Microsoft helps US government hack computers in other countries

MSFT_logo_rgb_C-Gray_D

As part of Edward Snowden’s leak about NSA’s massive surveillance program PRISM, it has been revealed that many tech companies cooperate with US national security agencies. To what extent do they cooperate is debatable, with some leaks alleging NSA and FBI have direct access to the servers of major tech companies while said tech companies denying the allegations. What is the real truth, we don’t really know and probably never will. However, we do know that Microsoft helps the US government hack computers in foreign countries.

According to a report by Bloomberg, Microsoft gives advance notice to US agencies of bugs and security loopholes in Microsoft’s popular software — such as Windows, Office, etc. — before patches are released for these vulnerabilities. This advance notice is not only used to help protect US government computers from the related vulnerabilities but also assists in the penetration of computers in foreign countries. Essentially, Microsoft helps the US government hack into computers in other countries.

It is said that the target computers may belong to people deemed terrorists by the US government or “military foes”; however, it is unknown if computers belonging to others are also targeted, like the computers of legitimate governments or computers belonging to residents of the United States (with a warrant from a secret court, presumably).

According to two unnamed US officials, Microsoft follows a “don’t-ask-don’t-tell” type policy when it comes to telling the US government about software vulnerabilities ahead of patches: Microsoft knows the vulnerabilities are used by the US government to hack foreign computers but Microsoft does not ask any questions as to what the vulnerabilities are used for.

Microsoft spokesman Frank Shaw has more or less confirmed that Microsoft does this, telling Bloomberg the idea behind giving the US government advanced notices of vulnerabilities is “to give government ‘an early start’ on risk assessment and mitigation”. Shaw also told Bloomberg there are “several programs” that Microsoft participates in with the US government, programs that are “run by Microsoft and for defensive purposes”.

To add salt to the wound, Microsoft isn’t the only major tech company that is in bed with the US government. For example, Bloomberg talks about how Intel’s McAfee “regularly cooperates with the NSA, FBI and the CIA”. And I’m sure there are many more, too.

So… how does everyone feel about this? Let us know in the comments below!

[via Bloomberg]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

9 comments

  1. DoktorThomas

    MSFT. No more trustworthy than the US fed.gov, which is the most devious entity on the planet. Hacknauts, be forewarned: The entity from the District of Criminals cannot/should not be trusted. Anyone in bed with the monster must be avoided at all costs.

  2. dave88

    Good point Louis, M$ is so big often the left hand probably doesn’t know what the right hand is doing?

    More bad news for M$, “Microsoft handed the NSA access to encrypted messages”
    http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

    They must not be able to see very far down the road out there in Redmond? They keep running into obstacles of their own creation.

    My joke in another article about the XBOX One being an Orwellian collaboration between the NSA and M$ might not be so far off the mark. lol

  3. oldtimer56

    Been thinking about the possibilities of the many anti-virus companies compelled to withhold information it has found on certain viruses caught in the wild. Remember “policeware” from a few years back?

  4. Louis

    [@dave88] Hi Dave
    Yeah I’m not one for conspiracy theories etc, and even for MicroSoft it may be one bridge too far. What Coyote thought as a possibility, and so do I, is that there are so many programmers working for MS, how difficult would it be for one, or a “coalition” of them, to intentionally sabotage or just purposefully leave a security hole / obvious weakness in the code (with a fix / patch already written, ready for later use).

    This could easily be done without MS Management knowing anything about it, or even able to do anything, there are just too many programmers , and thousands of lines of code being produced continuously …..

    Just saying, an external party “discover” the latest security hole (anonymous tip, from whom ?), Microsoft management contact Government who sows havoc on the privacy of the rest of the world (insofar as it includes real scum I don’t care, it’s the going overboard by the Gov that’s the problem), then MS’s “brilliant engineers find the solution”.

    Just a theory, let’s hope it’s just that !

    But we all thought ‘1984’ was a guy named Eric Blair, better known under his writing name of George Orwell, being nuts, now just look at us ….

  5. dave88

    Stupid M$ shooting themselves in the foot again. This could easily lead to a huge loss of markets and speedier rise of real competition. Lets hope it does :)

    btw an intentional backdoor is unlikely imo. It’s discovery would be devastating for M$. They make some stupid moves, but I doubt they would go that far?

  6. Louis

    [@Coyote] My thoughts as well … It’s akin to a manufacturer employing preplanned “controlled wear & tear” into the manufacturing of its products, MS could very well be knowingly and deliberately building these security holes into their software from the start, or alternatively its programmers may be doing it under their noses and then “discover it and program a patch’, as you pointed out.

    What organisation, which doesn’t have a vested interest in something like this (like the US Government and its endless agencies), could be able to investigate this and analyse MS code to find out what is the real deal ?

    My guess : It’s probably not possible, unless another Snowden steps forward with some inside info and then also run like hell …. now that’s a scary thought !

  7. Coyote

    Hrm.. my problem isn’t that they give information of security holes prior to fixing them but what this eludes to is that Microsoft could include malicious code of their own that can be used by anyone. This is what I’d like to see the documents reveal, the huge black market that exists within the software developer field. This is pure speculation but I’d wager within a year the news will be all about inside programmers taking kickbacks, bribes, or outright selling of “security holes”.