MS Denies Windows 'Spy Key'

by Steve Kettmann and James Glave - WIRED
10:20 a.m.  3.Sep.99.PDT

Microsoft is vehemently denying allegations by a leading cryptographer
that its Windows platform contains a backdoor designed to give a US
intelligence agency access to personal computers.

Andrew Fernandes, chief scientist for security software company
Cryptonym in North Carolina, claimed on his Web site early Friday that
the National Security Agency may have access to the core security of
most major Windows operating systems.

"By adding the NSA's key, they have made it easier -- not easy, but
easier -- for the NSA to install security components on your computer
without your authorization or approval," Fernandes said.

But Microsoft denied that the NSA has anything to do with the key.

"The key is a Microsoft key -- it is not shared with any party including
the NSA," said Windows NT security product manager Scott Culp. "We don't
leave backdoors in any products."

Culp said the key was added to signify that it had passed NSA encryption
standards.

Fernandes also simultaneously released a program on his site that will
disable the key.

The key exists in all recent versions of the Windows operating
systems, including Windows 95, 98, 2000, and NT.

The issue centers around two keys that ship with all copies of
Windows. The keys grant an outside party the access it needs to
install security components without user authorization.

The first key is used by Microsoft to sign its own security service
modules. Until late Thursday, the identity and holder of the second
key had remained a mystery.

In previous versions of Windows, Fernandes said Microsoft had
disguised the holder of the second key by removing identifying
symbols. But while reverse-engineering Windows NT Service Pack 5,
Fernandes discovered that Microsoft left the identifying information
intact.

He discovered that the second secret key is labeled "_NSAKEY."

Fernandes and many other security experts take that to stand for
the National Security Agency -- the nation's most powerful
intelligence agency.

Microsoft said _NSAKEY signifies that it satisfies security standards.

Through its "signals intelligence" division, the NSA listens in on the
communications of other nations.

The NSA did not immediately respond to a request for comment via
fax, the only way the agency communicates with inquiries from the
media.

The agency also operates Echelon, a global eavesdropping network
that is reportedly able to intercept just about any form of electronic
communications anywhere in the world.

The agency is forbidden by law from eavesdropping on American
citizens.

Marc Briceno, director of the Smartcard Developer Association, said
the inclusion of the key could represent a serious threat to
e-commerce.
"The Windows operating-system-security compromise installed by
Microsoft on behalf of the NSA in every copy of Windows 95, 98, and
NT represents a serious financial risk to any company using MS
Windows in e-commerce applications," Briceno wrote in an email.

"With the discovery of an NSA backdoor in every copy of the
Windows operating systems sold worldwide, both US and especially
non-US users of Microsoft Windows must assume that the
confidentiality of their business communications has been
compromised by the US spy agency," Briceno said.

Briceno coordinated the team that broke the security in GSM cell
phones, demonstrating that the phones are subject to cloning -- a
feat the cellular industry had thought impossible.

In making the discovery, Fernandes said he did not know why the
key was there.

"It could be for espionage. It may not be," he said. "It does not
totally compromise Windows, it only weakens it.... The only real
reason I can see is for them to be able to install their own security
providers."

But Microsoft's Culp said all cyrptographic software intended for
export must be submitted to a National Security Agency review
process. He said that the key was so named to indicate that it had
completed that process and that it complied with export regulations.

"The only thing that this key is used for is to ensure that only those
products that meet US export control regulations and have been
checked can run under our crypto API (application programming
interface)," Culp said.

"It does not allow anyone to start things, stop services, or allow
anything [to be executed] remotely," he said.

"It is used to ensure that we and our cryptographic partners comply
with United States crypto export regulations. We are the only ones
who have access to it."

Fernandes made the discovery in early August, he said, but
collaborated with the Berlin-based Chaos Computer Club and other
experienced hackers worldwide before releasing the information.

"We coordinated this through the worldwide hacker scene," said
Andy Muller-Maguhn of the CCC. "It was important to American
hackers that it not only be mentioned in America but also in Europe.

"For American citizens it seems to be normal that the NSA is in their
software. But for countries outside of the United States, it is not.
We don't want to have the NSA in our software."

Coming less than a week after Microsoft was rocked by the
embarrassing news that its Hotmail system could be easily
penetrated, the latest disclosure could prove damaging to the
software giant.

"Say I am at a large bank, and I have the entirety of our operation
working on Windows," Fernandes said. "That is a little more serious.
The only people who could get in there are the NSA, but that might
be bad enough.
"They have to first manage to download a file into your machine.
There may be backdoors that allow them to do that.... I would be
shocked and surprised if the NSA bothered with individuals. What is
more of a concern is security systems for a large bank or another
data center. Or even a Web server firm.

"The result is that it is tremendously easier for the NSA to load
unauthorized security services on all copies of Microsoft Windows,
and once these security services are loaded, they can effectively
compromise your entire operating system.

"The US government is currently making it as difficult as possible for
'strong' crypto to be used outside of the US; that they have also
installed a cryptographic backdoor in the world's most abundant
operating system should send a strong message to foreign IT
managers," he said.

But Fernandes did not want to set off a panic -- or at least not for
everyone.

"I personally don't care if the NSA can get into my machine, because
I think they have better ways of spying on me as a person,"
Fernandes said. "But if I was a CEO of a large bank, that would be a
different story."

Before Microsoft's explanation, many leading cryptographers said
they were convinced it was a key for the NSA.

"I believe it is an NSA key," said Austin Hill, president of anonymous
Internet service company Zero-Knowledge Systems.

"We walked though it and talked about all the scenarios why it is
there, and this was our conclusion," said Hill.

He said that he and Zero-Knowledge's chief scientist, Ian Goldberg,
did not believe the key's name is a joke placed there by a Microsoft
programmer -- one possible explanation.

"Microsoft has not shown incredible competence in the area of
security," Hill added. "We call on Microsoft to learn about open
security models that provide independent verification of design. No
secure system is based on security by obscurity."

 search: