05-03-2008, 11:10 PM
Wednesday, April 30th, 2008 @ 6:00 am | Privacy, News
Microsoft may have inadvertently disclosed a potential Microsoft backdoor for law enforcement earlier this week. To explain this all, here is the layman term of a backdoor from Wikipedia:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.
According to an article on PC World: ââ¬ÅThe software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.ââ¬Â
Not a big deal until you keep reading: ââ¬ÅAlthough Microsoft is reluctant to give out details on its botnet buster ââ¬â the company said that even revealing its name could give cyber criminals a clue on how to thwart itââ¬Â
Stop the press for second or two and look at this logically: ââ¬Åusers who have installed the Malicious Software Removal toolââ¬Â followed by ââ¬Å Microsoft is reluctant to give out details on its botnet buster ââ¬â the company said that even revealing its name could give cyber criminals a clue on how to thwart itââ¬Â, what? This is perhaps the biggest gaffe Iââ¬â¢ve read thus far on potential government collusion with Microsoft.
We then have the following wording: ââ¬ÅMicrosoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.ââ¬Â So again, thinking logically at what has been said so far by Microsoft; ââ¬ÅWe have a tool called Malicious Software Removal toolââ¬Â¦Ã¢â¬Â, ââ¬Åwe canââ¬â¢t tell you the name of this tool since it would undermine our snoopingââ¬Â¦Ã¢â¬Â, ââ¬Åitââ¬â¢s been used by law enforcement already to make a high-profile bust earlier this year.ââ¬Â
Remember a ââ¬ÅMalicious Software Reporting Toolââ¬Â is a lot different from a ââ¬ÅMalicious Software Removal Toolââ¬Â. Understanding networking, computing, botnets, letââ¬â¢s put this concept into a working model to explain how this is nothing more than a backdoor. You have an end user, weââ¬â¢ll create a random Windows XP user: Farmer John in North Dakota. Farmer John in North Dakota uses his machine once a week to read news, send family email, nothing more. He installed Microsoftââ¬â¢s Malicious Removal Tool. Farmer Johnââ¬â¢s machine becomes infected at some point and sends Microsoft information about the compromise: ââ¬ÅIââ¬â¢m Farmer Johnââ¬â¢s machine coming from X_IP_Addressââ¬Â.
A correlation is done with this information and then supposedly used to track where the botnetââ¬â¢s originating IP address is from. From the article: ââ¬ÅAnalysis by Microsoftââ¬â¢s software allowed investigators to identify which IP address was being used to operate the botnet, Gaudreau said. And that cracked the case.ââ¬Â This is not difficult, detect a DST (destination) for malware sent from Farmer Johnââ¬â¢s machine. Simple, good guys win, everyone is happy.
The concept of Microsoftââ¬â¢s Malicious Software Removal tool not being a backdoor is flawed. For starters, no information is ever disclosed to someone installing the Windows Malicious Software removal tool: ââ¬ÅWindows will now install a program which will report suspicious activity to Microsoftââ¬Â. As far as I can recall on any Windows update, there has never been any mention of it.
ââ¬ÅBut this is a wonderful tool, why are you being such a troll and knocking Microsoft for doing the right thing!ââ¬Â. The question slash qualm I have about this tool is Iââ¬â¢d like to know what, why, when and how things are being done on my machine. Itââ¬â¢s not a matter of condemning Microsoft, but what happens if at some point in time Microsoft along with government get an insane idea to branch away from obtaining other data for whatever intents and purposes?
Weââ¬â¢ve seen how the NSA is allowed to gather any kind of information theyââ¬â¢d like (http://www.eff.org/issues/nsa-spying), we now have to contend with Microsoft attempting to do the same. Any way youââ¬â¢d like to market this, it reeks of a backdoor: (again pointing to the definition) A backdoor in a computer system ââ¬Â¦ is a method of bypassing normal authentication, ââ¬Â¦ obtaining access to ââ¬Â¦ , and so on, while attempting to remain undetected. Thereââ¬â¢s no beating around the bush here on what this tool is and does.
This is reminiscent of the 90ââ¬â¢s with the NSAââ¬â¢s ECHELON program. In 1994, the NSA intercepted the faxes and telephone calls of Airbus. What resulted was the information was then forwarded to Boeing and McDonnell-Douglas in which they snagged the contract from under Airbusââ¬â¢ feet. In 1996, the CIA hacked into the computers of the Japanese Trade Ministry seeking ââ¬Ånegotiations on import quotas for US cars on the Japanese marketââ¬Â. Resulting with the information being passed off to ââ¬ÅUS negotiator Mickey Kantorââ¬Â who accepted a lower offer.
As an American you might say ââ¬Åso what, more power to usââ¬Â but to think that any government wouldnââ¬â¢t do it to its own citizens for whatever reason would be absurd. There are a lot of horrible routes this could take.
What happens if slash when for some reason or another the government decides that you should not read a news site, will Microsoft willingly oblige and rewrite the news in accordance to what the government deems readable?
How about the potential to give Microsoft a warrantless order to discover who doesnââ¬â¢t like a Presidentââ¬â¢s ââ¬Åhealth care planââ¬Â, or who is irrate and whatever policy; Will Microsoft sift through a machine to retrieve relevant data to disclose to authorities?
That doesnââ¬â¢t include the potential for say technological espionage and gouging of sorts. Whatââ¬â¢s to stop Microsoft from say, mapping a network and reporting all ââ¬Ånon-Microsoftââ¬Â based products back to Microsoft. The information could then be used to say raise support costs, allow Microsoft to offer juicier incentives to rid the network of non MS based products, the scenarios are endless.
Sadly, most people will shrug and pass it off as nothing. Most security buffs, experts, etc., havenââ¬â¢t mentioned a word of it outside of ââ¬Åthe wonderful method to remove, detect, botnets!ââ¬Â and I donââ¬â¢t necessarily disagree itââ¬â¢s a unique way to detect what is happening, but this could have been done at the ISP and NSP level without installing a backdoor. Why didnââ¬â¢t law enforcement approach botnets from that avenue? Perhaps they have, this Iââ¬â¢m actually certain of which leads me to believe this is a prelude of something more secretive that has yet to be disclosed or discovered.
http://www.pcworld.com/businesscenter/ar...ckers.html
http://cryptome.org/echelon-ep-fin.htm (ECHELON MISHAPS)
MORE ON MICROSOFTââ¬â¢S POTENTIAL GOVERNMENT BACKDOOR
http://www.infiltrated.net/?p=91
Microsoft may have inadvertently disclosed a potential Microsoft backdoor for law enforcement earlier this week. To explain this all, here is the layman term of a backdoor from Wikipedia:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.
According to an article on PC World: ââ¬ÅThe software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.ââ¬Â
Not a big deal until you keep reading: ââ¬ÅAlthough Microsoft is reluctant to give out details on its botnet buster ââ¬â the company said that even revealing its name could give cyber criminals a clue on how to thwart itââ¬Â
Stop the press for second or two and look at this logically: ââ¬Åusers who have installed the Malicious Software Removal toolââ¬Â followed by ââ¬Å Microsoft is reluctant to give out details on its botnet buster ââ¬â the company said that even revealing its name could give cyber criminals a clue on how to thwart itââ¬Â, what? This is perhaps the biggest gaffe Iââ¬â¢ve read thus far on potential government collusion with Microsoft.
We then have the following wording: ââ¬ÅMicrosoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.ââ¬Â So again, thinking logically at what has been said so far by Microsoft; ââ¬ÅWe have a tool called Malicious Software Removal toolââ¬Â¦Ã¢â¬Â, ââ¬Åwe canââ¬â¢t tell you the name of this tool since it would undermine our snoopingââ¬Â¦Ã¢â¬Â, ââ¬Åitââ¬â¢s been used by law enforcement already to make a high-profile bust earlier this year.ââ¬Â
Remember a ââ¬ÅMalicious Software Reporting Toolââ¬Â is a lot different from a ââ¬ÅMalicious Software Removal Toolââ¬Â. Understanding networking, computing, botnets, letââ¬â¢s put this concept into a working model to explain how this is nothing more than a backdoor. You have an end user, weââ¬â¢ll create a random Windows XP user: Farmer John in North Dakota. Farmer John in North Dakota uses his machine once a week to read news, send family email, nothing more. He installed Microsoftââ¬â¢s Malicious Removal Tool. Farmer Johnââ¬â¢s machine becomes infected at some point and sends Microsoft information about the compromise: ââ¬ÅIââ¬â¢m Farmer Johnââ¬â¢s machine coming from X_IP_Addressââ¬Â.
A correlation is done with this information and then supposedly used to track where the botnetââ¬â¢s originating IP address is from. From the article: ââ¬ÅAnalysis by Microsoftââ¬â¢s software allowed investigators to identify which IP address was being used to operate the botnet, Gaudreau said. And that cracked the case.ââ¬Â This is not difficult, detect a DST (destination) for malware sent from Farmer Johnââ¬â¢s machine. Simple, good guys win, everyone is happy.
The concept of Microsoftââ¬â¢s Malicious Software Removal tool not being a backdoor is flawed. For starters, no information is ever disclosed to someone installing the Windows Malicious Software removal tool: ââ¬ÅWindows will now install a program which will report suspicious activity to Microsoftââ¬Â. As far as I can recall on any Windows update, there has never been any mention of it.
ââ¬ÅBut this is a wonderful tool, why are you being such a troll and knocking Microsoft for doing the right thing!ââ¬Â. The question slash qualm I have about this tool is Iââ¬â¢d like to know what, why, when and how things are being done on my machine. Itââ¬â¢s not a matter of condemning Microsoft, but what happens if at some point in time Microsoft along with government get an insane idea to branch away from obtaining other data for whatever intents and purposes?
Weââ¬â¢ve seen how the NSA is allowed to gather any kind of information theyââ¬â¢d like (http://www.eff.org/issues/nsa-spying), we now have to contend with Microsoft attempting to do the same. Any way youââ¬â¢d like to market this, it reeks of a backdoor: (again pointing to the definition) A backdoor in a computer system ââ¬Â¦ is a method of bypassing normal authentication, ââ¬Â¦ obtaining access to ââ¬Â¦ , and so on, while attempting to remain undetected. Thereââ¬â¢s no beating around the bush here on what this tool is and does.
This is reminiscent of the 90ââ¬â¢s with the NSAââ¬â¢s ECHELON program. In 1994, the NSA intercepted the faxes and telephone calls of Airbus. What resulted was the information was then forwarded to Boeing and McDonnell-Douglas in which they snagged the contract from under Airbusââ¬â¢ feet. In 1996, the CIA hacked into the computers of the Japanese Trade Ministry seeking ââ¬Ånegotiations on import quotas for US cars on the Japanese marketââ¬Â. Resulting with the information being passed off to ââ¬ÅUS negotiator Mickey Kantorââ¬Â who accepted a lower offer.
As an American you might say ââ¬Åso what, more power to usââ¬Â but to think that any government wouldnââ¬â¢t do it to its own citizens for whatever reason would be absurd. There are a lot of horrible routes this could take.
What happens if slash when for some reason or another the government decides that you should not read a news site, will Microsoft willingly oblige and rewrite the news in accordance to what the government deems readable?
How about the potential to give Microsoft a warrantless order to discover who doesnââ¬â¢t like a Presidentââ¬â¢s ââ¬Åhealth care planââ¬Â, or who is irrate and whatever policy; Will Microsoft sift through a machine to retrieve relevant data to disclose to authorities?
That doesnââ¬â¢t include the potential for say technological espionage and gouging of sorts. Whatââ¬â¢s to stop Microsoft from say, mapping a network and reporting all ââ¬Ånon-Microsoftââ¬Â based products back to Microsoft. The information could then be used to say raise support costs, allow Microsoft to offer juicier incentives to rid the network of non MS based products, the scenarios are endless.
Sadly, most people will shrug and pass it off as nothing. Most security buffs, experts, etc., havenââ¬â¢t mentioned a word of it outside of ââ¬Åthe wonderful method to remove, detect, botnets!ââ¬Â and I donââ¬â¢t necessarily disagree itââ¬â¢s a unique way to detect what is happening, but this could have been done at the ISP and NSP level without installing a backdoor. Why didnââ¬â¢t law enforcement approach botnets from that avenue? Perhaps they have, this Iââ¬â¢m actually certain of which leads me to believe this is a prelude of something more secretive that has yet to be disclosed or discovered.
http://www.pcworld.com/businesscenter/ar...ckers.html
http://cryptome.org/echelon-ep-fin.htm (ECHELON MISHAPS)
MORE ON MICROSOFTââ¬â¢S POTENTIAL GOVERNMENT BACKDOOR
http://www.infiltrated.net/?p=91