contact :: legal :: webstats also in this section: - select - Microsoft, the NSA, and You Microsoft, the NSA, and You (includes full details) expert says Windows is breached MS denies Windows 'Spy Key' NSAKEY in sum, by Russ Cooper Gates, Gerstner helped NSA snoop Germany bans Microsoft, cites NSA > conspiracy index > most popular pages

Expert says Windows has a security breach

By Joe Wilcox
Staff Writer, CNET News.com
September 3, 1999, 5:25 p.m. PT

A security expert at a private company in North
Carolina today alleged there is a serious weakness in
Microsoft Windows that could allow hackers to silently
subvert the operating system, a computer network, or
corporate data center.

Andrew Fernandes, chief scientist with Cryptonym, a Canadian
software and consulting firm with offices in North Carolina, said
he has discovered a way to replace one of the cryptographic
keys used as part of Windows' security system, thus
compromising it.

Fernandes said the flaw not only allows hackers to alter the OS
but could also be used to strengthen Windows security in
violation of U.S. export laws.

Scott Culp, product manager for Windows security, confirmed
today that there are two keys, but he said the second one is
there solely for backup and does not pose a security risk.

Windows uses cryptography to authenticate the validity of
certain software components, such as software drivers, and to
keep intruders from gaining control of key subsystems. It also
ensures that any software program or component loaded onto a
computer does not violate export rules. U.S. law forbids the
exportation of cryptography that is stronger than 56-bits, although
stronger encryption is allowed within the United States.

Fernandes said he discovered that Microsoft uses two keys,
instead of one, and that software code in Windows NT Service
Pack 5 identifies the second key as "NSAKEY." Microsoft would
normally remove that kind of designation, said Fernandes.

Fernandes said the name
indicates the second key is somehow linked to the National
Security Agency, but Microsoft and at least one other security
expert questioned his conclusion.

"We checked some older files going back to 1998 and found
the NSA markings," said Richard Smith, president of Phar Lap
Software. "NSA could be an abbreviation for anything, such as
non-standard authentication."

In a faxed statement, the NSA said: "U.S. export control
regulations require that cryptographic APIs [of which the key is
one element] be signed. The implementation of this requirement
is left up to the company." API stands for application
programming interface.

Microsoft's Culp said that "as part of the crypto licensing
process, CryptoAPI was reviewed by the NSA. We presented
the crypto architecture to the NSA, including the backup key,
and they approved that."

"We don't share the keys"
The second key has been present since the introduction of the
CryptoAPI and was not requested by the NSA, said Culp. He
added that Microsoft, not the NSA, wrote the key. "We don't
share the keys with any public agencies."

The broader issue is Fernandes's claim he has found a way to
replace the second key with one of his own, essentially
breaking the integrity of Windows' security.

The keys are important because they can be used to create
Cryptographic Service Providers, special code used for
encryption. Microsoft typically authenticates CSPs after a
software developer demonstrates that the U.S. Commerce
Department has approved its software code for export.

If a hacker could write his own CSP and use it without being
authenticated by Microsoft's cryptography key, he or
she could make serious changes to Windows, such as
strengthening security beyond 56 bits or subverting the
computer and the corporate network it is attached to.

The problem for Microsoft is the second key, said
Fernandes. Windows will fail to operate if the first key is
replaced. But replacing the second key would not cause
Windows to shut down.

"Then suppose I load my own service provider,"
explained Fernandes. "It will try to load that and fail,
then it will try to load the second key, which is my own.
I can introduce a service provider that Microsoft hasn't
signed, but the whole cryptographic protection, [the]
infrastructure is still in place."

Fernandes can then write software programs with his
own CSPs that Windows would authenticate and install,
bypassing a certain level of security. The weakness
affects Windows 95, 98, NT, and 2000, he said.

Culp did not deny someone could replace the second
key, but dismissed the significance. "If he wants to run
his own crypto program under Windows NT, there is a
far simpler way to do it--write a higher level software
program.

"No, it does not compromise the security," Culp said.

Security experts could not readily verify Fernandes's
claims, because they did not have access to his source
code. However, Ian Goldberg, chief scientist with
Zero-Knowledge Systems, said he had reviewed
Fernandes's work and agreed that the second key exists
and Fernandes can replace it.

"Whoever put it there, it is a back door," said Goldberg,
"Whoever owns that key has the ability to create CSPs."
In addition, "There are three keys in Windows 2000, and
no one knows who that [third] one belongs to."

"There is a third key in Windows 2000, but that is just
for testing," said Culp of Microsoft. "We don't want to
use a live production key for testing CSPs, because
when all our testing is done, we want them to go away."

Culp said the third key would not be included in the
shipping version of Windows 2000.

search: Like this site? Your donation is welcome!