US Security Services May 'Have Moles Within Microsoft,' Says Researcher

Barence writes "U.S. government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert. According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the U.S. government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack. 'It's plausible that if there is an operation under way and being run by a U.S. intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,' he said. 'It's not certain, but it would be common sense to expect they would do that.'"

Ockham's razor

... or they just paid/threatened Microsoft. Much simpler and easier.

Re:Ockham's razor

[s.petry]

I'm not even sure they would have to do that. The technical details in TFA are a bit scarce, but enough exists for a better theory than the TFA presents.

Someone with some hefty CPU power broke the MS cert, which allowed them to create their own at will and spoof a MS cert.

The Government has the access to MS source code, and their methods. If you know where hooks get applied and how priorities work, you don't need to be from MS to write good code. You just need to be a good coder.

Spoofing Windows Update server really would not be that hard. Hell you don't even need a real man in the middle attack if you have a forged Cert and know the structure. You just need to spoof a DNS answer, the client will do everything else for you.

Having the fake key is huge! Write an application, sign as Genuine MS, put on a faked Windows update server, reroute a DNS call. Shazam! Of course there is other knowledge required, such as evading AV detection, etc.. but they had that figured out very well also.

It would take a good team, and time, but no need to have a mole. I would not be surprised if the US Government had moles in MS, but if they did it would primarily be for reasons other than Stuxnet and Flame, or any other computer espionage program.

Re:Ockham's razor

[flyingsquid]

... or they just paid/threatened Microsoft. Much simpler and easier.

The problem with the claim put forward in the article is that it is *not* the logical conclusion of what we know about Stuxnet and Flame. What we know about Flame is that (i) it's the most advanced piece of malware ever created (that we know about), (ii) it has connections to Stuxnet, (iii) it's primarily targeting Iran, but it's also targeting Syria, Palestine, Egypt, Saudi Arabia. That information tells us a lot about who was behind it.

Okay, so first off, Flame is very large and extremely advanced. That implies a country with an advanced cyber-warfare program. That list is fairly short, and the big names on it are the United States, Russia, China, and Israel.

Second, the people behind Flame were also involved in Stuxnet. The people analyzing Stuxnet came to the conclusion that it was the work of two different countries, with suspicion falling on the U.S. and Israel. In the New York Times article, it's reported that Stuxnet is designed by the U.S., but the Israelis helped out. The Obama Administration has not denied anything published in that article.

Third, Flame is primarily targeting Iran, again that points to the U.S. and Israel, Iran's primary enemies. However, Flame's secondary targets are all areas that are potential threats to Israel (Syria, Palestine, Egypt, Saudi Arabia) but this list does not include countries that pose security threats to the U.S. but not to Israel (Afghanistan, Iraq, North Korea). Finally, there are also some Flame infections in Israel itself. Given that one of the purposes of an intelligence organization is (unfortunately) to spy on their own citizens, that also fits the idea that Flame is written by the Israelis.

If Flame is Israeli, then the idea that the U.S. is planting spies in Microsoft is not the "logical conclusion" of the facts at all. So does this mean that the Mossad has penetrated Microsoft? Well, I suppose it's possible. It would antagonize the U.S. to learn that our ally has spies in our corporations, but it's also been alleged that Israel has moles in the Pentagon, so it wouldn't be entirely surprising, either.

Re:Ockham's razor

[dnahelicase]

>

It would take a good team, and time, but no need to have a mole. I would not be surprised if the US Government had moles in MS, but if they did it would primarily be for reasons other than Stuxnet and Flame, or any other computer espionage program.

I would be surprised if the US doesn't have "spies" within Microsoft. Microsoft is huge, and hugely important in how the world handles data. I would be shocked if the US, China, India, Russia, and several other countries didn't have "spies" somewhere in Microsoft.

They don't need them...

The US Government has licenses for the Windows source code. Nothing we've seen those virii do have required anything more than that.

Re:They don't need them...

[Gr33nJ3ll0]

In this case the article is talking about MS CERTIFICATES, so having access to the source code is irrelevant.

Wouldn't surprise me.

What would surprise me, is if the US thinks they're the only one.

Why would the US government need moles?

[Apharmd]

I doubt Microsoft would balk at any requests at access. These are, after all, matters of national security, and are therefore paramount over all other concerns. No decent American (ahem) company could refuse.

Re:Why would the US government need moles?

[fuzzyfuzzyfungus]

As long as it doesn't pertain to any matter regarding the possibility of tax liability, of course.

There are just some sacrifices that are too great to bear...