiracy theory stretch belief a great deal?
Sorry, but if you've been reading, there's just no other explanation.
https://theintercept.com/2018/06/25/att-internet-nsa-spy-hub...
I actually didn't say that Microsoft is directly passing all the data to NSA, just that the NSA (and FBI, and DEA, and IRS, etc) can request that data on anyone at anytime, and it's half of the time a secret request with a gag order.
But now that you mention it, there is a non-zero chance that Microsoft could pass some of the data directly to the US government, too, but maybe just for some services, like Skype.
Also "all that telemetry data" is probably counted in tens or hundreds of TBs a year, which is nothing for a company like MS or an agency like the NSA. Telemetry doesn't take that much space, just a few strings for each event.
Are you completely unaware of the fact that Microsoft does collect telemetry on every app you open, every file you have on your PC, every search you do (locally), and other stuff like that? Because that's exactly what they're doing -- Bing it, if you will. Do you think they're tracking all that data without actually storing it and analyzing it?
Everything for which you haven't read, fully understood, and compiled from the source can be compromised. Just because there's source for something somewhere doesn't mean the binary you downloaded is secure.
> Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.
[1]https://wiki.c2.com/?TheKenThompsonHack
https://m.youtube.com/watch?v=eunYrrcxXfw
And then we get into hardware design...
https://m.youtube.com/watch?v=_eSAF_qT_FY
[0]: http://www.quora.com/What-is-a-coders-worst-nightmare/answer...
Oh wow, there's an `nsagate` subdomain on `apple.com`! https://www.robtex.com/dns-lookup/nsagate.apple.com
FWIW, I am rather skeptic. And I even have reasons: if the NSA has the power to coerce, Apple wouldn’t repeatedly gotten into fights with the US government to unlock iPhones.
Cooperating with the NSA is also clearly not in the companies’ interests. If (when) it comes out, they’d be at risk to lose a lot of business in other countries.
In any case, my usual argument about cynicism applies: spreading such theories becomes self-fulfilling, because why should MS work for the NSA/every politician take bribes/every cook spit in your food, if that’s what the people believe anyway, no matter what you actually do?
https://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_sl...
The FBI is not the NSA.
The fights that we know about can be nothing more than a marketing stunt. They were what Apple wanted public to know; when leaks happen that Apple doesn't want public to know, Apple's "commitment to privacy" rather pales. Apple was listed as a PRISM data provider, they were accused in using their employee's message data against them. Now they also admit to looking into iCloud photos.
Also, I don't think any number of people believing to any extent that a corporation may have been compromised removes an important incentive for that corporation to maintain its integrity. For a security-conscious company, reputation and trust don't go that far so it would be safer to assume that Apple can be or has been compromised maybe even without their knowledge. That company would have to look after its own security and use custom protocols / devices. If it was forced to trust Apple, it would have to find an ingenious way to ensure that was not at all in the interest of Apple to betray them.
Bullrun [0] definitely suggests it..
[0] https://en.wikipedia.org/wiki/Bullrun_(decryption_program)
Occam's Razor.
I'm presuming people looked at it for dubious keys.
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
https://www.npr.org/sections/thetwo-way/2009/11/nsa_microsof...
http://www.cnn.com/TECH/computing/9909/13/backdoor.idg/
As he pointed out, Back Orifice didn't need a special key.
So just be careful viewing the incident from 2020 with the purported benefit of decades of hindsight.
Disclaimer: I’m the guy who first found it and announced it at the rump session of the Crypto conference in Santa Barbara that year...