Skip to navigation
Latest News

Could US cyberspies have moles inside Microsoft?


By Stewart Mitchell

Posted on 15 Jun 2012 at 09:00

US government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert.

The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines.

According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack.

“The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government,” Hypponen said.

It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft

“This makes you think that this breach of Microsoft's update system was done by the Americans and most likely a US agency, someone like the NSA,” Hypponen said. “That must make Microsoft mad as hell that its most critical system, used by 900 million of its customers, was breached by fellow Americans.”

The Flame virus used forged Microsoft certificates to gain access to computer systems because it is one of the most trusted companies, with any code-signing certificates from the company given white-list access to computers.

Although Microsoft itself was not hacked, the certificate abuse left the company red-faced and it scrambled to release an update to fix the problem.

“They didn't hack Microsoft, no-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft. If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels," Hypponen said.

The breach raised questions over whether Microsoft knew its software was being used for espionage, but according to Hypponen the company would not have risked damaging its reputation and was most likely a pawn in the escalating cyberdefence ecosystem.

“I don't think Microsoft was in on it, that it was helping the US government and I don't believe that because it looks very bad for Microsoft. I find it very hard to believe that Microsoft's top management would have approved that,” Hypponen said.

“It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” he said. “It's not certain, but it would be common sense to expect they would do that.”

Microsoft hasn't offered a comment on the claims.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Is this a surprise?

Is anyone surprised by this? My assumption was that Microsoft, Google, Apple, Facebook and any other large (particularly US based) tech companies might have moles inside, working for various agencies, domestic and foreign.

Maybe I've watched one too many episodes of 24?

By SirRoderickSpode on 15 Jun 2012

Laughable naivete ...

... To think that there are not many 'moles' in such organisations.

Once you get away from thinking of Bondish agents breaking into safes and using micro cameras, and think in more realistic terms such as employees with casual links to various security agencies of various countries it's not in the least surprising.

By qpw3141 on 15 Jun 2012

Was it on this very website?

A couple of years or so ago MI6 were activly recruiting via Facebook? I bet if someone sent them a request and had "currently working at Microsoft" on their CV it would be job done.

By JStairmand on 15 Jun 2012


Maybe Iran etc should have used Linux, probably would have been safer! Well until the US wrote a virus for it but it would have been harder to penetrate.

By monotok on 15 Jun 2012


Surly the news here is what is the "conclusive proof that Stuxnet was a US tool" that Mikko Hypponen refers to? Otherwise it's all speculative fiction.

By chapelgarth on 15 Jun 2012


Moles inside Microsoft!!
You should see the mess they have made of my lawn

By JimAbz1 on 17 Jun 2012

Companies like Microsoft are given offers they cannot refuse

Security agencies threaten and intimidate companies similar to the mob.

If they do not cooperate, they get more random law suits and FBI raids like Gibson Guitar.

By steve0210 on 21 Jun 2012

Huh, that's a laugh!

Are you kidding? Some suspect that Microsoft, Google and the likes were actually set up to spy on people. You know, Facebook, Twitter, Youtube etc etc. I often wonder what my copy of Norton is doing other than what it claims its doing... I would be very surprised if it wasn't spying on me and reporting back to some bunch of sickos.

By Martin_Kay1 on 21 Jun 2012

Leave a comment

You need to Login or Register to comment.



Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.