NSA Hacks Microsoft Windows Error Messages

NSA Hacks Microsoft Windows Error Messages

The NSA intercepts information you send to Microsoft when a program crashes.

Each time a Microsoft program crashes and asks the users to send information to Microsoft concerning bugs, the NSA's Tailored Access Operations (TAO) unit intercepts data. Once TAO selects a unique identifier, such as an IP address, to target, intelligence agents are notified each time the user sends an error report to Microsoft, Der Spiegel reports.

The interception is only a way to gain "passive access" to the machine, but it also provides information of possible security holes, which could then be manipulated to implement malware or spyware. According to Der Spiegel, the TAO agents of NSA have also replaced the text of the Microsoft error with text of their own, removing "We have created an error report that you can send to help us improve Microsoft Windows. We will treat this report as confidential and anonymous" and inserting "This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine." (SIGINT is an abbreviation for "signals intelligence.")

"Microsoft does not provide any government with direct or unfettered access to our customers' data," Microsoft said in a statement. "We would have significant concerns if allegations about government actions are true."

The NSA has likely examined the sites you've visited. Even worse, if you use Internet Explorer, the jobs of NSA intelligence agents becomes even easier because the browser has many security holes that the NSA targets. The NSA has also listed Facebook, Yahoo, Twitter, and YouTube as targets in an internal presentation - which Der Spiegel viewed - called "QUANTUM CAPABILITIES." So far it has had the most success against Yahoo, Facebook, and static IP addresses. The presentation noted its toolbox known as "QUANTUMTHEORY" has been unsuccessful in targeting Google services; however, Britain's GCHQ intelligence service has been able to spy on Google.

US intelligence services plan to infiltrate 85,000 computers worldwide next year.

Source: Der Spiegel via CNBC

Permalink

Now I feel better about never sending error reports.

First Thought: Kinda makes me glad I don't use Windows for anything other than playing games.

Second Thought: Wait, does that mean somebody actually does read those error reports at some point?! I imagined they went to whatever the online equivalent of a printer that drops its copies directly into a paper shredder beneath it is.

Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

So when they get to mine can they tell me if they find some holiday photos I lost last year?

Thanks.

Well, crash reports and errors can indicate bugs that are exploitable, but in order to even make use of the error report wouldn't the person in question also need to have access to the source code of the program that caused the error to begin with? Trying to decipher a program after it's been compiled can be a bit of a nightmare unless someone is familiar with the compiler.

I always tell those notifications to piss off. Hey NSA do you actually know how to fix the shit that just happened? If so I'll send the damn error reports!

Otherwise I assume you'll have the same attitude to mine that microsoft does.

"/shrug"

Honestly this is kinda just making me want to start saving porn on my computer. The poor bastard who monitors this shite must be on high alert due to the lack of it. 'No porn on this PC...must be hiding something!'.

What we need to do is get Google to provide a script where, any time somebody attempts to access your computer from an external source, it automatically replaces whatever they target with a jpeg of several dozen poorly photoshopped penises.

JoJo:
Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

Not to mention this image has clealy (and lazily) been shopped.

image

They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

I don't know why anyone should be surprised that the US Gov't is still finding ways of spying on its citizens. Granted the actuality of personally spying on you is ludicrous, considering the logistics of doing so would take more manpower than they have, considering there's about 239.4 million Americans who use the 'net (number is a guesstimate of population and Census data).

Hero in a half shell:
They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

According to the article from DER SPIEGEL it is just a slide from an NSA presentation. It was probably only meant to illustrate the possibilties of remote manipulation.

According to the article an id of some kind is required like the IP address. At least in Germany not many private people have a static IP so this probably is only relevant when the IP is already known from another source in real time... But the possibilities therein are really a little bit unsettling. At least the slide seems to be quite old (it is Windows XP), so it could already be impossible to abuse this feature today... But we will probably never know for sure.

Don't no about you guys, but I see this as the fact that someone actually does read those reports. XD
In all seriousness though, what to they expect to learn from them, I mean I know they are looking for "teh turroists" but really most of the time they are just getting jack squat.

Wait, people actually use that window?

The last thing you want to do when you deal with a crash (and most of the time, that crash having to do with programs that people at Microsoft have no idea about anyway) is waste time sending in a pointless data dump that nobody actually reads (as much as they claim they do, I really doubt that).

Wait, there are people who actually send error reports to Microsoft?

Oddly enough I never click send because I was always worried about what information was being sent.

And to think that woodpecker that lives outside my shack called me paranoid (with morse code)

amaranth_dru:
I don't know why anyone should be surprised that the US Gov't is still finding ways of spying on its citizens. Granted the actuality of personally spying on you is ludicrous, considering the logistics of doing so would take more manpower than they have, considering there's about 239.4 million Americans who use the 'net (number is a guesstimate of population and Census data).

It's the principle of the thing.

US intelligence services plan to infiltrate 85,000 computers worldwide next year.

Now I'm in favor of constant vigilance for protecting innocent people as much as the next guy, but I seriously doubt they have proof - or even credible suspicions - that 85,000 people are terrorists or serial killers or whatever. NSA, guys, I'm begging you to tone down the supervilliany. 1984 wasn't an instruction manual after all.

As for the actual topic of the article: I'm pretty much speechless between the thoughts that people actually read those useless reports and that the NSA thinks they're useful.

The entire time I was reading this, I felt like it was a joke. I still feel like it's a joke. The subject matter, and something about the way this article is written, just seems like it's someone reporting a story that they know is fake and are doing their best not to bust up laughing while they report it.
That last line, "US intelligence services plan to infiltrate 85,000 computers worldwide next year," is not helping this feeling I have about the article at all. Where on earth did that number come from? Did the NSA hand out a memo to reporters saying, "This is what we're going to do"?

Then again, the NSA hasn't been known for its brilliant decision making skills, so I wouldn't be surprised if this is actually a real thing. It just seems too crazy to be real though...

Hero in a half shell:

JoJo:
Not sure if serious... I can believe the NSA trying to use those error reports for nefarious deeds but that altered error message seems a little too farfetched, I mean why would they risk giving themselves away like that?

Not to mention this image has clealy (and lazily) been shopped.

image

They haven't even used the correct font shape or size. Whether that is supposed to be evidence of the change, or an artists interpretation, it's faker than Pamela Anderson's mammary glands.

Yeah.... This was a joke made on another site....... So great fact checking!!!!!

OT: Even if this was a real thing... No one clicks report error. EVER. Besides that the number of errors MS makes would be more than the NSA could handle...

I feel that this is appropriate to the thread:

image

And by god do I feel good about never sending error reports.

Yea... this isn't even kind of real. This is publishing an article from the Onion and claiming its real level "journalism". Don't get me wrong, I distrust the NSA as much as the next guy, but everything about this article screams fake, from the badly shopped error message to the overall paranoid tone and completely unsubstantiated and oddly specific "plan to infiltrate 85,000 computers worldwide next year." line.

Is this a joke?

As much as I'd love to yell about the NSA and Microsoft, this just feels fake to me.

Sniper Team 4:
The entire time I was reading this, I felt like it was a joke. I still feel like it's a joke. The subject matter, and something about the way this article is written, just seems like it's someone reporting a story that they know is fake and are doing their best not to bust up laughing while they report it.
That last line, "US intelligence services plan to infiltrate 85,000 computers worldwide next year," is not helping this feeling I have about the article at all. Where on earth did that number come from? Did the NSA hand out a memo to reporters saying, "This is what we're going to do"?

Then again, the NSA hasn't been known for its brilliant decision making skills, so I wouldn't be surprised if this is actually a real thing. It just seems too crazy to be real though...

I don't know if you've heard of Edward Snowden, but a significant number of these documents are coming from him, himself having downloaded it from NSA servers directly.

Snowden's even mentioned that much of this has nothing to do with preventing terrorism, but about controlling others on the international level. Being able to blackmail or cause international incidents is one of the biggest goals of spying, after all, and knowing who is screwing over whom gives the US great leverage.

I get the strong impression that the NSA collects mountains of completely useless consumer data like this just so they can point to a number on a screen and tell the seventy five year old men who run our country that we have "Seven gajillion megabits" of information. You know, impress upon them that they're actually doing something when in reality the vast, vast majority of that information is worthless too anyone.
Gotta justify that budget somehow, and when the people who set your budget know -nothing- at all about what you're doing, you default too "Bigger numbers are better" theory.

The more I read of this article, the more times I kept glancing down at the date at the bottom right.

No, it's still not April 1:st

Seriously, what gives?

I'm getting a distinct whiffy smell of bullshit coming off this article.

Also, the obviously photoshopped image isn't helping matters.

I'm pretty meticulous with system health, so I haven't seen a Microsoft error message in a dog's age.

Yahoo Finance, Huffington Post, CNBC, FOX, Spiegel, Leaksource, Gothamist all seem to have articles on this. but not more believable sources like The Guardian, BBC, or TYT.

With each passing day the little voice in my head that says the NSA is just trying to get a collection of ALL the porn on the internet grows louder.

Me55enger:
So when they get to mine can they tell me if they find some holiday photos I lost last year?

Thanks.

Actually, I think this would be a hilarious idea.

Since we know they're spying on these error reports, make one, send it, and consistently call them saying you sent an error report, and you know its been intercepted. You'd like to know if they could help you find your lost photos from your wedding/holiday/kids birthday or something like that. I would love to see the customer service report: "This month we got 3,000 requests for lost wedding photos, 5,000 for lost photos of kids birthdays, 2,000 for lost holiday photos and 50,000 for lost cat gifs." "Any serious requests?" "No sir, people just want their lost photos back".

der spiegel is a german magazine from idiots, for idiots. so dont believe it.

This sounds like bullshit, like some newspaper bandwagoning on all the real NSA stuff to get views, but who knows. No one sends error reports anyway since after you send the first one you realize Microsoft wont do anything whatsoever to fix whatever then problem was.

Ah, so THIS is how the NSA gets to the porn on duty. Actually, if they're off planning to keep tabs on all those groups, can we get them all to fight each other? I'd sell popcorn and tickets to that.

I am safe then since i use a process in the background that automatically closes (dont just press dont send but rather end-process) the error report and restarts the program (which is hilariuos when it crashes on startup). so the dump never evne gets generated on my computer.
the article though smells of stuff coming from a sick bulls anus.

Who in their right mind actually have ever sent a error report. I sure haven't and there may be a few incidents here and there.

Overall, in most cases it's a bad idea to do so.

Wait, people send those reports? And there are people who read them?! Yeesh! Personally, I'm not that worried because, 1) i'm out of their jurisdiction as I don't like in America, 2) What are they gonna get off my system? a patch isn't working or that I was up at 3 in the morning? WOW, really important stuff there...

People, if you're that worried, don't send the reports and don't use IE, problem solved.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here