Microsoft Helped The NSA Bypass Its Own Encryption Software, Spy On Its Clients

Tyler Durden's picture

A few days ago, when we reported that NSA code had been inserted in Google's Android open-sourced OS (much to the fury of open-source code advocates everywhere), we noted that it has been public information that over a decade ago, Microsoft had inadvertently left clear signs that it was providing backdoor access to its legacy Microsoft operating systems. It turns out that this was merely the beginning. According to another just released report by the Guardian citing Snowden files, "Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian."

From the Guardian:

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

  • Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new portal;
  • The agency already had pre-encryption stage access to email on, including Hotmail;
  • The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
  • Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in that allows users to create email aliases;
  • Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;
  • Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

None of this is any surprise: that America's electronic communication sector is in bed with Uncle Bush and Uncle Obama was made abundantly clear in ""You Should Use Both" - How America's Internet Companies Are Handing Over Your Data To Uncle Sam." Still, prima facie proof that corporations systematically betray the privacy of their clients in order to curry favor with the government should be troubling if only to those who are not in the same state of completely symbiotic relationship with the government and whose sustinence depends on preserving Big Government at all costs, which as we will shows in a post shortly is just over 110 million Americans.

More from the Guardian explaining how anyone using MSFT products should be aware that the NSA logs every single keystroke:

The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.


The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's portal from the moment the company began testing the service in July last year.


Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on chats


A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."


Two months later, in February this year, Microsoft officially launched the portal.


Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and emails will be unaffected because Prism collects this data prior to encryption."


Microsoft's co-operation was not limited to An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.


The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".


The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."


A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in which allows users to create email aliases, which may affect our tasking processes."


The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.


One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.

Actually make that the NSA, as well as the FBI and CIA.

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.


The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".


The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"

Microsoft's statement to the Guardian:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.


Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.


Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues.

It also means that anyone who is reading this and has gotten this far into the post, has already triggered numerous NSA, FBI and CIA alarms and likely been branded by the NSA as a "reader" instead of a perfectly docile sheep who uses their spare time and negative savings to buy AMZN at #Ref! multiples and does the patriotic thing of buying the S&P at Bernankulous valuations.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
CaptainSpaulding's picture

I still love my windows 7 pro. Works like a charm. Very stable.

whotookmyalias's picture

Linux here, I hope NSA hasn't infiltrated that yet.

CaptainSpaulding's picture

Its a fully licensed version. Its a genuine Microsoft product

Pladizow's picture

Does Bill Gates work from Room 101?

Stuart's picture

Mirosoft is a SELL!

jaap's picture

Happy with ubuntu. Maybe they spy also through Linux, but at least I am not paying someone to spook on me.

CaptainSpaulding's picture

Linux is a fine operating system. My nephew uses it

The Thunder Child's picture

Well I gues we all know now how the name 'Windows' was derived. and are both secure kickass linux operating systems! Ubuntu and its variants are compromised, they send usage data back to Canonical on a regular basis.'s picture

I will do everything in my power to secure my natural and constitutional rights. How do you like that you treasonous sons of bitches?

Feel free to watch. It's a kick.

malikai's picture

"A few days ago, when we reported that NSA code had been inserted in Google's Android open-sourced OS (much to the fury of open-source code advocates everywhere), "

Seriously, TD? You're just looking bad now. If you're not going to do the research to figure out what it is, why go and make such rediculous statements?

Newsflash guys: You're running SE too. As is practically anyone on a modern linux. Oh, and guess what, you can evaluate every single line of code if you like. Or even better, you can disable it too!

fonestar's picture

SE Linux sux, turn it off... there is only one SU...  Me.

Yes We Can. But Lets Not.'s picture

You don't get to be as rich as Gates without blowing Uncle Sam along the way

knukles's picture

Another Conspiracy Theory blown to Facts
Jesus, I'm getting tired of saying that.

bank guy in Brussels's picture

Neither Bill Gates nor Mark Zuckerberg are 'entrepreneurs', they were both backed by the political mafia from their teens ...

Bill Gates came from a US political mafia family, his father in the Bogle Gates law firm that was right up there with the political elite in very dirty deals going back years

Gates and Zuckerberg too, did college at CIA-recruiting central station, Harvard University

Once in Harvard you are in the CIA loop ... finishing the diploma did not matter, Gates had the full US political mafia behind him via his father and the regime, to crush competitors and rivals etc with everything all 'legal' of course

When Zuckerberg was at Harvard three decades later, the CIA - Zionist 'internet star' loop was already well established, and Zuckerberg was picked to head yet another CIA - internet project alongside the CIA's Google Inc and the CIA's Wikipedia

« ... funding into Facebook ($US12.7 million) came from venture capital firm Accel Partners. Its manager James Breyer ... served on the board ... of In-Q-Tel, a venture capital firm established by the Central Intelligence Agency in 1999. One of the company's key areas of expertise are in "data mining technologies". »

SWRichmond's picture

has anyone ever addressed publicly the industrial espionage aspects of this scandal?  company secrets?  patents?  PAH

Say What Again's picture

I know this would never happen, but wouldn't it fun if EVERYONE in the free world (or at the least the revolution) decided on a day and time to start blasting shit on e-mail, blogs, etc., that contain trigger words.  Talk about a "thundering herd!"

Colonel Klink's picture

Even better, wouldn't it be cool if everyone who had Microsoft wormware as their operating system filed a class action lawsuit again MS for violation of their privacy and civil rights.

Ranger4564's picture

A lawsuit?  In the [ il ] legal system that constitutes our courts / judiciary?  Like the court that just gave Chevron access to the data of 100 opponents / protestors / environmentalists who were involved in a case against Chevron recently? Or maybe the Supreme of all Coopted Courts?

Are you still asleep?  This is not a nightmare... this is THE nightmare. Big Brother has been set up while we were not watching... the solution is exactly what is happening now... public disclosure and immediate awareness of everything the scumbags have been doing... they want to know, well so do we. There is ultimately only 1 answer to all of this, and it's going to take individual decisions to get there, but I suspect the conditions have been set for an armed uprising by the masses against a state / oligarchy who have gone insane. We will not be returned to the conditions of Egypt / Pharoah... sorry, we cannot allow that to happen.


fonestar's picture

If you really want to go off the grid Fonestar recommends Backtrack Linux Live CD (sorry, I meant GNU Linux Richard) diskless and access the Tor network through Wifi not in your name.  Sign up for Tormail and if you go down in the Deep Web stay down there, it's when you are resurfacing that you are likely to meet a torpedo.

malikai's picture

"Never get off the boat. Unless you're going all the way."

Praetorian Guard's picture

TOR is DOD based, you honestly believe they don't know starting and ending IP's? Sure you tunnel through a piggy backed IP, but don't think for one second they don't record the originating MAC address or ISP and IP...

Ralph Spoilsport's picture

Using Tor nowadays is a red flag. So is going through a VPN. Back to typewriters and one time pads I guess.

Praetorian Guard's picture

Email encryption is a farce - public keys can be intercepted or given. Better off using a standalone encryption program, on an encrypted system and encrypting your original email via the program, cut and paste into email provider. Person on other side has same software, but somewhere, in a face to face meeting with the other person, you agree on a "key" pertinent to the day, month, time, number key system or whatever that said originating email was sent.

Praetorian Guard's picture

As with anything... if you are concerned with open ports via winblows or some other OS get yourself a GOOD firewall that blocks all ports, all outgoing and incoming requests - wherein you literally have to allow access after being prompted by said firewall...

AGuy's picture

" OS get yourself a GOOD firewall that blocks all ports, all outgoing and incoming requests"

Doesn't matter, Firewalls, AV, etc only protect you against Non-gov't mailware:

1. NSA has equipment at all tier 1 ISPs they capture the data as it sent across the Internet. Encrypting helps but is no gaurentee that the NSA doesn't have the private keys need to decrypt it.

2. NSA has implement Spy ware in the Semiconductors (ie Ethernet controllers, Prcoessors, etc). The OS can't block it because its running in the hardware below the reach of the OS. If the NSA wants in, they will get in through the hardware and bypass whatever security measures you enable. FWIW: A year or two ago, a hacker published a whitepaper on how to hack certain ethernet controllers to run his own code to bypass the OS.


Praetorian Guard's picture

1. I seriously doubt they could crack a 256 bit encryption other than having a back door - brute force, very unlikely. I seriously doubt they could crack a privately generated private key NOT SENT electronically, but done person to person.

2. Sure, software can be installed outside the scope of the OS, running in the background and undetectable. Unless they visit your house or force a port open, etc which would mean you are a target, and have probably done something you shouldn't have. For the average person wanting some privacy, I seriously doubt it.

3. Unless they are in bed with chip makers, which I don't doubt... then, yea, your screwed...

Praetorian Guard's picture

I know windows OS has a few files that can only be opened by MS compilers - and only a handful of MS employees are privy to it and know what the files actually do. Now it could be kernel specific code, or some other protected code, but who knows...

Meat Hammer's picture

I have better options than any of the above:

1.) Grow a pair

2.) Do whatever and say whatever you want

3.) Sign every email, Hey, NSA!  Feel free to lick my balls.

Don't run.  Don't hide.  Live free right in their fucking faces.

Infnordz's picture

No, you seem the farce, because you are obviously clueless about cryptography.

It is really dumb to use secret keys for anything over public channels, and I would not trust any time or event seeded keys because they could probably easily be cracked!

With PKI, people freely publish public keys by design, so that anyone can encrypt data/message sent to then, then only their paired secret keys can decrypt the messages; PGP has done this for years, as does SSL!

Use a lot of bits, e.g. 2048, 4096 etc., and refactoring will take too long to be useful, in which time many new and longer keys could have been generated, possibly using a nastier algorithms.

I would not use 256bit for anything other than SSL and other short term stuff.

Praetorian Guard's picture

Uh, no I'm not... fucking idiot. Fucking idiot, you have no clue, and I'm not about to waste my time to "inform" you...

BurningFuld's picture

I'm using smoke signals...on my deck...every afternoon...with my for them.

nmewn's picture

Its getting to the point where anything that could be deemed seditious will have to be said in private.

Man, what will that do to their paranoia levels, not knowing ;-)

discopimp's picture

i use straight debian and CentOS now
and have for the last couple years

Freewheelin Franklin's picture

"Arch Linux FTW"

Check out Manjaro. It is based on Arch. It's still  technically in development, but yoiu can test it.


I am using Mint 15, based on Ubuntu until Manjaro is ready.Manjaro KDE still has quite a few bugs, and I do not like Gnome.

seek's picture

It's still possible, but less likely to be spied upon. Apps like the browser are more likely spy vectors.

The nice thing about linux is it's much easier to monitor what the hell it's doing. I have a dedicated linux box for my firewall/NAT router, and use netstat-nat to monitor my internet connection in real time, which is one of the ways I figured out my android phone was spying on me. (Tablets do as well, though to a lesser degree.)

Even with all of that, I've spent the last couple weeks hardening my already pretty hardened systems. I suspect the more shit comes out, the next step for me is going to be making my primary PC a "cold" one, e.g. hard off-line.

This spy shit at both the government and commercial level is getting ridiculous.

CaptainSpaulding's picture

I bought ithe full version last year. Long before i heard about the NSA news.

achmachat's picture

backlaaaaash!!! I demand backlash!

Dr. Richard Head's picture

Since the NSA is reading this I have this to say, "FUCK YOU PAUL GILL!!!"  We played poker together back in the day, smoked da kine, I house sat for your dog.  We gave you a job at our company when you were down and out.  I helped you emotionally through your ex-wife's allegations of child molestation.  I paid you back the $500 I borrowed from you.  I let you stay in my home.  We were good friends and now you work for the NSSA keeping track of us all?  FUCK YOU AND THE MUSTANG YOU RODE IN ON!!!!!!!!!  You are not welcome in my house anymore.  Don't call, don't write - unless you earse my god damned file.  CUNTY NAZI FAG!!!!

knukles's picture

mother metametametametameta of all meta data, my ass

pods's picture

Well now I know that I have good instincts when I am sitting at my computer and have the feeling I am being watched.


Row Well Number 41's picture

So how many hacks that resulted in Identity theft and data breaches are a result of holes left open for the NSA, and how big a class action lawsuit would that make?  Oh ya that would require a functional legal system, nevermind.


Uncle Remus's picture


StychoKiller's picture

"Oarsmen, I have good news and bad news!  First the good news:  you get tomorrow off!  Next the bad news:  The Captain wants to go waterskiing today!"

GeezerGeek's picture

Speaking of identity theft, why do we need paid services like Lifelock? Why can't the NSA simply perform that service and advertise it to the nation as protecting everyone's privacy, already paid for by taxes.