11.08.09

Windows Back Doors Spin Out of Control, End up in Black Market

Posted in Microsoft, Security, Windows at 9:18 pm by Dr. Roy Schestowitz

Everyone is a forensic expert now

Tank

Summary: Free access for everybody; Microsoft’s back-door keys are now available for everyone to download and new issues about Windows security raise serious questions about liability

Credit goes to Bruce Schneier, who warned about this when it was first introduced publicly. He predicted exactly what would happen with Microsoft's back doors (also learn about CIPAV), which it foolishly believed it could keep under exclusive police control. According to this from Gizmodo:

Apparently Microsoft’s COFEE software that helps law enforcement grab data from password protected or encrypted sources is leaking all over the internet. So not only can you steal the software, but break the law by using it too.

More here:

Siren.gif: Microsoft COFEE law enforcement tool leaks all over the Internet~!

[..]

It was one of the most sought after applications on the Internet until it was leaked earlier today. And now that it’s out there—and it is all over the place, easily findable by anyone able to use a search engine—we can all move on with our lives. Yes, Microsoft COFEE, the law enforcement tool that mystified so many of us (including Gizmodo~! and Ars Technica~!), is now available to download. If only there were a “bay” of some sort where, I don’t know, pirates hang out…

Law does not directly interfere with behaviour, so mere threats against COFEE downloaders will not undo the damage which is coming.

The amusing thing is that Robert Scoble mocked me for writing about this back in 2006 when it was secret. Being a Microsoft evangelist (lead AstroTurfer), it was probably his duty to deny the existence of such back doors, which are now available for access by anyone who is interested and determined enough to find the trap door binaries.

The police is said to be carrying the software on USB drives, so how inevitable was such a leak really? It’s a stupid idea to begin with, just like AutoRun, which was removed by Microsoft for doing more harm than good (infection upon insertion). That was Microsoft’s admission of failure with its security approach and the Washington Post has a whole new article about it:

What Windows Autorun Has Wrought

[...]

A new report by Microsoft shows that the two most prevalent threats to Windows PCs in the first half of 2009 were malicious programs that have been aided mightily in their spread by a decision by Microsoft to allow the contents of removable media — such as USB thumb drives — to load automatically when inserted into Windows machines.

In its latest “Security Intelligence Report,” Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively.

NASA’s operations in space were affected by this (computer viruses passing via USB drives in Windows, maybe with AutoRun doing its magic). It’s even too much for the FBI. Free Software Magazine now asks: “Are Microsoft to blame for ‘hidden’ malware costs and will Windows 7 make any difference?”

A couple of stories have hit the headlines this year concerning the huge cost that some UK Local Governments incurred when dealing with malware attack on their Windows machines. If you missed them, Manchester City Council had a single USB infected with the infamous Conficker worm and it cost them — brace yourself — £1.5m ($2.4m) of which £1.2m (US$1.9m) was spent on IT, of which a staggering £600,000 (US$980k) went on consultancy fees including money to Microsoft. A while later, Ealing Borough Council were hit with a cost of £500000 (about US$ 800k) when they were also hit by a single USB stick containing conficker. Some in the industry tweeted and blogged this as being a “hidden cost of using Microsoft Windows”. In the ensuing discussion, many pointed out that the high cost was really due to the lack of a proper patching and disaster recovery policy at the council. So which is right? Is dealing with malware a hidden cost of using Windows or of a poor IT strategy?

[...]

Regardless of your software choice, a poor patching policy is a very bad idea if you value system integrity. But if you going to argue your case on TCO, Microsoft, don’t then try to dodge talk of the additional costs for maintaining, patching and clearing a Windows-based system.

To answer the main question, Vista 7 will make no difference. It is just as insecure as predecessors (one might say it is even less secure). Evidence includes:

  1. Cybercrime Rises and Vista 7 is Already Open to Hijackers
  2. Vista 7: Broken Apart Before Arrival
  3. Department of Homeland Security ‘Poisoned’ by Microsoft; Vista 7 is Open to Hijackers Again
  4. Vista 7 Security “Cannot be Fixed. It’s a Design Problem.”
  5. Why Vista 7 Could be the Least Secure Operating System Ever
  6. Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
  7. Vista 7 Vulnerable to Latest “Critical” Flaws
  8. Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
  9. Reason #1 to Avoid Vista 7: Insecurity
  10. Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)

To address the question of liability, here we have a collection of external references. Some journalists say that Microsoft should be held accountable for these damages.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/11/08/cofee-leaks/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

7 Comments

  1. Yuhong Bao said,

    November 9, 2009 at 12:24 am

    Gravatar

    Well, does COFEE really use any Windows backdoors? Has anyone disassembled or even used the software to see if it does.

    your_friend Reply:

    We shall see, but there’s no denying that Windows is backdoored. Schneier said, “it’s certainly not a back door, as TechDirt claims.” To his discredit, he offered no explanation of how encrypted data can be so easily cracked without the underlying encryption being intentionally weak or compromised, aka “backdoored.” It would also have been rash of him to dismiss the possibility of COFEE installing even more malicious software on the victim’s computer but it is not clear he meant that. Those interested will learn exactly what’s on the device, if the leaked version is not itself a trojan or missdirection. Schneier predicted something would get out because no one can share a secret it with hundreds of minimally trained staff and expect it to remain a secret. Eventually, he will be right.

    Jose_X Reply:

    Yes, Microsoft software’s weak security and Microsoft’s delays in fixing security problems or not addressing the underlying causes is effectively their support of backdoors while attempting to maintain Plausible Deniability http://en.wikipedia.org/wiki/Plausible_deniability .

    From the user’s pov there are many backdoors inside Microsoft software and many third parties exploiting these every day (Windows malware). Which of these backdoors are intentional to exploit the user or intentional to facilitate “justified remote overrides” and which are bugs is not that important if the goal is for the owner of the box and the data to avoid compromises and violations of privacy, period.

    OTOH, I think Microsoft _might_ lay claim over ownership to a lot of software and data created by their software. In this case, the accurate question would be, why use “their software to create their data” instead of using open source software (“your” software) to create your data?

    Since all software essentially has bugs, the choice between Microsoft software and open source software becomes one of degree. How easily can you be compromised when you use each system. And whom do you trust: a particular for-profit company with a dirty past or the public and yourself (who have access to open source)? I trust the public to take care of itself more than I trust Microsoft to take care of all of us.

    Roy Schestowitz Reply:

    There have been cases where Microsoft (and more infamously Yahoo!) collaborated with governments to suppress free speech.

    Yuhong Bao Reply:

    “Yes, Microsoft software’s weak security and Microsoft’s delays in fixing security problems or not addressing the underlying causes is effectively their support of backdoors”
    I don’t think so, but yes there is indeed an industry where 0-day security bugs are sold as “happy packs” instead of reported to the vendor:
    http://reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1
    http://reversemode.com/index.php?option=com_content&task=view&id=58&Itemid=1
    It is not MS’s fault, though, and it is not even limited to MS code security bugs either.
    “Since all software essentially has bugs, the choice between Microsoft software and open source software becomes one of degree. How easily can you be compromised when you use each system. And whom do you trust: a particular for-profit company with a dirty past or the public and yourself (who have access to open source)? I trust the public to take care of itself more than I trust Microsoft to take care of all of us.”
    AFRIK, open source projects do vary in how they handle security bugs, the worst is this case:
    http://www.coresecurity.com/content/open-bsd-advisorie
    But, yes, open source do make it better.

    Yuhong Bao Reply:

    Well, live data capture would make a BitLocker backdoor unnecessary, and that is indeed how MS claims COFFE works:
    From http://government.zdnet.com/?p=3781:
    “While COFEE doesn’t break BitLocker or open a back door, it captures live data on the computer, which is why it’s important for agents not to shut down the computer first, Fung said. A law enforcement agent connects the USB drive to a computer at the scene of a crime and it takes a snapshot of important information on the computer. It can save information such as what user was logged on and for how long and what files were running at that time, Fung said. It can be used on a computer using any type of encryption software, not just BitLocker. Previously, an officer might spend three or four hours digging up the information manually, but COFEE lets them do it in about 20 minutes, he said.”

  2. uberVU - social comments said,

    November 9, 2009 at 5:07 am

    Social comments and analytics for this post…

    This post was mentioned on Twitter by Gumblar: Blog: Windows Back Doors Spin Out of Control, End up in Black Market … http://bit.ly/3BEV9q

What Else is New


  1. Links 25/2/2021: RHEL for Open-Source Infrastructure, GNOME 40 Beta, LXPanel 0.10.1

    Links for the day



  2. IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge

    IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge



  3. Techrights Gemini Capsule, Now With Over 35,000 Pages and Files

    Blog posts combined with static (plain text) files are now 36,000+ in number, just for Gemini protocol alone; that number keeps growing as our conversion proceeds and evolves (our software will be released under terms of the AGPLv3)



  4. Eventually, or Hopefully, Many People Will Come Back to What the Web Used to Be (Or Web Alternatives More Like the 'Old' Web)

    With RSS feeds making a comeback and a resurgence of personal blogs we can take back the Web from a cabal of tech/Internet giants and social control media, censored, curated and spied on by oligarchy



  5. If Wikipedia is Controlled by Corporations and Mobs, It Needs to Be 'Cancelled'

    Facts have never truly mattered in social control media sites; it certainly seems as though Wikipedia now suffers the very same issue/deficit, allowing oligarchs and their companies to define what goes on in the world and which people Wikipedia should regard as persona non grata



  6. GNU/Linux Reaffirms Its Status as the Universal and Inter-planetary Operating System

    The operating system made for and by scientists (not business sharks and marketing cults) is winning the battle, and not only in this planet



  7. IRC Proceedings: Wednesday, February 24, 2021

    IRC logs for Wednesday, February 24, 2021



  8. Links 25/2/2021: Kali Linux 2021.1, Wine Launcher 1.4.46, and Google's Security Posing

    Links for the day



  9. Links 24/2/2021: MariaDB 10.5.9, Krita 4.4.3 Beta, and Debuginfod Server for Debian

    Links for the day



  10. Self-Host Your Videos, Take Full Advantage of HTML5 and Video Attributes

    For self-hosting of videos over the World Wide Web (Gemini too can handle videos; its clients/browsers can, for example, link video files/URLs to external media players) it's worth reviewing the full set of features made available by the standards because a lot can be accomplished without JavaScript and without unnecessary bloat/complexity



  11. Trying Out NoiseTorch to Reduce Background Sound/Noise in GNU/Linux

    An introduction to noisetorch (or NoiseTorch), an application that helps create virtual microphones/devices with reduced background noise



  12. How the Big Banks and OIN Can Whitewash Software Patents and Do Nothing Concrete About Patent Trolls

    Response to the puff piece entitled "How the Big Banks and OIN Can Lock Out Patent Trolls with Enabled Publications"



  13. IRC Proceedings: Tuesday, February 23, 2021

    IRC logs for Tuesday, February 23, 2021



  14. How to Set Up a Gemini Server of Your Own, Even on a Simple Single-Board Computer

    Using Agate to start one's own Gemini capsule (self-hosted) is a lot simpler than one might be inclined to believe; this is a detailed HOWTO, hoping to encourage more people to join Gemini space, which is fast-growing and free of garbage



  15. Links 23/2/2021: Tails 4.16, Libinput 1.17, Fwupd 1.5.7, Firefox 86, NeoChat 1.1

    Links for the day



  16. The Word Master is Not Problematic in Most Contexts and Its Origin Hasn't a Connection to Slavery

    Slavery is to the word "master" mostly disconnected; it might, however, be closely connected in the minds of racists or the agenda of highly racist corporations (profiting from racism) that look for ways to distract from their racism



  17. On Misapplication, Misuse, Overuse and Abuse of Words (to Suit False Narratives)

    It is looking like the word "abuse" has been extended to basically mean all sorts of things including the act of actually exposing real abuse



  18. The Administrative Council Needs to Fix the EPO While It's Still Possible

    EPO staff and former staff (pensioners) aren't happy and the it's the responsibility of the Administrative Council to do something before it's too late (the reputation of the Office is already severely harmed and it's unable/unwilling to recruit suitable and qualified people, both as examiners and managers, respectively)



  19. 'These Questions Remain Unanswered': Campinos Became Battistelli Just Halfway Through His Term

    The Central Staff Committee of the EPO highlights the grim situation or the deadlock reached after totally dysfunctional Office management somehow managed to kill off channels of communication, in effect going back to where things were back in 2018 under Battistelli



  20. 'The One Percent': Salary Adjustment Procedure (SAP) Supported Only by 1% of EPO Staff

    Out of 2,237 EPO workers who expressed their position on the SAP, which in essence lowers their salary, only 31 expressed support for it (that's 1.385%)



  21. IRC Proceedings: Monday, February 22, 2021

    IRC logs for Monday, February 22, 2021



  22. DDOS Attacks and Decentralisation

    Our server, which is shared among sites, has been under persistent distributed denial of service (DDOS) attacks almost every day in recent weeks, culminating in much worse attacks last night, but we're not too worried anymore



  23. Links 23/2/2021: Gemini (and Gopher) on the Rise Again, Systemd 248 Reaches RC1

    Links for the day



  24. On the Terms Master, Main and Abuse

    Reprinted with permission from Daniel Pocock



  25. Microsoft Inside — Part IV: Microsoft Everywhere, Looking to Poach Developers, Not Disclosing What It Really Wants

    As it turns out, just about everyone looking to recruit for a Microsoft-connected project/company (working on Raspberry Pi, Ubuntu etc.) near Microsoft is 'former' Microsoft, but people who are being approached aren't being told so, at least not upfront; those are very familiar and old tactics, which merit a word of caution to all



  26. Microsoft: We Ain't Done Until Raspberry Pi Won't Run (Anything But Our Proprietary Software With 'Telemetry' Surveillance)

    The ongoing series which we started yesterday and still publish today (about Microsoft recruiters) shows that Microsoft has rather toxic ambitions and the general idea is to infect everything with Microsoft, even the things that compete against Microsoft



  27. Controlling the Conduct of Large Corporations (and Monopolies) Would Help Tackle Disproportionate and Asymmetric Power Structures

    A "CoC" (Code of Conduct) is often crafted or drafted with good intentions; but with enforcement put in the wrong hands it is a tool of corporate oppression instead of protection of people's dignity



  28. Another Reason to Boycott Microsoft/GitHub: The War on Reverse-Engineering

    The high-profile fan-made reverse-engineering efforts are being proactively censored by Microsoft on behalf of another company (without as much as due process), reaffirming the problematic nature of GitHub, a monopoly that represses Free software developers



  29. Links 22/2/2021: Lots More About Linux on Mars, Release of 4MLinux 35.2

    Links for the day



  30. Microsoft Inside — Part III: Microsoft Finds Out That Free Software Developers Don't Want to Work for Microsoft on Microsoft Platforms

    The attempts to poach high-profile Free software and GNU/Linux developers aren't succeeding, especially once it turns out who's really behind those attempts (they don't give it away upfront)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts