Here is the text of the articles concerning the NSA key(s) that appear to be coded into M$ Windows products. Regards, Dale Mentzer ------- Forwarded Message Follows ------- http://www.cryptonym.com/hottopics/msft-nsa.html ---------- Subject: [FP] NSA Builds Security Access Into Windows Date: Sat, 4 Sep 1999 14:41:05 -0500 To: "ScanThisNews Recipients List" <[EMAIL PROTECTED]> ====================================================================== SCAN THIS NEWS 9/4/99 [Three articles on Microsoft Windows hidden government-access keys] ====================================================================== NSA Builds Security Access Into Windows http://www.techweb.com/wire/story/TWB19990903S0014 (09/03/99 By Duncan Campbell, TechWeb A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into ALL VERSIONS OF THE WINDOWS OPERATING SYSTEM. Computer-security specialists have been aware for two years that unusual features are contained inside a standard Windows driver used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions including the Microsoft Cryptographic API (MS-CAPI). In particular, it authenticates modules signed by Microsoft, letting them run without user intervention. At last year's Crypto 98 conference, British cryptography specialist Nicko van Someren said he had disassembled the driver and found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with U.S. export regulations. But the reason for building in a second key, or who owned it, remained a mystery. Now, a North Carolina security company has come up with conclusive evidence the second key belongs to the NSA. Like van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY." The other was called "NSAKEY." Fernandez reported his re-discovery of the two CAPI keys, and their secret meaning, to the "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge. But according to two witnesses attending the conference, even Microsoft's top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code. Within Microsoft, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers. No researchers have yet discovered a programming module which signs itself with the NSA key. Researchers are divided about whether it might be intended to let U.S. government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by the NSA's burgeoning corps of "information warriors." According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward. "For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers. "How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a 'back door' for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said. Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday. Fernandez said he believed the NSA's built-in loophole could be turned round against the snoopers. The NSA key inside CAPI could be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorized third parties, unapproved by Microsoft or the NSA. This is exactly what the U.S. government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website. According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said. ------------------------------------------------------ See also "Microsoft, the NSA, and You" posted at http://www.cryptonym.com/hottopics/msft-nsa.html ------------------------------------------------------ ====================================================== -----Original Message----- Sent: Saturday, September 04, 1999 Subject: More on NSA Key: "Mysterious Component" Source: New York Times http://www.nytimes.com/library/tech/99/09/biztech/articles/04soft.html September 4, 1999 A Mysterious Component Roils Microsoft By JOHN MARKOFF SAN FRANCISCO -- A cryptographer for a Canadian software firm, dissecting a piece of Microsoft security software, made an unexpected find: an element in the Windows operating system labeled "NSAKey." When his discovery was made known on his company's Web site Friday, it set off a firestorm of Orwellian visions in Internet discussion groups. Was the buried software component, as the cryptographer surmised, a Trojan horse that gave the National Security Agency a hidden back door into the world's computers? Or was it merely a Microsoft programmer's remarkably bad choice of language in a software system designed to protect electronic communications and commerce? Microsoft executives insisted that there was no Big Brother feature in the software. "The big answer is that these charges are completely false," said Scott Culp, a security product manager at Microsoft. And the National Security Agency, which gathers electronic signal intelligence worldwide and is responsible for the security of the Government's computers, issued a terse three-sentence news release distancing itself from the controversy, saying, "Questions about specific products should be addressed to the company." Microsoft officials acknowledged that the episode was in any case a black eye for the world's largest software publisher. "We're going to pay and pay and pay for this," said one of the company's security experts, who spoke on the grounds that he not be identified. In recent months Microsoft has become a lightning rod for criticism of its products' security and has had to deal with several gaffes, including the discovery last week of a security flaw that exposed the e-mail of users of its Hotmail service. The latest uproar was set off by Andrew Fernandes, a mathematician in Research Triangle Park, N.C., who is chief scientist of the Cryptonym Corporation, a small Canadian software firm that is developing computer security products. Fernandes first presented his findings at a technical meeting last month in Southern California, but word did not spread more broadly until today, when a news release was posted on the Cryptonym Web site. In a telephone interview, Fernandes said he had made his discovery while exploring and trying to replicate the security software in Microsoft's Windows and Windows NT operating systems. The operating systems make use of a key -- a large number -- to authenticate software components, providing confidence that a component is correctly identified and has not been tampered with. For example, when new encryption functions are added for security, the key verifies that they comply with Government regulations. Cryptographers had previously noted the existence of a second key whose use they could not account for. What Fernandes found in the program was an identifying tag, disguised in earlier versions. And the label was "NSAKey." The discovery shocked him, Fernandes said, adding, "It doesn't make any sense why they would put in a second key." He concluded that the key represented a serious security flaw that would leave Microsoft's operating system vulnerable to intrusion. "The result is that it is tremendously easier for the N.S.A. to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system," his news release asserted. But at Microsoft, Culp said the key labeled NSAKey was a backup permitting Microsoft to authenticate encryption components if the first key was damaged. And he said the name was simply unfortunate. Because the key insures compliance with Federal export laws, and the National Security Agency is the authority responsible for reviewing software and hardware products intended for foreign use, the component has been referred to colloquially at Microsoft as the "NSA key," he said. But Culp insisted that the key was not shared with any outside party, including the N.S.A. "We protect it with dobermans and barbed wire," he said. "Conspiracy theorists are worked up about this, but real life is more boring." Security and privacy experts were generally skeptical about the notion that Microsoft was cooperating with the nation's electronic intelligence agency. Microsoft has vocally opposed proposals by law-enforcement and intelligence agencies that would give them electronic back doors to monitor computer data. Some security experts said that even if there was no sinister explanation for the NSAKey, Microsoft should not add components to its security software system without publicly identifying them. "They've debased their currency once again by not disclosing this," said Mark Seiden, chief consultant for the information security group Kroll-Ogara. Microsoft executives said there had been no reason to publicize the backup key. "It was not something that anyone had expressed any interest in," Culp said. And in any case, the Big Brother that Fernandes said he had discovered turned out to have an Achilles heel. He said he had been able to develop a small program that strips out the second key. Copyright 1999 The New York Times Company ======================================== Crypto expert: Microsoft products leave door open to NSA http://cnn.com/TECH/computing/9909/03/windows.nsa/ September 3, 1999 (CNN) -- A cryptography expert says that Microsoft operating systems include a back door that allows the National Security Agency to enter systems using one of the operating system versions. The chief scientist at an Internet security company reported the flaw at a recent conference in Santa Barbara where he discussed a "key" entrance into the cryptographic standard used in Microsoft Windows products. That includes Windows 95, Windows 98, Windows NT4 and Windows2000. "It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load (the cryptography services)," said Andrew Fernandes in a press release. Fernandes works for Cryptonym, a company based in Ontario. The press release states "the second belongs to the NSA. That means that the NSA can also securely load (the services) on your machine, and without your authorization." The discovery "highly suggests" that the NSA has a key it could use to enter encrypted items on anybody's Windows operating system, said Ian Goldberg, chief scientist at Zero-Knowledge Systems. Goldberg was among a few dozen people in the audience at the conference when Fernandes dropped his bomb. The session occurred just before midnight so no one saw it coming, he said, but the audience was shocked. "If you're trying to keep messages private, it's possible that they are not as private as you thought they were," Goldberg said. Zero-Knowledge Systems is about to release a security product built specially to make such security flaws impossible, he said. Microsoft was not immediately available for comment. It is unclear why or if Microsoft cooperated with the NSA on the key to its "CryptoAPI," the standard interface to its cryptography services, Goldberg said. [end forwarded articles] ======================================================================= Don't believe anything you read on the Net unless: 1) you can confirm it with another source, and/or 2) it is consistent with what you already know to be true. ======================================================================= To subscribe to the free Scan This News newsletter, send a message to <[EMAIL PROTECTED]> and type "subscribe scan" in the BODY. Or, to be removed type "unsubscribe scan" in the message BODY. For additional instructions see www.efga.org/about/maillist.html ----------------------------------------------------------------------- "Scan This News" is Sponsored by S.C.A.N. Host of the "FIGHT THE FINGERPRINT!" web page: www.networkusa.org/fingerprint.shtml ======================================================================= It's hard to make a comeback when you haven't been anywhere This mail written by a user of Arachne, the DOS Internet Client WWWWW World Wide Web Without Windows http://home.arachne.cz Arachne DOS Browser Home Page To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies.
