MS Denies Windows 'Spy Key'

by Steve Kettmann and James Glave
3.Sep.99

Microsoft is vehemently denying allegations by a leading cryptographer that its Windows platform contains a backdoor designed to give a US intelligence agency access to personal computers.

Andrew Fernandes, chief scientist for security software company Cryptonym in North Carolina, claimed on his Web site early Friday that the National Security Agency may have access to the core security of most major Windows operating systems.

See also: Hotmail Accounts Exposed to All

"By adding the NSA's key, they have made it easier -- not easy, but easier -- for the NSA to install security components on your computer without your authorization or approval," Fernandes said.

But Microsoft denied that the NSA has anything to do with the key.

"The key is a Microsoft key -- it is not shared with any party including the NSA," said Windows NT security product manager Scott Culp. "We don't leave backdoors in any products."

Culp said the key was added to signify that it had passed NSA encryption standards.

Fernandes also simultaneously released a program on his site that will disable the key.

The key exists in all recent versions of the Windows operating systems, including Windows 95, 98, 2000, and NT.

The issue centers around two keys that ship with all copies of Windows. The keys grant an outside party the access it needs to install security components without user authorization.

The first key is used by Microsoft to sign its own security service modules. Until late Thursday, the identity and holder of the second key had remained a mystery.

In previous versions of Windows, Fernandes said Microsoft had disguised the holder of the second key by removing identifying symbols. But while reverse-engineering Windows NT Service Pack 5, Fernandes discovered that Microsoft left the identifying information intact.

He discovered that the second secret key is labeled "_NSAKEY."

Fernandes and many other security experts take that to stand for the National Security Agency -- the nation's most powerful intelligence agency.

Microsoft said _NSAKEY signifies that it satisfies security standards.

Through its "signals intelligence" division, the NSA listens in on the communications of other nations.

The NSA did not immediately respond to a request for comment via fax, the only way the agency communicates with inquiries from the media.

The agency also operates Echelon, a global eavesdropping network that is reportedly able to intercept just about any form of electronic communications anywhere in the world.

The agency is forbidden by law from eavesdropping on American citizens.

Marc Briceno, director of the Smartcard Developer Association, said the inclusion of the key could represent a serious threat to e-commerce.

"The Windows operating-system-security compromise installed by Microsoft on behalf of the NSA in every copy of Windows 95, 98, and NT represents a serious financial risk to any company using MS Windows in e-commerce applications," Briceno wrote in an email.

"With the discovery of an NSA backdoor in every copy of the Windows operating systems sold worldwide, both US and especially non-US users of Microsoft Windows must assume that the confidentiality of their business communications has been compromised by the US spy agency," Briceno said.

Briceno coordinated the team that broke the security in GSM cell phones, demonstrating that the phones are subject to cloning -- a feat the cellular industry had thought impossible.

In making the discovery, Fernandes said he did not know why the key was there.

"It could be for espionage. It may not be," he said. "It does not totally compromise Windows, it only weakens it.... The only real reason I can see is for them to be able to install their own security providers."

But Microsoft's Culp said all cyrptographic software intended for export must be submitted to a National Security Agency review process. He said that the key was so named to indicate that it had completed that process and that it complied with export regulations.

"The only thing that this key is used for is to ensure that only those products that meet US export control regulations and have been checked can run under our crypto API (application programming interface)," Culp said.

"It does not allow anyone to start things, stop services, or allow anything [to be executed] remotely," he said.

"It is used to ensure that we and our cryptographic partners comply with United States crypto export regulations. We are the only ones who have access to it."

Fernandes made the discovery in early August, he said, but collaborated with the Berlin-based Chaos Computer Club and other experienced hackers worldwide before releasing the information.

"We coordinated this through the worldwide hacker scene," said Andy Muller-Maguhn of the CCC. "It was important to American hackers that it not only be mentioned in America but also in Europe.

"For American citizens it seems to be normal that the NSA is in their software. But for countries outside of the United States, it is not. We don't want to have the NSA in our software."

Coming less than a week after Microsoft was rocked by the embarrassing news that its Hotmail system could be easily penetrated, the latest disclosure could prove damaging to the software giant.

"Say I am at a large bank, and I have the entirety of our operation working on Windows," Fernandes said. "That is a little more serious. The only people who could get in there are the NSA, but that might be bad enough.

"They have to first manage to download a file into your machine. There may be backdoors that allow them to do that.... I would be shocked and surprised if the NSA bothered with individuals. What is more of a concern is security systems for a large bank or another data center. Or even a Web server firm.

"The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system.

"The US government is currently making it as difficult as possible for 'strong' crypto to be used outside of the US; that they have also installed a cryptographic backdoor in the world's most abundant operating system should send a strong message to foreign IT managers," he said.

But Fernandes did not want to set off a panic -- or at least not for everyone.

"I personally don't care if the NSA can get into my machine, because I think they have better ways of spying on me as a person," Fernandes said. "But if I was a CEO of a large bank, that would be a different story."

Before Microsoft's explanation, many leading cryptographers said they were convinced it was a key for the NSA.

"I believe it is an NSA key," said Austin Hill, president of anonymous Internet service company Zero-Knowledge Systems.

"We walked though it and talked about all the scenarios why it is there, and this was our conclusion," said Hill.

He said that he and Zero-Knowledge's chief scientist, Ian Goldberg, did not believe the key's name is a joke placed there by a Microsoft programmer -- one possible explanation.

"Microsoft has not shown incredible competence in the area of security," Hill added. "We call on Microsoft to learn about open security models that provide independent verification of design. No secure system is based on security by obscurity."