The NSA seems to really enjoy exploiting high profile tech companies

December 30, 2013

It's not particularly surprising that the National Security Agency maintains a significant catalog of exploits and backdoors ready to be deployed against the products of major technology companies. But the glee which the NSA appears to show in hijacking the practices and products of technology giants might give those companies another reason to be mad.

Among the new revelations from German magazine Der Spiegel is that the NSA uses Windows crash reports to gain "passive access" to information a computer sends over the Internet. The reports are designed for Microsoft to get information about the type of malfunction, and in theory notice errors through patterns and fix them. The agency's hacking unit, Tactical Access Operations or TAO, uses an unique identifier like an IP address to target a computer that then gets "automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft."

But beyond just exploiting a service meant to help provide system stability, the NSA's hackers seem to be "having fun at Microsoft's expense." In an internal presentation revealed by Der Spiegel, they replace the familiar "We have created an error report that you can send to help us improve Microsoft Windows. We will treat this report as confidential and anonymous" language from the Windows error report with a mocking, "This information may be intercepted by a foreign SIGNIT system to gather detailed information and better exploit your machine" to explain how they are piggybacking onto this service.

And this isn't the first time internal NSA documents have shown members of the agency taking a sort of mischievous pleasure in outwitting tech giants. A slide revealed by The Washington Post earlier this year showing how the NSA is able to snoop on the Google cloud as it traversed data links included a little smiley face pointing toward the vulnerable section.

In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” uses a smiley face to shows where the NSA is able to get into the data.
In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” uses a smiley face to shows where the NSA is able to get into the data.

According to Post reporter Barton Gellman and independent security researcher and consultant Ashkan Soltani, "two engineers with close ties to Google exploded in profanity when they saw the drawing."

Tech companies, many of whom are legally compelled to participate in intelligence gathering programs like PRISM, have already made a show of voicing concerns following the cascade of NSA revelations that have the potential to disrupt lucrative revenue streams like cloud hosting. But the tone of some of the documents coming to light might just add insult to injury.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.
SECTION: {section=business/technology, subsection=null}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=2, includereport=true, source=washpost.com, allow_photos=false, maxitems=7, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: !!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=2, includereport=true, source=washpost.com, allow_photos=false, maxitems=7, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Comments
SECTION: {section=business/technology, subsection=null}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=2, includereport=true, source=washpost.com, allow_photos=false, maxitems=7, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: !!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=2, includereport=true, source=washpost.com, allow_photos=false, maxitems=7, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Show Comments
Most Read Business
Next Story
Andrea Peterson · December 30, 2013