Could US cyberspies have moles inside Microsoft?
By Stewart Mitchell
Posted on 15 Jun 2012 at 09:00
US government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert.
The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines.
According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack.
“The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government,” Hypponen said.
It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft
“This makes you think that this breach of Microsoft's update system was done by the Americans and most likely a US agency, someone like the NSA,” Hypponen said. “That must make Microsoft mad as hell that its most critical system, used by 900 million of its customers, was breached by fellow Americans.”
The Flame virus used forged Microsoft certificates to gain access to computer systems because it is one of the most trusted companies, with any code-signing certificates from the company given white-list access to computers.
Although Microsoft itself was not hacked, the certificate abuse left the company red-faced and it scrambled to release an update to fix the problem.
“They didn't hack Microsoft, no-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft. If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels," Hypponen said.
The breach raised questions over whether Microsoft knew its software was being used for espionage, but according to Hypponen the company would not have risked damaging its reputation and was most likely a pawn in the escalating cyberdefence ecosystem.
“I don't think Microsoft was in on it, that it was helping the US government and I don't believe that because it looks very bad for Microsoft. I find it very hard to believe that Microsoft's top management would have approved that,” Hypponen said.
“It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” he said. “It's not certain, but it would be common sense to expect they would do that.”
Microsoft hasn't offered a comment on the claims.
Is this a surprise?
Is anyone surprised by this? My assumption was that Microsoft, Google, Apple, Facebook and any other large (particularly US based) tech companies might have moles inside, working for various agencies, domestic and foreign.
Maybe I've watched one too many episodes of 24?
By SirRoderickSpode on 15 Jun 2012
Laughable naivete ...
... To think that there are not many 'moles' in such organisations.
Once you get away from thinking of Bondish agents breaking into safes and using micro cameras, and think in more realistic terms such as employees with casual links to various security agencies of various countries it's not in the least surprising.
By qpw3141 on 15 Jun 2012
Was it on this very website?
A couple of years or so ago MI6 were activly recruiting via Facebook? I bet if someone sent them a request and had "currently working at Microsoft" on their CV it would be job done.
By JStairmand on 15 Jun 2012
Maybe Iran etc should have used Linux, probably would have been safer! Well until the US wrote a virus for it but it would have been harder to penetrate.
By monotok on 15 Jun 2012
Surly the news here is what is the "conclusive proof that Stuxnet was a US tool" that Mikko Hypponen refers to? Otherwise it's all speculative fiction.
By chapelgarth on 15 Jun 2012
Moles inside Microsoft!!
You should see the mess they have made of my lawn
By JimAbz1 on 17 Jun 2012
Companies like Microsoft are given offers they cannot refuse
Security agencies threaten and intimidate companies similar to the mob.
If they do not cooperate, they get more random law suits and FBI raids like Gibson Guitar.
By steve0210 on 21 Jun 2012
Huh, that's a laugh!
Are you kidding? Some suspect that Microsoft, Google and the likes were actually set up to spy on people. You know, Facebook, Twitter, Youtube etc etc. I often wonder what my copy of Norton is doing other than what it claims its doing... I would be very surprised if it wasn't spying on me and reporting back to some bunch of sickos.
By Martin_Kay1 on 21 Jun 2012
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords