The NSA Intercepted Microsoft's Windows Bug Reports

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

kek

lol smell it

Re: kek

Few bug reports are exploitable. Surely, it is 99.9% "windows crashed" with no info on reproducability - especially from remote.

Only a few days after Shneier talked about it

Bruce has a better moderation system than /., and fewer Putinbots. Coincidence I'm sure.

So THAT's what NT based OS "NSAKey"'s for

See subject & NT based OS' "NSAKey" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=NSAKey&btnG=Google+Search&gbv=1/

* :)

(Sarcasm... or, is it?)

APK

P.S.=> In any event (despite my "flippant post")? This is disgusting & wrong of the NSA to do imo - they're supposed to PROTECT US, not abuse us (OR our companies)... apk

Well, sure.

[Frosty+Piss]

I suppose this is "news", but I also suppose it should have been (and for many, was) assumed. And I'll bet the NSA and the foreign equivalents are not the only ones that thought of this obvious source...

Re:Well, sure.

Best value is that people can't dismiss security concerns now with terms like conspiracy theorists.

This stuff is happening, worse than assumed.

Re:Well, sure.

[ls671]

Sure, just have a list of keys like .ssh/authorized_keys so anybody could stick its own key in there.

Re:Well, sure.

[AHuxley]

Re " and the foreign equivalents are not the only ones that thought of this obvious source"
The foreign equivalents don't watch the internet like the NSA and GCHQ do.
The net belongs to the NSA, so other nations don't waste funds on low return internet things.
Some of the cool things other nations did or learned from just went back to simple human spying.
France had all its diplomatic codes broken by the USA and UK in the 1950's. It took France a while to learn from that decade long communications mistake.
China learned of the importance of Little Sai Wan in Hong Kong and just sent human spies in. The UK was using translators it could not trust trying to keep up with the amount of collection into the 1960's. China just used well placed human spies to collect on the secret UK collect it all policy.
The UK collected from Cyprus. The UK base staff had long hours and very low pay. Soviet spies just to wait in the local bars and make a lot of new friends with stories to share.
Foreign equivalents spy on their own nations but have learned to be much more careful around the world using well supported human spies.

Really smart nations have worked around that US/UK global collection system many decades ago. Collect it all is great for contractor overtime and seeing the world.
Collect it all works wonders if the enemy never knows about it. The easy Enigma days are over.
What can be learned from Windows networks left wide open in other nations? The emery left a bait computer online and waits to see who comes looking?
Tech support or a charity over story? NGO? Who wants access to that building and network once its found?
The UK and USA have to watch every interesting computer network globally. The enemy just has to bait a few networks in their own select buildings with gems of unencrypted information.

Re:Well, sure.

Windows 10 sends much more than bug reports. I expect all of that is getting swept up by the NSA as well. Given the "Cozy" relationship between the US Government and Microsoft the NSA probably gives them a list of stuff to gather. When building a secure vault, don't include windows.

Slashdot is speeding up

It's now reporting on articles from 2013!

can't be true.

the NSA intercepts and collects Windows bug reports.

No way can that be true. Even the NSA's Utah Data Center doesn't have that much storage capacity.

Re:can't be true.

[chill]

Deduplication works miracles on repetitive data. If there was ever a source of repetitive data, Microsoft crashes are it.

Re:can't be true.

Finally, a post that made me laugh. Very nice. I also think broadband speeds have been held back because of the need to match NSA data storage capacity with internet throughput.

Re:can't be true.

[AHuxley]

AC the Windows bug reports of interesting people.
The people who know interesting people.
The people who are 3 and 4 hops from interesting people.
The unknown people who then make contact with interesting people or people who know interesting people.
Whats a few million files collected per task?
All the interesting users computers get altered as needed.

Re:can't be true.

[ls671]

Maybe, maybe not, it depends on how deduplicable the records are. The same bug trace could very well have different output on different computers, memory addresses etc. could be different.

Re:can't be true.

[apraetor]

Broadband speeds have lagged the rest of the developed world because monopolies only produce up to the point marginal cost equals marginal revenue. This wouldn't be a problem if, like most natural monopolies (water, electricity), broadband was closely regulated, but it isn't. There's effectively no fixed wireline competition for cable broadband; without competition there is no pressure to increase efficiency. The problem is that regulators have been pretending cable internet, dsl (i.e. uverse) internet, and wireless internet are substitute goods, when in fact they are not.

Cable and DSL are similar, but not substitutes; DSL cannot come anywhere near matching the throughput of cable. And as natural monopolies, it would be massively inefficient and costly for a second company to set up physical infrastructure duplicating the cable system, when the existing infrastructure is largely adequate. What we need is competition for USE of that infrastructure, rather than the current status quo.

Balding Academic King Among Men

Bruce Schneier's blog is awesome.

Do I have to switch to Microsoft's OS to get this?

I believe the crash reports aren't automatic with my current distribution. It's an opt-in thing and I never opt in. Though I have to wonder if the NSA isn't utilizing Microsoft's update system to insert backdoors on a select system basis (and for that matter other operating systems, potentially).

Ok...and?

The NSA intercepted ALL OF THE INTERNET TRAFFIC from/to targetted machines that was communicated on the internet - including their emails, web browsing, DNS server lookups, financial records, airline ticket purchases, amazon purchases, google searches for erectile dysfunction, blah blah blah...

Oh yeah and the bug reports SENT ON THAT SAME INTERNET got included too. But we're supposed to be shocked and outraged again?

Re:Ok...and?

[AHuxley]

Someone still thought bug reports got encrypted and sent to the big private company secure from strange computer on the net.
Reality now sets in.
Windows is the way in.

Re:Ok...and?

I know this will come as a surprise to you, given what is foisted off as news these days, but not all news is meant to cause shock and outrage.

Re:Ok...and?

LOL

You do realize that all traffic on I tunes up until about 2013 was under HTTP and had ZERO protection. I hope your *nix install also apt-gets over HTTPS from day one too, or they know what installs you have on your machine.

Thankfully Companies are starting to wisen up, and not assume the default state is to trust anything.

Re:Ok...and?

But this posting is nothing more than meant to cause shock and outrage with the click baity title.

Re:Ok...and?

[DarkOx]

Windows and windows networks are a huge liability. CIOs and CSO need to have a come to Jesus moment on that.

I sometimes do internal pentest work, and Its rare even not in 2017 that some combination of null sessions to get user names, and password spray, or just shutting up and listening for LLMNR or old NetBios and than cracking the acquired hashes won't work at a big organization. That is before you even need to consider getting "fancy" with attacks on Kerberos or SPNs. Yes you need to be on the internal network to do these things but you one good phishing catch away from that with most big organizations too. Many of the other pentests I know rarely even both trying to exploit other types servers or internal web applications anymore.

I am not saying the traditional UNIX/Linux solutions like (YP|NIS|LDAP|Hesiod) with or without Kerberos are not worse in many ways than (AD/LDAP) + Kerberos. Its just the AD is the standard and most often I see UNIX land being made to talk to AD rather than and Windows infra being made to speak anything UNIXy.

My thesis here is that when your authentication/authorization infrastructure itself is the biggest liability and has been for nearly a decade something is terribly terribly wrong. Windows/Windows networking really is the way in and why that remains "acceptably" is beyond me. Sure you can harden it a lot, but that is a real challenge for anyone who isn't an expert and does not have $$$ to eliminate every old client, many of which are part of integrated solutions like controllers etc.

What M$ really needs to do is make the next windows server upgrade move the hardened configurations OOB. No NTLMv1, no LLMNR, no NetBIOS, no null sessions, password complexity enabled, and some others. They then need to provide a "Gateway" for legacy systems where the older protocols can be configured to only talk to certain hosts, and only allow the use of specific accounts easily.

Um, yay for them?

[Snotnose]

Sure, they're slimy, illegal, and immoral. But it sounds like at least they're competent.

/ lock em up
// right next to Hillary
/// save a spot for Donny boy

Re:Um, yay for them?

[sheramil]

I hope they'll decide to monetize it soon - there's a bunch of posts I made to talk.bizarre a long time ago, and google doesn't seem to have archival copies.

Re:Um, yay for them?

Pretty much all spying is illegal.

Re:Um, yay for them?

It's only illegal from the target's viewpoint.

Re:Do I have to switch to Microsoft's OS to get th

[AHuxley]

Backdoor, front door, trapdoor, or in the window.
If one way in is closed by a user or unexpected update another way into Windows is found.
Collect it all always works.

those buggers

[turkeydance]

bugging

BSOD...

NSAs new logo.

This is actually serious

[FeelGood314]

The Microsoft bug reports are important to Microsoft. They do actually analyze them to try and find bugs or in their products or in code from common/popular vendors. The NSA is undermining this trust. This is similar to the way the USA undermined doctors in Pakistan by using doctors in their search for Bin Laden. Maybe if the USA had to compensate every single person who gets Polio 10 million dollars they might not think their plan was such a great idea. Same for the NSA, they should be trying to help close exploits but at this point their collateral damage has been far greater than anything they have prevented.

Re:This is actually serious

We told you so how many times?

Re:This is actually serious

Why exactly should they be doing Microsoft's job and closing exploits? They do have a defensive side but why would the offensive side be doing this? Their job is to spy so umm duh?

Make it simpler

[aepervius]

The NSA intercepted anything and everything which went in the direction of the US, possibly also stuff which never went in the US. Consider all your communication compromised by the NSA. Now whether you care (privacy minded people, people not liking government overreach and spying and crook/spy/other nations intelligence agencies) or not (most people) is up to you.

Re:Make it simpler

[apraetor]

Most people care, just not enough to make it worth the cost of doing anything. Make end-to-end encryption simpler and more ubiquitous (WhatsApp, Signal) and people will use it. Given two equivalent goods where the only differentiator is privacy, users will choose the more-secure option.

Re:Make it simpler

But making stuff secure necessarily entails making it less easy to use. Amber Rudd told me so.

Re:Occupation

[slashrio]

If it weren't for the 2nd amendment the US would already be occupied, by the deep state fascists.

Thanks, I was wondering who moved my splice

Well, back to work.

Windows 10 is spyware, then.

All that data Microsoft isn't telling anyone they are collecting on Windows 10 and swears it's just usage and diagnostics data?

Yeah. Now we know where that information is all going. Sure they state it's encyrpted, but 1 NSL later, and the NSA has the encryption key.

NSL's are not just unconstitutional. They're seriously damaging to your business.

What about exploitable 3rd-party bugs + targeting?

[Aryeh+Goretsky]

Hello,

I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.

Regards,

Aryeh Goretsky

Re: City Racing 3d Game

I clicked download. It keeps asking me for my password. I've given it every password I've ever created and nothing works. Someone help me please. I thought this site was filled with nerds.

Bug reports?

I think the big news here is that anybody would even submit one of those fucking things. I've never submitted one in my life, and never will.

To be fair, I'm not too big on "legal" windows installs either, and I also don't use Windows for anything other than playing a few games now and then.

But Windows Update is the backdoor ...

The NSA is not looking for exploits ... they use Windows Update.

Is this the reason ...

... why when I do have an error report for MS the server is always unavailable?