Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Security Services May 'Have Moles Within Microsoft,' Says Researcher

Soulskill posted more than 2 years ago | from the clippy-was-a-double-agent dept.

Government 228

Barence writes "U.S. government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert. According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the U.S. government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack. 'It's plausible that if there is an operation under way and being run by a U.S. intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,' he said. 'It's not certain, but it would be common sense to expect they would do that.'"

Sorry! There are no comments related to the filter you selected.

The Great Deciever! (-1)

Anonymous Coward | more than 2 years ago | (#40336225)

How many of you proles were at the Sarah Jessica Parker shindig last night with the POTUS,FLOTUS and TOTUS?

$40k per plate, I'm sure lots of you Obama drones were invited no? Was Lewis CK there making disgusting remarks about Sarah Palinns you know what? Haw haw haw, it's so fun to be a leftist drone and not to have to live in the real world, print money all you want and hob-nob with the hollywood idiot crowd. What a life!

Obama, the man for the little guy! All bow to his greatness.

Let's see, more rounds of golf in two years than all 8 of Bush's. How do you like that Obama drones?
How many women has he invited out to the links? Must be tiring all that redistribution of the health, uh I mean wealth.

Sing hymns make love get high fall dead
He'll bring his perfume to your bed
He'll charm your life 'til the cold winds blow
Then he'll sell your dreams to a picture show

Re:The Great Deciever! (-1)

Anonymous Coward | more than 2 years ago | (#40336415)

Let's see, more rounds of golf in two years than all 8 of Bush's

Yes, but no President will ever come close to the total amount of vacation days that Bush took. You may compare about what Obama does when he is on vacation vs what Bush did when he was on vacation, but really you should be comparing the amount of vacation taken. Just because Bush sat on his ass on vacation, that doesn't mean that he didn't take as many vacations.

Re:The Great Deciever! (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#40336535)

Oh put down your talking points memo drone.

http://washingtonexaminer.com/politics/washington-secrets/2012/02/michelles-ski-trip-marks-16-obama-vacations/294051

"-- President’s Day 2012, Michelle and the first daughters in Aspen, Colorado to ski.
-- Christmas 2011, the first family in Hawaii for an extended vacation.
-- Summer 2011, in Martha’s Vineyard, Mass., for the annual beach break.
-- June 2011, the first lady, her mother and daughters traveled to South Africa and Botswana.
-- President’s Day 2011, the first lady and first daughters travel to Vail to ski.
-- Christmas 2010, in Hawaii.
-- August 2010, the first family traveled to Panama City Beach, Fla., for some sun and fun at the beach.
-- August 2010, Obama spent the weekend alone in Chicago for his 49th birthday bash.
-- August 2010, the first lady and daughter Sasha traveled to Spain for a mother-daughter vacation.
-- August 2010, summer vacation again at Martha’s Vineyard.
-- July 2010, the first family went to Mount Desert Island, Maine.
-- May 2010, the first family had a four-day trip to Chicago.
-- March 2010, first lady and daughter spend Spring Break in New York City.
-- Christmas 2009, Hawaii again for the annual break.
-- August 2009, at Yellowstone National Park and the Grand Canyon for a short vacation.
-- August 2009, their first summer vacation as first family at Martha’s Vineyard, Mass."

Bush went to his Ranch to work.

Bedard continues:

"But his have become more controversial because of the costs associated with moving the first family to a public vacation spot, unlike the Bushes to their remote ranch in Crawford, Texas. For example, the Hawaii Reporter said the first family’s 2011 Christmas vacation in Hawaii would exceed $1.5 million.

Critics and even some in his own party say the vacations present a bad image at a time when many Americans are struggling to get by during the recession. According to recent Harris poll, only three in 10 said they plan to take a vacation lasting longer than a week in the next six months, and that number has been dropping during the recession as people worry about the costs of vacations. Other polls have found that less than half of all Americans take all the vacation time they earn because they can’t afford trips."

And BTW this stupid trip to Sarah Jessica Parkers house does not count as a vacation only because Obama made a quick stop at WTC. It was a taxpayer funded campaign stop.

Keep trying drones.

Re:The Great Deciever! (0)

s.petry (762400) | more than 2 years ago | (#40336881)

They (MSM) pretty much fixed that by stopping the reporting on how much time is taken away and how much it costs now. Unless some whistle blower publishes shit like the GSA Vegas party, you won't see it on MSM.

Fox, NBC and ABC even justified the GSA party claiming that "Private business do this sort of thing all the time.". It's a very obvious game of "don't look at this thing, go look at that shiny thing!". Unfortunately people happily frolic to the distraction, so your facts do no good. People don't want facts, they want shiny things to look at.

Re:The Great Deciever! (-1)

Anonymous Coward | more than 2 years ago | (#40336931)

The MSM is dead but don't even know it.

http://redalertpolitics.com/2012/06/14/wisconsin-polls-favor-romney-job-numbers-should-recall-obama/

There's a shiny thing for you drones. Suck it up.

Re:The Great Deciever! (-1)

Anonymous Coward | more than 2 years ago | (#40336897)

"Bush went to his Ranch to work" on his ranch. Remember the pictures of him cleaning brush out? Sometimes, he had to attend to National matters. Just like Obama.

Also, don't include vacation that Obama didn't take...

Re:The Great Deciever! (0)

Anonymous Coward | more than 2 years ago | (#40337161)

"pictures of him cleaning brush out?"

And you present this as proof no state work was done. Provide evidence, which of course you cannot, or admit you have no point.

And you are right these were not vacations.

http://www.washingtonpost.com/opinions/president-obama-campaigner-in-chief/2012/04/30/gIQATAfbsT_story.html

"Obama has managed to take things to a whole new level. According to statistics compiled for a book to be published this summer, the president has already set a record for total first-term fundraisers — 191 — and that’s only through March 6. Measured in terms of events that benefit his reelection bid, Obama’s total (inflated in part by relaxed fundraising rules) exceeds the combined total of George W. Bush, Bill Clinton, George H.W. Bush, Ronald Reagan and Jimmy Carter."

Campaigner in chief.

Keep trying drone, but you are going to have to work a *lot* harder to keep covering for the statist.

Ockham's razor (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40336233)

... or they just paid/threatened Microsoft. Much simpler and easier.

Re:Ockham's razor (3, Insightful)

Culture20 (968837) | more than 2 years ago | (#40336333)

... or they just paid/threatened Microsoft. Much simpler and easier.

And it has the added bonus of being legal. "Moles in MS" would be a big no-no, no?

Re:Ockham's razor (3, Insightful)

JeffSh (71237) | more than 2 years ago | (#40336357)

Only if it were to ever be acknowledged, something that has zero possibility of ever happening.

Re:Ockham's razor (2)

cayenne8 (626475) | more than 2 years ago | (#40336711)

Only if it were to ever be acknowledged, something that has zero possibility of ever happening.

I dunno about that.....of late, the Obama administration is been quite 'leaky' when it comes to secret/covert ops.....what we already know about Stuxnet comes to mind.

Re:Ockham's razor (2)

JeffSh (71237) | more than 2 years ago | (#40336929)

To further this idea, even if we were to have it confirmed, what would it change? The population is too pacified to really care.

Re:Ockham's razor (1)

NatasRevol (731260) | more than 2 years ago | (#40336953)

Attack Microsoft!

Re:Ockham's razor (5, Funny)

Anonymous Coward | more than 2 years ago | (#40336635)

"Moles in MS" would be a big no-no, no?

Actually, it sounds like it'd be a runaway hit reality show.

"For the past year, we sent a Google developer deep undercover at Microsoft armed with an Android-powered hidden camera and an agenda to subtly promote open technologies. Now, we're going to show you the results. Sometimes hilarious, sometimes heartbreaking, sometimes horrifying; tune in starting this August on Slashdot TV for 'Moles in Microsoft' to see what happens when development ideologies collide in the real world."

Re:Ockham's razor (4, Informative)

Sir_Sri (199544) | more than 2 years ago | (#40336511)

Or they just paid former microsoft employees with technical positions to come work for the government.

Didn't the NSA offer to help 'secure' windows 7 (http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development), they could just offer to help with 'collaboration' and then provide some security fixes and use some of the loopholes they find before anyone else does.

Now the israeli's. They have spies at microsoft. The US government probably not directly, at least not in the US, there are enough cheaper no risk ways to get what they want.

Didn't the NSA offer to help 'secure' Linux? (0)

Anonymous Coward | more than 2 years ago | (#40337001)

"Didn't the NSA offer to help 'secure' windows 7 (http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development)" - by Sir_Sri (199544) on Friday June 15, @12:54PM (#40336511)

SeLinux bearing distros, specifically? See here -> http://www.nsa.gov/research/selinux/ [nsa.gov]

They didn't just "offer" to help, they did... only question is, per what YOU ARE ALLUDING TO/IMPLYING? How much so and for WHAT reasons??

(Absolutely - so, that "all said & aside", mainly from you regarding the NSA & Windows: CAN YOU TRUST Linux TOO?)

APK

P.S.=> Your 'argument' is like a razor that CUTS BOTH WAYS... & we'll tolerate NO 'FUD' here today!

... apk

Re:Ockham's razor (5, Insightful)

s.petry (762400) | more than 2 years ago | (#40337067)

I'm not even sure they would have to do that. The technical details in TFA are a bit scarce, but enough exists for a better theory than the TFA presents.

Someone with some hefty CPU power broke the MS cert, which allowed them to create their own at will and spoof a MS cert.

The Government has the access to MS source code, and their methods. If you know where hooks get applied and how priorities work, you don't need to be from MS to write good code. You just need to be a good coder.

Spoofing Windows Update server really would not be that hard. Hell you don't even need a real man in the middle attack if you have a forged Cert and know the structure. You just need to spoof a DNS answer, the client will do everything else for you.

Having the fake key is huge! Write an application, sign as Genuine MS, put on a faked Windows update server, reroute a DNS call. Shazam! Of course there is other knowledge required, such as evading AV detection, etc.. but they had that figured out very well also.

It would take a good team, and time, but no need to have a mole. I would not be surprised if the US Government had moles in MS, but if they did it would primarily be for reasons other than Stuxnet and Flame, or any other computer espionage program.

Re:Ockham's razor (0)

Anonymous Coward | more than 2 years ago | (#40336537)

And his name is Bill Gates!!

Shock, horror!

'It's not certain, but it would be common sense to expect they would do that.'"

So, its just something the researcher just imagines....

Good research.

Re:Ockham's razor (5, Interesting)

Aighearach (97333) | more than 2 years ago | (#40336725)

We can get even simpler and easier, MS already gives the military access to their source code so that it can be reviewed. This is a requirement for all the software used on the most secure systems.

It has always been viewed as a joke around here, because unless they are going to fix the bugs themselves, having the source isn't going to make windoze take extra care about your data.

So the simplest and most obvious answer is, they didn't need to sneak in, and they didn't need to make threats either.

Re:Ockham's razor (5, Funny)

ackthpt (218170) | more than 2 years ago | (#40337075)

We can get even simpler and easier, MS already gives the military access to their source code so that it can be reviewed. This is a requirement for all the software used on the most secure systems.

It has always been viewed as a joke around here, because unless they are going to fix the bugs themselves, having the source isn't going to make windoze take extra care about your data.

So the simplest and most obvious answer is, they didn't need to sneak in, and they didn't need to make threats either.

That explains some of the mental breakdown of returning veterans...

Re:Ockham's razor (4, Insightful)

flyingsquid (813711) | more than 2 years ago | (#40337329)

... or they just paid/threatened Microsoft. Much simpler and easier.

The problem with the claim put forward in the article is that it is *not* the logical conclusion of what we know about Stuxnet and Flame. What we know about Flame is that (i) it's the most advanced piece of malware ever created (that we know about), (ii) it has connections to Stuxnet, (iii) it's primarily targeting Iran, but it's also targeting Syria, Palestine, Egypt, Saudi Arabia. That information tells us a lot about who was behind it.

Okay, so first off, Flame is very large and extremely advanced. That implies a country with an advanced cyber-warfare program. That list is fairly short, and the big names on it are the United States, Russia, China, and Israel.

Second, the people behind Flame were also involved in Stuxnet. The people analyzing Stuxnet came to the conclusion that it was the work of two different countries, with suspicion falling on the U.S. and Israel. In the New York Times article, it's reported that Stuxnet is designed by the U.S., but the Israelis helped out. The Obama Administration has not denied anything published in that article.

Third, Flame is primarily targeting Iran, again that points to the U.S. and Israel, Iran's primary enemies. However, Flame's secondary targets are all areas that are potential threats to Israel (Syria, Palestine, Egypt, Saudi Arabia) but this list does not include countries that pose security threats to the U.S. but not to Israel (Afghanistan, Iraq, North Korea). Finally, there are also some Flame infections in Israel itself. Given that one of the purposes of an intelligence organization is (unfortunately) to spy on their own citizens, that also fits the idea that Flame is written by the Israelis.

If Flame is Israeli, then the idea that the U.S. is planting spies in Microsoft is not the "logical conclusion" of the facts at all. So does this mean that the Mossad has penetrated Microsoft? Well, I suppose it's possible. It would antagonize the U.S. to learn that our ally has spies in our corporations, but it's also been alleged that Israel has moles in the Pentagon, so it wouldn't be entirely surprising, either.

Re:Ockham's razor (1)

Darinbob (1142669) | more than 2 years ago | (#40337497)

Or they just have smart enough people that can figure out how Windows works without actually having to be an employee. Much simpler too to just have a cheap summer hire save up all the source code on a thumb drive.

They don't need them... (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40336243)

The US Government has licenses for the Windows source code. Nothing we've seen those virii do have required anything more than that.

Re:They don't need them... (5, Insightful)

Gr33nJ3ll0 (1367543) | more than 2 years ago | (#40336495)

In this case the article is talking about MS CERTIFICATES, so having access to the source code is irrelevant.

Re:They don't need them... (1)

Anonymous Coward | more than 2 years ago | (#40336497)

So Microsoft just leaves their private keys in their source code? It's fun to bash Microsoft security policy, but I highly doubt they're that stupid.

Re:They don't need them... (0)

Anonymous Coward | more than 2 years ago | (#40336501)

I think the idea is that Microsoft wouldn't have had those security holes unless an intelligence agency had planted them there deliberately.

Which, given Microsoft's security track record, is laughable.

Re:They don't need them... (1)

Anonymous Coward | more than 2 years ago | (#40336541)

except a signed certificate, but even that was cracked using a new MD5 collision attack. AKA there is no mole in Microsoft, it was just a smart person using a lot of computer resources.

http://blog.trailofbits.com/2012/06/11/analyzing-the-md5-collision-in-flame/
https://speakerdeck.com/u/asotirov/p/analyzing-the-md5-collision-in-flame

the plutal of virus is viruses... (0)

Anonymous Coward | more than 2 years ago | (#40336603)

just a heads up so you don't look like such a clown in the future.

Re:the plutal of virus is viruses... (2)

akeeneye (1788292) | more than 2 years ago | (#40337021)

It's "plural", not "plutal". Pedantry Fail. Just a heads up so you don't look like such a clown in the future.

Re:the plutal of virus is viruses... (0)

TheRealGrogan (1660825) | more than 2 years ago | (#40337073)

We already know you're a clown, but just so you don't look like a retard, the correct word for the language construct that denotes more than one instance of an object is "plural"

You assfucks who make typographical and/or spelling errors while correcting someone else's posts are funny. It's also quite likely that the person already knows that "virii" isn't correct and is just using it stylishly. Just like the penii that you enjoy sucking the chocolate from.

Re:the plutal of virus is viruses... (1)

NatasRevol (731260) | more than 2 years ago | (#40337097)

I thought it was peni?

Re:the plutal of virus is viruses... (0)

Anonymous Coward | more than 2 years ago | (#40337429)

I've never understood why people get so mad at grammar national socialists. English isn't my first language, and I find the corrections useful.

Wouldn't surprise me. (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40336257)

What would surprise me, is if the US thinks they're the only one.

Re:Wouldn't surprise me. (1)

0x537461746943 (781157) | more than 2 years ago | (#40337267)

That is the first thing that came to my mind. I would be surprised if other governments didn't have moles in most big software companies. It wouldn't even take that because some of the software is created in other countries like firewall software which has potential access to a lot of networks.

not only operating systems (3, Insightful)

fluffythedestroyer (2586259) | more than 2 years ago | (#40336259)

dont forget security companies and firms... and yes it does make lots of sense.

Re:not only operating systems (3, Interesting)

Anonymous Coward | more than 2 years ago | (#40336691)

Don't forget that the US Department of Homeland Security maintains a giant list of security flaws. It's called the Common Vulnerabilities Enumeration [mitre.org] .

Check the fine print at the bottom of the page: "CVE is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security."

So that means the government doesn't even need to go looking for holes - security companies send them to the government directly to be listed!

No mole required, just a "friendly" email informing them that they're going to keep silent for a bit and "forgetting" to post the alert publicly.

Why would the US government need moles? (4, Insightful)

Apharmd (2640859) | more than 2 years ago | (#40336269)

I doubt Microsoft would balk at any requests at access. These are, after all, matters of national security, and are therefore paramount over all other concerns. No decent American (ahem) company could refuse.

Re:Why would the US government need moles? (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#40336569)

As long as it doesn't pertain to any matter regarding the possibility of tax liability, of course.

There are just some sacrifices that are too great to bear...

Re:Why would the US government need moles? (0)

Anonymous Coward | more than 2 years ago | (#40336757)

You sound like somebody who actually trusts government.

Re:Why would the US government need moles? (2)

Eponymous Coward (6097) | more than 2 years ago | (#40336821)

Hmmmm... then even if I use TrueCrypt, there's no way to trust it.

I'm guessing this is where stories about the Chinese government rolling their own Linux distro come from.

Re:Why would the US government need moles? (0)

Anonymous Coward | more than 2 years ago | (#40336981)

"I doubt Microsoft would balk at any requests at access."

Not when they're likely to get a bit of state sponsored corporate espionage thrown in for sweetener. Not like America has a history of that sort of thing ... What's that you say Air Bus?

As expected (0)

Anonymous Coward | more than 2 years ago | (#40336275)

No surprises here.

When did /. become Infowars? (4, Informative)

cpu6502 (1960974) | more than 2 years ago | (#40336283)

They THINK there MIGHT be moles inside Microsoft. ("Definitive proof!" says Alex on his radio show.) That's nice. I think their might be moles inside everybody's backyards..... I haven't actually seen any, but let's publish it anyway and scare everyone.

1. Publish some random guy
2. Spin it to make it sound factual "evidence"
3. $profit$

Re:When did /. become Infowars? (0)

Anonymous Coward | more than 2 years ago | (#40336407)

When did /. become Infowars?

Just remember, it was the numbered visitors to this site that voted this thing into view. We cowards had nothing to do with it.

Re:When did /. become Infowars? (0)

Anonymous Coward | more than 2 years ago | (#40336589)

t was the numbered visitors to this site that voted this thing into view.

THIS is what's scaring me...

Re:When did /. become Infowars? (1)

Aighearach (97333) | more than 2 years ago | (#40336745)

Numbered what, like twenty-seven bazillion?

Glenn Beck reporting style. (2)

Joe U (443617) | more than 2 years ago | (#40336505)

Now I'm not saying there are moles at Microsoft and Apple, but neither of them have reported back to me either way.

So, what are they hiding?

Re:Glenn Beck reporting style. (1)

cpu6502 (1960974) | more than 2 years ago | (#40336629)

And Rachel Maddow. And Ed Schultz. And .....

But Beck usually backs-up his stuff with documents. Quoting Bill Ayers or Cloward-Piven from the 70s saying, "We will blow-up government buildings and take over through force," is pretty damning. Quoting the FBI Agent who infiltrated the organization and confirms they were prepared to kill to achieve their ends is also pretty damning.

Re:When did /. become Infowars? (0)

Anonymous Coward | more than 2 years ago | (#40336599)

Honestly, I'd rather read about exotic physics and alien autopsies if we're going to be reading about unsubstantiated conspiracy theories.

Re:When did /. become Infowars? (0)

Anonymous Coward | more than 2 years ago | (#40336727)

It's more like this..
There are rumors that Stuxnet and Conflictor could be a US government covert operation. Let's take that rumor and add another rumor that the US government must have moles inside MS.

Re:When did /. become Infowars? (1, Offtopic)

jellomizer (103300) | more than 2 years ago | (#40336741)

But that is how conspiracies work. The more information you don't have the stronger the evidence that it must be real.
I mean a while back they took a mixed race baby born in a different country, paid the hospital to lie to publish a new paper reports, and an other insider generated false documents to prove he was born in the United States, Pay for a team of actors to say they knew this child when they were children, all in the offshoot that perhaps this child (where the culture at the time figured had near 0 chance of major success in life) would become president and support the Socialist Cause....

The facts are... Well some of the people who knew him as a kid called him a more anglo saxon nickname which is very close of his real name.

They may just ask (1)

EvilBudMan (588716) | more than 2 years ago | (#40336321)

Seriously, they might be undercover from some but not the ones that do the hiring. That way they could get in just the right posisition to be in.

You might as well title this differently (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40336327)

"Foreign government officials could be working under cover at Microsoft".

Since many/much of the actual development is overseas anyway.

Doesn't really make sense to me (0, Flamebait)

danparker276 (1604251) | more than 2 years ago | (#40336335)

I don't see how working at microsoft would give you any advantage at making Stuxnet or Flame. It's not like Microsoft put secret holes in their OS so people in MS can access everyone's computer. Probably my mom wrote that article.

Re:Doesn't really make sense to me (1)

SuricouRaven (1897204) | more than 2 years ago | (#40336655)

Having access to Microsoft's signing certs for updates and drivers would be a huge help. I imagine the US government has some involvement - even if they don't want the certs themselves, they also don't want an employee with access forced to leak them after agents for China/Iran/Other kidnap and threaten to murder his daughter. So it's in the best interests of the US to at the very least ensure Microsoft's internal security team is doing their job.

Re:Doesn't really make sense to me (3, Interesting)

quarkscat (697644) | more than 2 years ago | (#40337389)

Imagine a government with access to a complex OS source code. Then imagine that they get data on all manner of security holes as they are discovered. Imagine also that this government has access to OS security update certifications. Finally, imagine that this same government has the ability to hack into server DNS tables to route targeted users to their alternative 'security updates'.

The penetration of any software company by undercover government operatives would hardly be surprising, but entirely unnecessary. Microsoft would hardly be alone as a target of such espionage -- every software company would be vulnerable, including OSS. There is also the issue with 'backdoors' hard-wired into computer hardware, including especially telecom systems. IIRC, this became an issue recently with news of backdoors alleged to exist in VLSI circuits manufactured in China. Older news alleged that Israel also puts backdoors into the telecom hardware they sell & ship, including to the USA government.

If virtually every government does such spying, including upon their own citizens, and any number of software & hardware companies do the same with their customers, any cautious user of such technology should be aware of the potential security breaches they expose themselves to every time they connect to the internet, or open their front door for that matter. Redundancy & breadth of security beats security through obscurity any day.

The phrases of the day are, "Trust no one", "Security in depth", and "If it can't be accessed remotely, it's more secure & less vulnerable". At that point, physical security & Tempest-hardening secure your valuable data. The rhetorical question is, "How valuable is your data if you cannot readily access it?" I found it humorous that the USA government recently wanted reporters to write their news stories on government-supplied computers, if only to avoid unwanted data leaks & stop potential whistleblowers in their tracks.

Trust the USA government, or any government, or any corporation with an agenda? Why take that risk unmitigated? And who in Hades would put vulnerable sensitive SCADA systems in close proximity to the Internet except an idiot?

Re:Doesn't really make sense to me (1)

Aighearach (97333) | more than 2 years ago | (#40336759)

I don't see how working at microsoft would give you any advantage at making Stuxnet or Flame. It's not like Microsoft put secret holes in their OS so people in MS can access everyone's computer. Probably my mom wrote that article.

Indeed, it was inside information from Siemens that was used in Stuxnet, and Siemens cooperated fully and completely.

Trustworthy Computing (-1)

Anonymous Coward | more than 2 years ago | (#40336383)

Here is where it all went down. [seriouseats.com] . Nice.

Moles? What the fuck. (1)

girlintraining (1395911) | more than 2 years ago | (#40336393)

Government: "Hello there, Microsoft. This here is a really big gun. We want your source code."
Microsoft: "Ummm, okay."

The End

What's this crap about a mole again? Moles are for when you can't just walk in the front door and take whatever you want.

Re:Moles? What the fuck. (0)

Anonymous Coward | more than 2 years ago | (#40336457)

Agreed, the premise is just absurd. Somebody noob is trying to practice disinformation.
-whipcrack- Back to your cubicle!

Re:Moles? What the fuck. (0)

Anonymous Coward | more than 2 years ago | (#40336481)

What's this crap about a mole again? Moles are for when you can't just walk in the front door and take whatever you want.

...and a few month later, you walk in the front door and put the modified source into the microvault, with a big red sticker, "don't look at this, dont remove it, but maintain it's presence 'til 2097 in all new windows-versions...?

No need for the gun (1)

Mr 44 (180750) | more than 2 years ago | (#40336573)

Every major government around the world ALREADY has access to Windows source code. Starting in 2001, when Microsoft's security started being a major focus, they began a program to grant access to the code to interested parties.

http://www.microsoft.com/en-us/sharedsource/government-security-program.aspx [microsoft.com]

http://www.microsoft.com/en-us/sharedsource/ [microsoft.com]

Re:Moles? What the fuck. (1)

Artifakt (700173) | more than 2 years ago | (#40336617)

Make an obvious show of force, and fifty people know about it. When one of them talks, you have no idea who spilled the beans, and in fact, you really can't tell if anyone did or if it's an outsider just speculating that you leaned on Microsoft. The quietest way is to plan in advance. Find a young guy in your agency who has what it takes to become just the right employee in the right position a few years down the road, and pay him* to get really good at what you think Microsoft will want by then. The second best approach is to let just one or two people on the inside at Microsoft know why you want somebody hired there. Combine this with the carrot and stick doctrine - offer the one or two persons at MS a nice treat, and quitely research their pasts in case you need to whip out a stick later. If you can't find any negatives on one of these guys, and he seems like a real pro-government boy scout, maybe you can just ask him to become your mole so you don't have to plant one.

*him could, of course, be her, or with MS, maybe it.

Sigh. (4, Informative)

Sycraft-fu (314770) | more than 2 years ago | (#40336623)

You don't need a big gun to get the MS source code. It isn't some big fucking secret like all the ./ers seem to think. It isn't GPL, but plenty of institutions have copies. Basically any government that uses Windows does, huge surprise there. Also a lot of research universities. One such university I know that has it is ASU. Then there are copies in the hands of partners for better debugging/integration of their products.

Just because the source isn't on Sourceforge, doesn't mean it is some massive secret. A bit of Google would get you http://www.microsoft.com/en-us/sharedsource/default.aspx [microsoft.com] which is MS's page on their source sharing.

Re:Moles? What the fuck. (1)

Aighearach (97333) | more than 2 years ago | (#40336817)

I know you're new around here, but please, everybody else has known for years and years that the US Government already has a license to MS source code. Even countries like India have that license. What is in the source isn't secret, and the files have even been broadly published for example on torrent networks. It is highly restricted, but not unknown or unknownable.

And in the general case, any company that is providing software for use in the most secure military installations gave access to their code years before their software was running in those installations. So just knowing that the Navy runs ships off of windoze should be enough to (in addition to be frightened) know that their source code is available to anybody with the right security clearance.

Re:Moles? What the fuck. (2)

couchslug (175151) | more than 2 years ago | (#40336917)

"Government: "Hello there, Microsoft. This here is a really big gun. We want your source code."
Microsoft: "Ummm, okay." "

That's a terrifying abuse of government power! I hope they don't extort source from the Linux community.

The article asks a question? (2)

noahgolm (2663281) | more than 2 years ago | (#40336399)

Then obviously they don't really know for sure (so says Betteridge's Law of Headlines). [wikipedia.org]

Moles whitin F-Secure (1)

Anonymous Coward | more than 2 years ago | (#40336425)

Stuxnet, duqu, flame all these malware is found by russian security companies.

My guess is that all western security companies are infiltrated by spooks

Wouldn't it be Siemens? (0)

Anonymous Coward | more than 2 years ago | (#40336431)

Why Microsoft? Wouldn't it be Siemens or other industrial equipment/control manufactures that are involved with *industrial equipment*?

Re:Wouldn't it be Siemens? (1)

Sir_Sri (199544) | more than 2 years ago | (#40336597)

The security vulnerabilities used to get stuff on the network and computers themselves would be a microsoft issue. Most of the industrial control equipment software wouldn't even try and be secure.

Of-course (-1, Troll)

roman_mir (125474) | more than 2 years ago | (#40336443)

Here [timesunion.com] is the proof [blogspot.com]

Re:Of-course (1)

CraftyJack (1031736) | more than 2 years ago | (#40336521)

moderation undone.

I believe (0)

thestudio_bob (894258) | more than 2 years ago | (#40336509)

I totally believe it. Apple had a mole in the board room. He allegedly stole plans for the iPhone and took them to Google.

NO (0)

Anonymous Coward | more than 2 years ago | (#40336517)

They pay MS like every other super-power. They also pay colleges and other vendors to discover exploits that aren't made public. Even if they had moles, it wouldn't be USSS agents.

Go full Tin-foil Hat! (3, Funny)

treerex (743007) | more than 2 years ago | (#40336601)

Let's not beat around the bush! I say Microsoft has known USG agents working on the systems intentionally putting holes in the OS that can then be leveraged for zero-day attacks against other governments. Balmer is in cahoots I say! CAHOOTS!

Re:Go full Tin-foil Hat! (0)

Anonymous Coward | more than 2 years ago | (#40336675)

You're probably not far too off from the truth

Skin Cancer (2)

Matt.Battey (1741550) | more than 2 years ago | (#40336687)

The question should be, whether these moles will lead to skin cancer, and if Microsoft should limit's exposure to the sun to counter balance them.

More baseless nonsense please (2, Interesting)

WaffleMonster (969671) | more than 2 years ago | (#40336721)

Author of TFA dreams up some impossible to falsify idea - offers no supporting evidence of any kind except to say it is plausable.

I love myself a good MS conspiracy and I'm sure there are plenty which actually do exist but lets not reward intellectual laziness.

Just two questions:

1. What do editors of PC Pro get paid to do?
2. What is it doing on slashdot?

Now if you'll excuse me my magic unicorn 'Flame' is hungry and wants a bowl of lucky charms before flying back to the land of lua to meet the angry birds.

Why not... (2)

cis4 (2565359) | more than 2 years ago | (#40336769)

...put a worm in apple?

Re:Why not... (0)

Anonymous Coward | more than 2 years ago | (#40336883)

...put a worm in apple?

Because hipsters need watched? Oh nevermind, they were being spied on before it was cool to be spied on.

Could US cyberspies have moles inside Microsoft? (1)

cpu6502 (1960974) | more than 2 years ago | (#40336935)

The answer to headlines that end with a question mark:
No.

but it would be common sense (1)

AdrianKemp (1988748) | more than 2 years ago | (#40336965)

1) The fact that it's common sense does not mean the government is doing it

2) If it's common sense, why is it worthy of news?

OSS too! (0)

Anonymous Coward | more than 2 years ago | (#40336969)

And these same "agents" could easily become FOSS developers too. I see no reason why a few whorey geeks, bottles of M-Dew and some pizzas couldn't be stuffed into some cozy realm of the Pentagon. Ubuntu, for example, has how many millions of lines of code? Can it all be reviewed adequately? Since the first time I saw the bleedin thing, I always did suspect Unity was designed by some classified DARPA psyops division, perhaps with intent to induce mass suicides amongst the last front of technological freedom fighters.

Hashtag (1)

ThatsNotPudding (1045640) | more than 2 years ago | (#40336971)

#Duh

Countdown Clock (1)

ThatsNotPudding (1045640) | more than 2 years ago | (#40337007)

I think it is a matter of time before US media is banned from reporting on the findings by computer security experts - especially the uncontrollable ones in Russia and Finland - under the guise that it aides and abets terrerists.

Not just US (1)

fa2k (881632) | more than 2 years ago | (#40337013)

If it's truly beneficial to have moles in software companies, you can expect that China and maybe Russia also have them too.. The only benefit seems to be the certificates and access the update servers.

Re:Not just US (1)

DaveV1.0 (203135) | more than 2 years ago | (#40337115)

^This^. In fact, no one should be surprised to find that many companies, from Facebook to Oracle to VMWare, have moles from various governments around the world. And, it wouldn't be limited to IT companies, either. Ford, GM, Toyota, Caterpillar, Boeing, and any large and/or innovative organization that uses foreign and/or contract workers would be prime target for industrial espionage. And, not just from enemies, but from nominal friends as well.

YES (0)

Anonymous Coward | more than 2 years ago | (#40337103)

I feel that there is no doubt that Microsoft products have been altered to please the government one way or another. I am also suspicious of encryption programs as they are exactly the kind of spot an intelligence agency would target for control.
                  It is the very nature of governments that free and open communications between people will never exist. In order to perpetuate a government's existence there will always be a great deal of covert activity directed at the population.

No. (3, Informative)

Anonymous Coward | more than 2 years ago | (#40337109)

Read more about what actually happened. Microsoft was using some keys with md5 hashing that weren't properly set to prohibit their use for code signing and those keys were signed by the Microsoft root. Using a collision attack they created a copy of a signed key and used that to sign their code.

Brief Explanation:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx

Detailed Explanation:
http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx

Hotfix MS just published to speed up the revocation process:
http://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx

http://support.microsoft.com/kb/2677070

in other news (0)

Anonymous Coward | more than 2 years ago | (#40337117)

there are microsoft moles masking as linux developers,
the real gremlins that keep linux off the desktop.

Why bother? (2)

Mike Buddha (10734) | more than 2 years ago | (#40337149)

Why would hte government bother with moles when it can just read the Microsoft engineers minds from it's spy satellites. It's common sense that they'd be doing this.

Problems with Open Source? (0)

Anonymous Coward | more than 2 years ago | (#40337153)

Is the bigger question not "How many NSA agnets code holes into Linux/BSD". Also, with those companies that sell exploits (with government customers), how many for-profit without-morals hackers are coding holes in these projects and selling exploits on?

Alcoa or Reynolds? (0)

Anonymous Coward | more than 2 years ago | (#40337179)

One of these days I've GOT to buy some stock in companies making aluminum......

There's lots of good money to be made in hats.

The obvious solution - (1)

choke (6831) | more than 2 years ago | (#40337197)

is for the security and safety of other national interests to avoid using MS Windows at all, since it is most obviously being seeded with vulnerabilities.

Pfft, just American spies (1)

Anonymous Coward | more than 2 years ago | (#40337199)

There are probably spies from every country on earth working inside M$. You'd be crazy not to try and get on the inside.

escape the matrix (-1)

Anonymous Coward | more than 2 years ago | (#40337201)

Panda Penis in my Anus!

Probably both moles and covert agreements (1)

gestalt_n_pepper (991155) | more than 2 years ago | (#40337237)

They're not exclusive and the government doesn't trust Microsoft either. Sure, pretend to partner with Microsoft and put in some explicit backdoors. Just make sure that there are a few Microsoft doesn't know about too.

"could", "may" (0)

Anonymous Coward | more than 2 years ago | (#40337279)

US security forces may have agents anywhere. They could be living in my desk as I type this...

Meaningless. (1)

Caerdwyn (829058) | more than 2 years ago | (#40337421)

1. DUH
2. "May have". Yeah, that's news. Meaningless. They "may not have" too. Is there something specific somebody has to say, with something to back it up other than a closed circle of "may have"?
3. Speculation is fact on Slashdot. This warrants an article, why? Is there NEWS here, or are we going to see "space aliens MAY HAVE dressed up like call-boys and 'anally probed' the editorial staff"?

Wankers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?