Could US cyberspies have moles inside Microsoft?

Microsoft

Security expert claims US could have agents working inside the software giant

US government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert.

The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines.

According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack.

“The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government,” Hypponen said.

It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft

“This makes you think that this breach of Microsoft's update system was done by the Americans and most likely a US agency, someone like the NSA,” Hypponen said. “That must make Microsoft mad as hell that its most critical system, used by 900 million of its customers, was breached by fellow Americans.”

The Flame virus used forged Microsoft certificates to gain access to computer systems because it is one of the most trusted companies, with any code-signing certificates from the company given white-list access to computers.

Although Microsoft itself was not hacked, the certificate abuse left the company red-faced and it scrambled to release an update to fix the problem.

“They didn't hack Microsoft, no-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft. If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels," Hypponen said.

The breach raised questions over whether Microsoft knew its software was being used for espionage, but according to Hypponen the company would not have risked damaging its reputation and was most likely a pawn in the escalating cyberdefence ecosystem.

“I don't think Microsoft was in on it, that it was helping the US government and I don't believe that because it looks very bad for Microsoft. I find it very hard to believe that Microsoft's top management would have approved that,” Hypponen said.

“It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” he said. “It's not certain, but it would be common sense to expect they would do that.”

Microsoft hasn't offered a comment on the claims.

Read more

News