NSA Hacks Microsoft Windows Error Messages

[roseofbattle]

NSA Hacks Microsoft Windows Error Messages

The NSA intercepts information you send to Microsoft when a program crashes.

Each time a Microsoft program crashes and asks the users to send information to Microsoft concerning bugs, the NSA's Tailored Access Operations (TAO) unit intercepts data. Once TAO selects a unique identifier, such as an IP address, to target, intelligence agents are notified each time the user sends an error report to Microsoft, Der Spiegel reports.

The interception is only a way to gain "passive access" to the machine, but it also provides information of possible security holes, which could then be manipulated to implement malware or spyware. According to Der Spiegel, the TAO agents of NSA have also replaced the text of the Microsoft error with text of their own, removing "We have created an error report that you can send to help us improve Microsoft Windows. We will treat this report as confidential and anonymous" and inserting "This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine." (SIGINT is an abbreviation for "signals intelligence.")

"Microsoft does not provide any government with direct or unfettered access to our customers' data," Microsoft said in a statement. "We would have significant concerns if allegations about government actions are true."

The NSA has likely examined the sites you've visited. Even worse, if you use Internet Explorer, the jobs of NSA intelligence agents becomes even easier because the browser has many security holes that the NSA targets. The NSA has also listed Facebook, Yahoo, Twitter, and YouTube as targets in an internal presentation - which Der Spiegel viewed - called "QUANTUM CAPABILITIES." So far it has had the most success against Yahoo, Facebook, and static IP addresses. The presentation noted its toolbox known as "QUANTUMTHEORY" has been unsuccessful in targeting Google services; however, Britain's GCHQ intelligence service has been able to spy on Google.

US intelligence services plan to infiltrate 85,000 computers worldwide next year.

Source: CNBC [http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html]


Permalink

 

[Thaluikhain]

Now I feel better about never sending error reports.

 

[Aeshi]

First Thought: Kinda makes me glad I don't use Windows for anything other than playing games.

Second Thought: Wait, does that mean somebody actually does read those error reports at some point?! I imagined they went to whatever the online equivalent of a printer that drops its copies directly into a paper shredder beneath it is.

 

[JoJo]

Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

 

[Me55enger]

So when they get to mine can they tell me if they find some holiday photos I lost last year?

Thanks.

 

[Colt47]

Well, crash reports and errors can indicate bugs that are exploitable, but in order to even make use of the error report wouldn't the person in question also need to have access to the source code of the program that caused the error to begin with? Trying to decipher a program after it's been compiled can be a bit of a nightmare unless someone is familiar with the compiler.

 

[Charli]

I always tell those notifications to piss off. Hey NSA do you actually know how to fix the shit that just happened? If so I'll send the damn error reports!

Otherwise I assume you'll have the same attitude to mine that microsoft does.

"/shrug"


Honestly this is kinda just making me want to start saving porn on my computer. The poor bastard who monitors this shite must be on high alert due to the lack of it. 'No porn on this PC...must be hiding something!'.

 

[Eppy (Bored)]

What we need to do is get Google to provide a script where, any time somebody attempts to access your computer from an external source, it automatically replaces whatever they target with a jpeg of several dozen poorly photoshopped penises.

 

[Hero in a half shell]

Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

Not to mention this image has clealy (and lazily) been shopped.

They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

 

[Imperioratorex Caprae]

I don't know why anyone should be surprised that the US Gov't is still finding ways of spying on its citizens. Granted the actuality of personally spying on you is ludicrous, considering the logistics of doing so would take more manpower than they have, considering there's about 239.4 million Americans who use the 'net (number is a guesstimate of population and Census data).

 

[StHubi]

They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

According to the article from DER SPIEGEL it is just a slide from an NSA presentation. It was probably only meant to illustrate the possibilties of remote manipulation.

According to the article an id of some kind is required like the IP address. At least in Germany not many private people have a static IP so this probably is only relevant when the IP is already known from another source in real time... But the possibilities therein are really a little bit unsettling. At least the slide seems to be quite old (it is Windows XP), so it could already be impossible to abuse this feature today... But we will probably never know for sure.

 

[Roxas1359]

Don't no about you guys, but I see this as the fact that someone actually does read those reports. XD
In all seriousness though, what to they expect to learn from them, I mean I know they are looking for "teh turroists" but really most of the time they are just getting jack squat.

 

[weirdee]

Wait, people actually use that window?

The last thing you want to do when you deal with a crash (and most of the time, that crash having to do with programs that people at Microsoft have no idea about anyway) is waste time sending in a pointless data dump that nobody actually reads (as much as they claim they do, I really doubt that).

 

[james.sponge]

Wait, there are people who actually send error reports to Microsoft?

 

[Lono Shrugged]

Oddly enough I never click send because I was always worried about what information was being sent.

And to think that woodpecker that lives outside my shack called me paranoid (with morse code)

I don't know why anyone should be surprised that the US Gov't is still finding ways of spying on its citizens. Granted the actuality of personally spying on you is ludicrous, considering the logistics of doing so would take more manpower than they have, considering there's about 239.4 million Americans who use the 'net (number is a guesstimate of population and Census data).

It's the principle of the thing.

 

[kael013]

[quote/]US intelligence services plan to infiltrate 85,000 computers worldwide next year.[/quote]

Now I'm in favor of constant vigilance for protecting innocent people as much as the next guy, but I seriously doubt they have proof - or even credible suspicions - that 85,000 people are terrorists or serial killers or whatever. NSA, guys, I'm begging you to tone down the supervilliany. 1984 wasn't an instruction manual after all.

As for the actual topic of the article: I'm pretty much speechless between the thoughts that people actually read those useless reports and that the NSA thinks they're useful.

 

[Sniper Team 4]

The entire time I was reading this, I felt like it was a joke. I still feel like it's a joke. The subject matter, and something about the way this article is written, just seems like it's someone reporting a story that they know is fake and are doing their best not to bust up laughing while they report it.
That last line, "US intelligence services plan to infiltrate 85,000 computers worldwide next year," is not helping this feeling I have about the article at all. Where on earth did that number come from? Did the NSA hand out a memo to reporters saying, "This is what we're going to do"?

Then again, the NSA hasn't been known for its brilliant decision making skills, so I wouldn't be surprised if this is actually a real thing. It just seems too crazy to be real though...

 

[Slash2x]

Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

Not to mention this image has clealy (and lazily) been shopped.

They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

Yeah.... This was a joke made on another site....... So great fact checking!!!!!

OT: Even if this was a real thing... No one clicks report error. EVER. Besides that the number of errors MS makes would be more than the NSA could handle...

 

[Fayathon]

I feel that this is appropriate to the thread:

And by god do I feel good about never sending error reports.

 

[major_chaos]

Yea... this isn't even kind of real. This is publishing an article from the Onion and claiming its real level "journalism". Don't get me wrong, I distrust the NSA as much as the next guy, but everything about this article screams fake, from the badly shopped error message to the overall paranoid tone and completely unsubstantiated and oddly specific "plan to infiltrate 85,000 computers worldwide next year." line.