Can Microsoft Survive
An Electronic Pearl Harbor?
YOWUSA.COM, 27-May-01
Marshall Masters
…Continued
CNET News.com, September 3, 1999
Expert says Windows has a security breach
A security expert at a private company in North Carolina today alleged there is a serious weakness in Microsoft Windows that could allow hackers to silently subvert the operating system, a
computer network, or corporate data center.
Andrew Fernandes, chief scientist with Cryptonym, a Canadian software and consulting firm with offices in North Carolina, said he has discovered a way to replace one of the cryptographic keys
used as part of Windows' security system, thus compromising it.
Fernandes said the flaw not only allows hackers to alter the OS but could also be used to strengthen Windows security in violation of U.S. export laws.
Fernandes said he discovered that Microsoft uses two keys, instead of one, and that software code in Windows NT Service Pack
5 identifies the second key as "NSAKEY." Microsoft would normally remove that kind of designation, said Fernandes.
Fernandes said the name indicates the second key is somehow linked to the National Security Agency, but Microsoft and at least one other security expert questioned his conclusion.
Microsoft and pro-Microsoft industry spokesmen and media outlets moved at light speed to disqualify this announcement. In a reaction that was typical
of its heavy-handed tactics, Microsoft attacked Andrew Fernandes at the personal and professional level through a host of surrogates.
Over time, Microsoft was eventually able to quash public interest in the story, but not amongst computer professionals who could see the handwriting on the wall.
In the midst of the dot-com to dot.bomb madness, the country has almost forgotten that the Silicon Valley was born as a technology child of the defense industry, and some things are not quickly forgotten and to
seasoned Silicon Valley watchers, the conclusion was obvious. Mr. Gates had joined the military industrial complex boy's club, and part of his dues
including giving America's intelligence agencies a guaranteed bullet-proof backdoor into any computer running Window-95/98/NT/2000.
Bill Gates Becomes a Defense Industry Tycoon
In a move that was a passing blip on the stock market madness, a deeply buried press report informed us that Microsoft vision of the world now included the most powerful weapons of deadly force in the American
arsenal — its nuclear carriers.
The Register UK, February 2, 2000
Gates buys stake in aircraft carrier builder
Bill Gates is investing personally in Newport News Shipbuilding, the US maker of nuclear aircraft carriers, through his Cascade Investment company, according to a Schedule 13G just filed with
the SEC. His 2.6 million shares are worth around $69 million, making him one of the top two shareholders.
Between the NSA Key fiasco and Bill's acquisition of a controlling position in Newport News Shipbuilding, the general feeling amongst savvy Silicon
Valley watchers was how long it would take for the second shoe to fall. True to form, it did just 8 months later and it was stamped "Made in Russia."
Computerworld.com, October 27, 2000
Microsoft stung by hack attack
Microsoft Corp. today confirmed that its internal computer network was hacked by malicious attackers who were able to view -- but apparently not modify -- some of the software vendor's source code.
The incident, which security experts said could potentially have serious repercussions for Microsoft, was discovered by the company on Wednesday and reported to the FBI yesterday, according
to a spokeswoman. The attack, which is now being investigated by the FBI, was believed to have been initiated in St. Petersburg, Russia.
Company executives "are confident that the integrity of Microsoft's intellectual property remains secure" and don't think any customers were affected by the intrusion, the statement
added.
Microsoft noted that it's working with law-enforcement officials "to address this deplorable act of industrial espionage." An FBI
spokesman said only that the agency's investigators "are aware of the matter and are looking into it."
raham Cluley, a security expert at U.K.-based security software vendor Sophos Anti-virus, said it appears that the attackers used a worm known as QAZ to break into Microsoft's network, although
he noted that reports vary about whether Microsoft has confirmed that fact.
According to Trend Micro's description, the QAZ worm functions as a backdoor tool that gives remote users control of an infected
PC. The worm then disguises itself as a NOTEPAD.EXE file and can be spread through a LAN's shared resources, Trend Micro said. In addition, attackers can use QAZ to upload and execute other
malicious programs.
While Microsoft moved quickly to minimize the publicity damage, the flurry of Windows and Office security updates that ensured shortly afterwards
confirmed that the break-in had been substantial. With that in mind, let's briefly review what we have up to now.
- With the introduction of Windows-95, every subsequent version of the operating system now includes a feature called a Registry, which incorporates an undocumented and heavy encrypted area of the OS
that only Microsoft and its friends know about.
- A security consultant from North Carolina finds an undocumented system call built into Windows by Microsoft for the NSA. Now we know who Bill's friends happen to be.
- After crushing that report, Bill Gates buys a controlling interest Newport News Shipbuilding, which guarantees that America's nuclear aircraft carriers will be equipped with Windows computers.
This brings us back to the Germans and the Maginot line. Remember when I asked you tuck those little words away for future use? Well now, who would
understand a Maginot Line better than the German Army?
Still fuzzy, no worries mate as they say down under. The dime will drop when you read the following news story.
The Register UK, March 17, 2001
German armed forces ban MS software, citing NSA snooping
The German foreign office and Bundeswehr (The German Army) are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der
Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the
Federal Republic's deepest secrets.
The Bundeswehr will no longer use American software on computers used in sensitive areas. The German foreign office has meanwhile
put plans for videoconferencing with its overseas embassies on hold, for similar reasons. Under secretary of state Gunter Pleuger is said by Spiegel to have discovered that "for technical
reasons" the satellite service that was to be used was routed via Denver, Colorado.
According to a colleague of Pleuger's this meant that the German foreign services "might as well hold our conferences directly in Langley."
Given that German foreign office and the German Army have come forward and substantiated the findings of Andrew Fernandes, chief scientist with Cryptonym about the undocumented Windows NSA Key through their
rejection of Windows, that leaves us wondering.
What the Germans chose to omit from their statement is the widely held contention amongst Silicon Valley watchers that the clever hack on the Microsoft by the Russians last October, was organized and conducted
under the auspices of Russia's modern day version of the KGB, the Ministry of Internal Affairs (MVD). If so the MVD hackers may have used the QAZ
worm to make off with Microsoft's crown jewels without Microsoft ever knowing it.
Microsoft and the NSA can deny this all they like, but the evidence of this cover-up stick to them like white on rice.
But is the QAZ worm that was used to hack through to the heart of the Microsoft network is not the worst thing that could happen. Worse yet, the
knowledge obtained in that breaking could be used to plant and unleash massive polymorphic computer viruses throughout America.
The Danger of Polymorphic Computer Viruses
In chemistry, the term "polymorph" describes a chemical compound with different forms. In computer terms, a polymorphic computer virus is akin to that of a binary chemical warfare weapon.
A binary chemical warfare weapon, such as those the U.N. Special Commission (UNSCOM) found evidence of in Iraq, offers an ingenious way to store and deliver weapons of mass destruction. In simple terms, two
substances are contained within the same warhead, but in complete isolation from each other. When the warhead is launched or shot through a cannon, the substances are mixed together form a poisonous nerve gas.
Like the binary weapon, a polymorphic computer virus comes in two parts. However, unlike chemical weapons where both parts are delivered together,
the first part of a polymorphic computer virus is delivered in advance. Small and benign, the first half of the virus embeds itself deeply into the computer
user's hard drive in a sensitive area, where it can remain dormant and undetected indefinitely.
When the second part of the virus is received by the computer, it lacks the appearance of a complete computer virus and pass through the computer's
security systems undetected. Once inside the system, the second part of the virus knows where to see out the first part and when they combine, the
usual result is catastrophic for that computer. In addition, once the virus has coupled within one computer on a network, it may take advantage of the fact
that the computer is trusted by other computers on the network and instead of attacking immediately, it could first spread throughout the entire network before committing visible destructive acts.
Knowing where to hide the first part of a polymorphic virus is vital to the attack. Despite the flurry of security releases that Microsoft posted after the
Russian break-in, people nonetheless obtained vital pieces of information -- people with the obvious capability to create polymorphic computer viruses.
If these polymorphic computer viruses are so bad, why haven't we heard about them?
Recovery Disks, The PC User's Maginot Line
Up until recently, we would always receive a licensed Microsoft Windows installation disk when we purchased our IBM, HP, Compaq and other name
brand computers. Now, we get a CD labeled "Recovery Disk." However, it should be labeled, "Last Resort Polymorphic Computer Virus Killer."
If you see a steady stream of error warnings, or our Windows PC fails and it its last gasp displays the blue screen of death, the documentation will tell
you to simply insert the "Recovery Disk" CD into your computer and turn on the power on. If you're lucky the documentation will tell you that this
installation program used is a scorched Earth approach to repairing a corrupted Windows PC. This is because the "Recovery Disk" CD hoses
everything on the hard drive. Programs, data, initialization files, viruses and anything else you can imagine.
Regrettably, this is the only way to remove one or both parts of a polymorphic computer virus from an infected Windows PC. The way it works is that the "Recovery Disk" CD starts off by performing a simple
operation called an FDISK on your hard drive. This wipes out everything on the drive, including those the nasty little places with the first part of a polymorphic computer virus can hide.
If America suffers an electronic Pearl Harbor, polymorphic computer viruses will be the first torpedoes in the water, and we'll go down like the Arizona.
If this seems a bit extreme, the next time you visit your favorite search engine, type the following search string, "windows+security+breach" and hit
the Enter key. What you will read on the search results pages might just change your mind.
Why Microsoft Will Survive An Electronic Pearl Harbor
A relatively small number of Americans understand the threat and they are moving quickly at the direction of the White House to do what they can to
repair the breeches. However, the Windows is so widely distributed that the best we can hope for is a good damage control plan that can be quickly implemented after the first salvo of a CyberWar.
For most Americans the "Recovery CD" will be futile gesture, because hackers will have penetrated our nationwide computer network via the soft
underbelly of the undocumented parts of the Windows Registry. This means there will be no power to spin up our beloved PCs, and by the time there is, we'll be too hungry to care.
Will Microsoft survive that CyberWar? Yes.
A firm with as much money as Microsoft may not be
able to invent a completely secure operating system,
but it does have all the money it needs to invent
history -- in advance.
|
