Microsoft Helps NSA Crack Encryption, Leaked Documents Say
Microsoft CEO Steve Ballmer at an industry conference.
Conspiracy theorists and suspicious security experts have said for years that Microsoft cooperates with the National Security Agency, handing over reams of data to help the NSA decrypt communications.
Today (July 11), Britain's Guardian newspaper said NSA documents leaked by NSA whistle-blower Edward Snowden confirmed part of that theory.
Among the revelations, according to the Guardian, were that Microsoft helped the NSA get around encryption in Microsoft's new Outlook.com Webmail service; that it helped both the NSA and FBI get access to files on Microsoft's cloud-storage service SkyDrive; and that the NSA was able to listen to encrypted Skype calls several months before Microsoft bought the Internet telephone service.
The documents purportedly also state that the NSA routinely shares information gleaned from its PRISM Internet-surveillance program with the CIA and the FBI. (By agreement, the NSA shares data with its counterparts in Australia, Britain, Canada and New Zealand.)
"We provide customer data only in response to legal processes," Microsoft said in a statement to the Guardian. "Our compliance team examines all demands very closely ... We only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks."
"When we upgrade or update products, legal obligations may, in some circumstances, require that we maintain the ability to provide information in response to a law enforcement or national security request," the Microsoft statement added. "There are aspects of this debate that we wish we were able to discuss more freely."
The Guardian did not post links to the original documents, and did not give a reason why. Since the stream of Snowden revelations began five weeks ago, the newspaper has frequently posted original documents, along with its analyses, for reader examination.
Three weeks ago, Bloomberg News reported that Microsoft provided U.S. intelligence agencies with advance notification of software security flaws before making those flaws public.
In 1999, a computer researcher discovered an encryption component in Windows NT labeled "_NSAKEY." Microsoft countered that the component simply met encryption standards set by the NSA and was not a "backdoor" that let the NSA crack Microsoft encryption.
In 2010, the Stuxnet worm that infected and damaged the Iranian nuclear-processing facility at Natanz carried an unprecedented four Windows "zero-day exploits," pieces of malware that attack previously unknown software vulnerabilities.
In 2012, the Flame worm was found to pass itself off as a Windows update by crafting an all-but-impossible-to-replicate cryptographic key that matched Microsoft's own.
The New York Times and the Washington Post, drawing on anonymous sources, have said both pieces of malware were part of "Olympic Games," a larger effort by the CIA, NSA and Israeli intelligence services to mount cyberattacks upon Iran's nuclear program. Snowden confirmed those reports earlier this month.
Snowden is believed to have been in the transit area of Moscow's Sheremetyevo International Airport since June 23, although he has not been seen by reporters.
As of the time of this writing, a Moscow-to-Havana flight that follows an unusual flight path, one that does not pass over U.S. soil, is about to land in Cuba. Speculation is that Snowden may be aboard.