Creating Bogus Enemies to Justify Internet Control: CIA, NSA “most probably” Infiltrated Microsoft to Write Malware

US intelligence agencies using Microsoft to disseminate lethal computer virus

Stewart Mitchell

PC World

Yes, and the cyber threats come from the Pentagon, the CIA and the NSA. 

US government officials could be working under cover at Microsoft to help the country’s cyber-espionage programme, according to one leading security expert.
The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines.
According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010’s Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack.
“The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government,” Hypponen said.
“This makes you think that this breach of Microsoft’s update system was done by the Americans and most likely a US agency, someone like the NSA,” Hypponen said. “That must make Microsoft mad as hell that its most critical system, used by 900 million of its customers, was breached by fellow Americans.”
The Flame virus used forged Microsoft certificates to gain access to computer systems because it is one of the most trusted companies, with any code-signing certificates from the company given white-list access to computers.
Although Microsoft itself was not hacked, the certificate abuse left the company red-faced and it scrambled to release an update to fix the problem.
“They didn’t hack Microsoft, no-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft. If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels,” Hypponen said.
The breach raised questions over whether Microsoft knew its software was being used for espionage, but according to Hypponen the company would not have risked damaging its reputation and was most likely a pawn in the escalating cyberdefence ecosystem.
“I don’t think Microsoft was in on it, that it was helping the US government and I don’t believe that because it looks very bad for Microsoft. I find it very hard to believe that Microsoft’s top management would have approved that,” Hypponen said.
“It’s plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” he said. “It’s not certain, but it would be common sense to expect they would do that.”
Microsoft hasn’t offered a comment on the claims.

NOTE: This is what US Counter-cyberintelligence was set up to do. Like ‘international terrorists’ are blamed for terrorism by the very same agencies that created, trained, directed and funded said ‘terrorists’, ‘international hackers’ are really the same intelligence agencies doing the same thing in the cyber-domain.
Cyberwar: US and Israel Created Stuxnet, Lost Control of It

Creating bogus enemies to justify Internet control: CIA, NSA most probably infiltrated Microsoft to write malware

Kevin Fogarty

IT World

The news gives a whole new meaning to Intel's motto...

The news gives a whole new meaning to Intel’s motto…

Did spies posing as Microsofties write malware in Redmond? How do you spell ‘phooey’ in C#?
A leading security researcher has suggested Microsoft’s core Windows and application development programming teams have been infiltrated by covert programmer/operatives from U.S. intelligence agencies.
If it were true it would be another exciting twist to the stories of international espionage, sabotage and murder that surround Stuxnet, Duqu and Flame, the most successful cyberwar weapons deployed so far, with the possible exception of Windows itself.
Nevertheless, according to Mikko Hypponen, chief research officer of antivirus and security software vendor F-Secure, the scenario that would make it simplest for programmers employed by U.S. intelligence agencies to create the Stuxnet, Duqu and Flame viruses and compromise Microsoft protocols to the extent they could disguise downloads to Flame as patches through Windows Update is that Microsoft has been infiltrated by members of the U.S. intelligence community.
Having programmers, spies and spy-supervisors from the NSA, CIA or other secret government agencies infiltrate Microsoft in order to turn its technology to their own evil uses (rather than Microsoft’s) is the kind of premise that would get any writer thrown out of a movie producer’s office for pitching an idea that would put the audience to sleep halfway through the first act.
Not only is it unlikely, the “action” most likely to take place on the Microsoft campus would be the kind with lots of tense, acronymically dense debates in beige conference rooms and bland corporate offices.
The three remarkable bits of malware that attacked Iranian nuclear-fuel development facilities and stole data from its top-secret computer systems  –  Flame Duqu and Stuxnet  –  show clear signs of having been built by the same teams of developers, over a long period of time, Hypponen told PC Pro in the U.K.
Flame used a counterfeit Microsoft security certificates to verify its trustworthiness to Iranian users, primarily because Microsoft is among the most widely recognized and trusted computer companies in the world, Hypponen said.
Faking credentials from Microsoft would give the malware far more credibility than using certificates from other vendors, as would hiding updates in Windows Update, Hypponen said.
The damage to Microsoft’s reputation and suspicion from international customers that it is a puppet of the CIA would be enough to keep Microsoft itself from participating in the operation, even if it were asked.
That doesn’t mean it didn’t happen.
“It’s plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” Hypponen told PC Pro. “It’s not certain, but it would be common sense to expect they would do that.”
The suggestion piqued the imaginations of conspiracy theorists, but doesn’t have a shred of evidence to support it.
It does have a common-sense appeal, however. Planting operatives inside Microsoft would probably be illegal, would certainly be unethical and could have a long-range disadvantage by making Microsofties look like tools of the CIA rather than simply tools.
“No-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft,” Hypponen said. “If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels.”
Hypponen is one of a number of security experts who have said Stuxnet and Duqu have the hallmarks of software written by traditionally minded software engineers accustomed to working in large, well-coordinated teams.
After studying the code for Duqu, security researchers at Kaspersky Labs said the malware was most similar to the kind of work done by old-school programmers able to write code for more than one platform at a time, do good quality control to make sure the modules were able to install themselves and update in real time, and that the command-and-control components ahd been re-used from previous editions.
“All the conclusions indicate a rather professional team of developers, which appear to be reusing older code written by top “old school” developers,” according to Kaspersky’s analysis. “Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a ‘one of a kind’ piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see.”
Earlier this month the NYT ran a story detailing two years worth of investigations during which a range of U.S. officials, including, eventually, President Obama, confirmed the U.S. had been involved in writing the Stuxnet and Flame malware and siccing them on Iran.
That’s far from conclusive proof that the NSA has moved its nonexistent offices to Redmond, Wash. It doesn’t rule it out either, however.
Very few malware writers are able to write such clean code that can install on a variety of hardware systems, assess their new environments and download the modules they need to successfully compromise a new network, Kaspersky researchers said.
Stuxnet and Flame are able to do all these things and to get their own updates through Windows Update using a faked Windows Update security certificate.
No other malware writer, hacker or end user has been able to do that before. Knowing it happened this time makes it more apparent that the malware writers know what they are doing and know Microsoft code inside and out.
That’s still no evidence that Microsoft could be or has been infiltrated by spies from the U.S. or from other countries.
It does make sense, but so do a lot of conspiracy theories.

NOTE: There’s that anti-dot-connecting term again, conspiracy theories… ‘don’t mind the man behind the curtain!’
Internet Blackout Arrives For Thousands as FBI shuts down Internet users infected by US counter-cyberintelligence operation

Until there’s some solid indication Flame came from inside Microsoft, not outside, it’s probably safer to write off this string of associative evidence.
Even in his own blog, Hypponen makes fun of those who make fun of Flame as ineffective and unremarkable, but doesn’t actually suggest moles at Microsoft are to blame.
In the end it doesn’t really matter. The faked certificates and ride-along on Windows Update demonstrate the malware writers have compromised the core software development operations at Microsoft. They don’t have to live there to do it; virtual compromise on the code itself would do the job more effectively than putting warm bodied programmers in the middle of highly competitive, highly intelligent, socially awkward Microsofties with a habit of asking the wrong question and insisting on an answer.
The risk of having any such infiltration discovered is far too high to expose the cyberwar version of Seal Team Six to the perils of Redmond.
Still, the assumption seems to be true metaphorically, if not physically, so it’s safer to assume Microsoft and its software have both been compromised. Given the track record of Stuxnet, Duqu and Flame for compromising everything they’re aimed at, that assumption isn’t even much of a stretch.

Advertisements

HELP SUPPORT THE EXALTED TRUTH with a Donation Today!

Enter your email address to follow the Exalted Truth and receive notifications of new posts by email.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: