-
- In on extraordinary ABC News feature on 3 September,
1999 it was alleged that every version of Windows 98 and Windows NT contains
a special programme to encrypt sensitive data, from e-mails and documents
to e-commerce transactions over the Internet.
-
- The programme is called the cryptoAPI, and it uses an
encryption key, managed by Microsoft Corporation, to lock and unlock the
sensitive data stored on a computer and sent across the Internet. Instead
of having each application do the number crunching, Windows essentially
does it instead.
-
- But there's not just one key -- there are two. In an
analysis published on the Internet, the head of a Canadian security firm,
Cryptonym, claims that the two keys have existed within Windows since the
later versions of Windows 95.
-
- He adds that the second key is labelled 'NSAKEY' within
the latest service pack for Windows NT 4.0, the Windows operating system
widely used in servers and corporate work-stations.
-
- Some analysts hove speculated that the first three letters
- NSA - could stand for America's super secret National Security Agency:
an intelligence organisation charged with cracking codes and encryption
schemes.
-
- "We've never known what the second key was for,"
Cryptonym founder Andrew Fernandes told ABC News, "but it's certainly
possible that it's for law enforcement or espionage purposes."
-
-
- How Windows Crypto Works
-
- Encryption is used to encode e-mail messages, documents
and Internet transactions. In the case of computers, the code can consist
of dozens, or hundreds, of ones and zeros. The lowest government-approved
encryption standard, a code 56 digits long, took 22 hours to break.
-
- The cryptoAPI essentially lets software developers write
programmes that simply plug into Microsoft's encryption scheme, instead
of having to write their own.
-
- Microsoft manages the keys, and can provide access to
the data or transactions at the request of the user, or a duly authorised
third-party,
-
- In the case of corporate users, other people within the
corporation could have access to the key as well. But that still didn't
answer the question: why two keys?
-
-
- Federal Government Wants 'Backdoor' Key
-
- The U.S. Commerce Department has maintained strict controls
on the export of strong encryption software. U.S. companies can export
these overseas -- provided the U.S. government receives a key to that encryption.
-
- In 1997 U.S. companies were given two years to change
their policies to comply.
-
- The government's key is often called the 'backdoor' key.
It's unclear whether the cryptoAPI falls under the Commerce Department
regulations, but when it comes to APIs, Microsoft does not change its encryption
schemes to account for the laws in different nations.
-
- Thus, the two-key scheme isn't just on computers overseas,
but also on machines running in the United States.
-
- "Talk of NSA involvement aside, one could say that
Microsoft has complied with these regulations, and is including two keys,"
says Peter Tippett, chairman of ICSA Incorporated, a Reston, Virginia,
based security consulting firm.
-
-
- Who Has the Second Key?
-
- Meanwhile, Fernandes says he's come up with a way to
change the second key into anything else the user wants. If he or she
wants strong, 256-bit encryption, it can be installed in place of 'NSAKEY.'
-
- This means that virus programmes or hacking exploits
can be written to change the key without the users' knowledge. Thus, if
users do not maintain 'safe computing' practices, they could very well
find their strong encryption replaced with no encryption at all, exposing
their data to anyone interested in it. Microsoft and the NSA did not immediately
answer repeated requests by ABC News for comment, but Russ Cooper, a Windows
NT security expert and editor of the Web site NTBugTraq, has reported that
the NSA insisted that Microsoft include the second key, though that could
not be independently confirmed. And then there's the trust issue.
-
- "Microsoft has not been forthcoming on this issue,"
Fernandes claimed. "If I don't know anything about this second key,
how the hell do I know what else Microsoft has stuck in their code? We've
never known what the second key was for, but it's certainly possible that
it's for law enforcement or espionage purposes.
-
- "By adding the NSA's key, they have mode it easier
-- not easy, but easier -- for the NSA to install security components on
your computer without your authorisation or approval," Fernandes said.
-
-
- Microsoft Refutes Windows 'Spy Key' Allegations
-
- Within 24-hours of the ABC News story, Microsoft vehemently
denied allegations by Fernandes that its Windows platform contains a backdoor
designed to give the NSA access to personal computers and that the agency
has anything to do with the key.
-
- "The key is a Microsoft key -- it is not shared
with any party including the NSA," said Windows NT security product
manager Scott Culp. "We don't leave back-doors in any products."
-
- Culp said the key was added to signify that it had passed
NSA encryption standards.
-
- In previous versions of Windows, Fernandes said Microsoft
had disguised the holder of the second key by removing identifying symbols.
But while reverse-engineering Windows NT Service Pack 5, Fernandes discovered
that Microsoft left the identifying information intact and discovered that
the second secret key is labelled 'NSAKEY.'
-
- Microsoft said 'NSAKEY' signifies that it satisfies security
standards.
-
- Through its 'signals intelligence' division, the NSA
listens in on the communications of other nations throughout the world,
principally from RAF Menwith Hill, situated in North Yorkshire, England.
-
- The agency also operates Echelon, a global eavesdropping
network that is reportedly able to intercept just about any form of electronic
communications anywhere in the world, but is forbidden by law from eavesdropping
on American citizens.
-
- Marc Briceno, director of the Smartcard Developer Association,
said the inclusion of the key could represent a serious threat to e-commerce.
"The Windows operating-system-security compromise installed by Microsoft
on behalf of the NSA in every copy of Windows 95, 98, and NT represents
a serious financial risk to any company using MS Windows in e-commerce
applications," Briceno wrote in an e-mail.
-
- "With the discovery of an NSA backdoor in every
copy of the Windows operating systems sold worldwide, both US end especially
non-US users of Microsoft Windows must assume that the confidentiality
of their business communications has been compromised by the US spy agency,"
Briceno said.
-
- Briceno coordinated the team that broke the security
in GSM cell phones, demonstrating that the phones are subject to cloning
-- a feat the cellular industry had thought impossible.
-
- But Microsoft's Culp said all cryptography software intended
for export must be submitted to a National Security Agency review process.
He said that the key was so named to indicate that it had completed that
process and that it complied with export regulations.
-
- "The only thing that this key is used for is to
ensure that only those products that meet US export control regulations
and have been checked can run under our crypto API (application programming
interface)," Culp said.
-
- "It does not allow anyone to start things, stop
services, or allow anything [to be executed] remotely," he said.
"It is used to ensure that we and our cryptographic partners comply
with United States crypto export regulations. We are the only ones who
have access to it."
-
- Fernandes made the discovery in early August, he said,
but collaborated with the Berlin-based Chaos Computer Club and other experienced
hackers worldwide before releasing the information.
-
- "We coordinated this through the worldwide hacker
scene," said Andy Muller-Maguhn of the CCC. "It was important
to American hackers that it not only be mentioned in America but also in
Europe.
-
- "For American citizens it seems to be normal that
the NSA is in their software. But for countries outside of the United
States, it is not. We don't want to have the NSA in our software."
-
- Coming less than a week after Microsoft was rocked by
the embarrassing news that its Hotmail system could be easily penetrated,
the latest disclosure could prove damaging to the software giant.
-
- "Say I am at a large bank, and I have the entirety
of our operation working on Windows," Fernandes said. "That
is a little more serious. The only people who could get in there are the
NSA, but that might be bad enough.
-
- "They have to first manage to download a file into
your machine. There may be back-doors that allow them to do that... I
would be shocked and surprised if the NSA bothered with individuals. What
is more of a concern is security systems for a large bank or another data
centre. Or even a Web server firm.
-
- "The result is that it is tremendously easier for
the NSA to load unauthorised security services on all copies of Microsoft
Windows, and once these security services are loaded, they can effectively
compromise your entire operating system.
-
- "The US government is currently making it as difficult
as possible for 'strong' crypto to be used outside of the US; that they
have also installed a cryptographic backdoor in the world's most abundant
operating system should send a strong message to foreign IT managers,"
he said.
-
- But Fernandes did not want to set off a panic -- or at
least not for everyone.
-
- "I personally don't care if the NSA can get into
my machine, because I think they have better ways of spying on me as a
person," Fernandes said. But if I was a chief executive officer of
a large bank, that would be a different story."
-
- Before Microsoft's explanation, many leading cryptographers
said they were convinced it was a key for the NSA.
-
- "I believe it is an NSA key,' said Austin Hill,
president of anonymous Internet service company Zero-Knowledge Systems.
"We walked though it and talked about all the scenarios why it is
there, and this was our conclusion," said Hill.
-
- He said that he and Zero Knowledge's chief scientist,
Ion Goldberg, did not believe the key's name is a joke placed there by
a Microsoft programmer -- one possible explanation.
-
- "Microsoft has not shown incredible competence in
the area of security," Hill added. "We call on Microsoft to
learn about open security models that provide independent verification
of design. No secure system is based on security by obscurity."
-
- _____
-
- Thanks to: ABC News, Andrew Gingery, Andrew Fernandes,
Mark Hall, Robert Collins, Steve Kettmann, James Glove and the NSA (No
Such Agency or Never Say Anything...).
|