Microsoft Discloses Government Backdoor on Windows Operating Systems
Microsoft may have inadvertently disclosed a potential Microsoft
backdoor for law enforcement earlier this week. To explain this all,
here is the layman term of a backdoor from Wikipedia:
A backdoor in a computer system (or cryptosystem or algorithm) is a
method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plaintext, and so on, while attempting
to remain undetected. The backdoor may take the form of an installed
program (e.g., Back Orifice), or could be a modification to an
existing program or hardware device.
According to an article on PC World: =93The software vendor is giving
law enforcers access to a special tool that keeps tabs on botnets,
using data compiled from the 450 million computer users who have
installed the Malicious Software Removal tool that ****ps with
Windows.=94
Not a big deal until you keep reading: =93Although Microsoft is
reluctant to give out details on its botnet buster =97 the company said
that even revealing its name could give cyber criminals a clue on how
to thwart it=94
Stop the press for second or two and look at this logically: =93users
who have installed the Malicious Software Removal tool=94 followed by =93
Microsoft is reluctant to give out details on its botnet buster =97 the
company said that even revealing its name could give cyber criminals a
clue on how to thwart it=94, what? This is perhaps the biggest gaffe
I=92ve read thus far on potential government collusion with Microsoft.
We then have the following wording: =93Microsoft had not previously
talked about its botnet tool, but it turns out that it was used by
police in Canada to make a high-profile bust earlier this year.=94 So
again, thinking logically at what has been said so far by Microsoft;
=93We have a tool called Malicious Software Removal tool=85=94, =93we
can=92=
t
tell you the name of this tool since it would undermine our
snooping=85=94, =93it=92s been used by law enforcement already to make a
hig=
h-
profile bust earlier this year.=94
Remember a =93Malicious Software Re****ting Tool=94 is a lot different from
a =93Malicious Software Removal Tool=94. Understanding networking,
computing, botnets, let=92s put this concept into a working model to
explain how this is nothing more than a backdoor. You have an end
user, we=92ll create a random Windows XP user: Farmer John in North
Dakota. Farmer John in North Dakota uses his machine once a week to
read news, send family email, nothing more. He installed Microsoft=92s
Malicious Removal Tool. Farmer John=92s machine becomes infected at some
point and sends Microsoft information about the compromise: =93I=92m
Farmer John=92s machine coming from X_IP_Address=94.
A correlation is done with this information and then supposedly used
to track where the botnet=92s originating IP address is from. From the
article: =93Analysis by Microsoft=92s software allowed investigators to
identify which IP address was being used to operate the botnet,
Gaudreau said. And that cracked the case.=94 This is not difficult,
detect a DST (destination) for malware sent from Farmer John=92s
machine. Simple, good guys win, everyone is happy.
The concept of Microsoft=92s Malicious Software Removal tool not being a
backdoor is flawed. For starters, no information is ever disclosed to
someone installing the Windows Malicious Software removal tool:
=93Windows will now install a program which will re****t suspicious
activity to Microsoft=94. As far as I can recall on any Windows update,
there has never been any mention of it.
=93But this is a wonderful tool, why are you being such a troll and
knocking Microsoft for doing the right thing!=94. The question slash
qualm I have about this tool is I=92d like to know what, why, when and
how things are being done on my machine. It=92s not a matter of
condemning Microsoft, but what happens if at some point in time
Microsoft along with government get an insane idea to branch away from
obtaining other data for whatever intents and purposes?
We=92ve seen how the NSA is allowed to gather any kind of information
they=92d like (http://www.eff.org/issues/nsa-spying),
we now have to
contend with Microsoft attempting to do the same. Any way you=92d like
to market this, it reeks of a backdoor: (again pointing to the
definition) A backdoor in a computer system =85 is a method of bypassing
normal authentication, =85 obtaining access to =85 , and so on, while
attempting to remain undetected. There=92s no beating around the bush
here on what this tool is and does.
This is reminiscent of the 90=92s with the NSA=92s ECHELON program. In
1994, the NSA intercepted the faxes and telephone calls of Airbus.
What resulted was the information was then forwarded to Boeing and
McDonnell-Douglas in which they snagged the contract from under
Airbus=92 feet. In 1996, the CIA hacked into the computers of the
Japanese Trade Ministry seeking =93negotiations on im****t quotas for US
cars on the Japanese market=94. Resulting with the information being
passed off to =93US negotiator Mickey Kantor=94 who accepted a lower
offer.
As an American you might say =93so what, more power to us=94 but to think
that any government wouldn=92t do it to its own citizens for whatever
reason would be absurd. There are a lot of horrible routes this could
take.
What happens if slash when for some reason or another the government
decides that you should not read a news site, will Microsoft willingly
oblige and rewrite the news in accordance to what the government deems
readable?
How about the potential to give Microsoft a warrantless order to
discover who doesn=92t like a President=92s =93health care plan=94, or who
i=
s
irrate and whatever policy; Will Microsoft sift through a machine to
retrieve relevant data to disclose to authorities?
That doesn=92t include the potential for say technological espionage and
gouging of sorts. What=92s to stop Microsoft from say, mapping a network
and re****ting all =93non-Microsoft=94 based products back to Microsoft.
The information could then be used to say raise sup****t costs, allow
Microsoft to offer juicier incentives to rid the network of non MS
based products, the scenarios are endless.
Sadly, most people will shrug and pass it off as nothing. Most
security buffs, experts, etc., haven=92t mentioned a word of it outside
of =93the wonderful method to remove, detect, botnets!=94 and I don=92t
necessarily disagree it=92s a unique way to detect what is happening,
but this could have been done at the ISP and NSP level without
installing a backdoor. Why didn=92t law enforcement approach botnets
from that avenue? Perhaps they have, this I=92m actually certain of
which leads me to believe this is a prelude of something more
secretive that has yet to be disclosed or discovered.
|
