On last.fm: Listen to Shwayze's Music
BNET Business Network:
BNET
TechRepublic
ZDNet

April 29th, 2008

Sorry, conspiracy buffs, there’s no Windows “back door”

Posted by Ed Bott @ 4:53 pm

Categories: Security, Microsoft

Tags: Security, Password, Microsoft Windows, Microsoft Corp., USB, Tool, Computer, CrunchGear, USB Switchblade, Productivity

Techdirt’s Mike Masnick is usually pretty reliable, but he completely blew it today, hitting the publish button on one of the sloppiest, most inflammatory stories I’ve seen in a long time:

Microsoft Gives Vista Backdoor Keys To The Police

It’s long been assumed that Microsoft has built in various “backdoors” for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they’re giving out special USB keys that simply get around Microsoft’s security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys.

OK, now go read the linked story from the Seattle Times. There’s not a word - not one word - about back doors or encryption. Sadly, the usual suspects in the Techmeme echo chamber are whipping the inaccuracy around the infield at major league speeds. CrunchGear says Microsoft has “developed a thumb drive that helps Johnny Law quickly extract information, encrypted or otherwise, from computers.” And Valleywag talks about “a USB dongle that plugs into a computer, bypasses any Windows passwords or encryption, and quickly downloads sensitive data such as your Web browsing history.”

I’ve heard of jumping to conclusions, but these are some truly giant leaps.

All three stories reference the same Seattle Times story, which never says or even implies that the tools on this USB drive could break any sort of encryption, including Microsoft’s BitLocker Drive Encryption. In fact, these tools have been distributed since last June and were actually discussed three weeks ago in a Microsoft press release published April 8:

At LE Tech today, we will also be talking about the tools we are providing to law enforcement. For example, our security team in the Asia-Pacific region, led by senior investigator Anthony Fung, developed the Computer Online Forensic Evidence Extractor, or “COFEE.” The tool provides investigators with a means to easily and quickly extract “live” data from a suspect’s computer at the point of seizure, before turning it off.

COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.

What Microsoft has done, according to this story, is to repackage some of the standard tools used by computer forensics experts when they seize a computer as evidence. So instead of a computer forensic technician having to perform a bunch of time-consuming tests manually, he or she can use these automated tools to capture information in a few minutes.

For anyone who is ill-informed enough to think that these tools are going to land in the hands of bad guys, I have some bad news. They’re way ahead of you. The community-developed USB Switchblade has been around since at least September 2006. And as security expert Jesper Johansson points out, it has an impressive feature set:

Basically, these tools make it really easy for just about anyone to exploit people who leave their USB ports unprotected. For example, Switchblade can dump the following:

  • System information
  • All network services
  • A list of ports that are listening
  • All product keys for Microsoft products on the computer
  • The local password database
  • The password of any wireless networks the computer uses
  • All network passwords the currently logged on user has stored on the computer
  • Internet Explorer®, Messenger, Firefox, and e-mail passwords
  • The Local Security Authority (LSA) secrets, which contain all service account passwords in clear text
  • A list of installed patches
  • A recent browsing history

All of this goes into a log file on the flash drive, and takes about 45 seconds.

Forensic technicians working for law enforcement are simply hackers with white hats. They know, just as the bad guys do, that if you have physical possession of a computer, you can pull the data off the hard drive and you can decrypt local passwords. There’s nothing new involved in the story that’s getting all the publicity today, and there is certainly nothing to suggest that there’s a “back door” involved.

In fact, if this rather unremarkable collection of Microsoft-developed hacker tools actually did contain anything new, I would certainly expect that the highly vocal security community would have said something. If there turned out to be a back door in BitLocker or any other form of encryption, the real experts would be publishing the results. But they haven’t said a thing, because there isn’t a story here.

Let’s see how long it takes for the corrections to begin appearing. I’m not holding my breath.

Update: Ben Romano of the Seattle Times, who wrote the original story, has published an updated post (Looking for answers on Microsoft’s COFEE device) that also tries to clear away some of the FUD. Ben’s whole post is worth reading, but if you’re too busy, here’s the conclusion: “It sounds to me like the device doesn’t do anything that a trained computer forensics expert can’t already do. This just automates the execution of the commands for data extraction.” In a later update, he adds: “Via email, a Microsoft spokeswoman said COFEE is a compilation of publicly available forensics tools, such as ‘password security auditing technologies’ used to access information ‘on a live Windows system.’ It ‘does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret “backdoors” or other undocumented means.’”

Exactly.

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 90 Talkback(s)
RE: Sorry, conspiracy buffs, there's no Windows
Truth is you can't say a backdoor doesn't exist because it's an unprovable statement. I would wager that even Unkle Bill doesn't know what might really be coded in Windows at this time. If nobody f... (Read the rest)
Posted by: fred@... Posted on: 10/27/08 You are currently: Logged In | Log out
What do you expect? BFD   | 04/29/08
http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm fr0thy2   | 04/30/08
Message has been deleted. socialism=nowhere   | 04/30/08
LOL....nt socialism=nowhere   | 04/30/08
Why would they bother to create a back door DigitalFrog   | 05/27/08
So many? rtk   | 05/27/08
I was actually expecting a refutation John L. Ries   | 04/29/08
How can I prove a negative? Ed Bott  ZDNet | 04/29/08
not only kept it a secret amongst 2000 "fine upstanding" cops rtk   | 04/29/08
A backdoor - who really knows rtfa   | 04/30/08
Awfully difficult... John L. Ries   | 04/30/08
I stand behind my headline and story Ed Bott  ZDNet | 04/30/08
Too bad! Mike Hunt   | 04/30/08
What you can claim... John L. Ries   | 04/30/08
Really rtk   | 04/30/08
Read my previous posts John L. Ries   | 04/30/08
not quite rtk   | 04/30/08
They did John L. Ries   | 04/30/08
It was "Back Orifice" rtk   | 04/30/08
And just to add... Ed Bott  ZDNet | 05/01/08
You make your own point. mrlinux   | 05/07/08
re: Proving a negative Badgered   | 04/30/08
Not a backdoor ... just a wide open garage. wackoae   | 04/29/08
Physical access Ed Bott  ZDNet | 04/29/08
but are you? stevey_d   | 05/01/08
how about just one rtk   | 05/01/08
There is no such thing as Windows encryption algorithm Patronus   | 05/02/08
In this case Bitlocker is irrelevant tombalablomba   | 05/01/08
NSLs and clones engrmerc   | 05/05/08
There's only one OS rtk   | 04/29/08
"Brake" into a Windows box Patronus   | 05/02/08
Maybe you should check your facts... mrlinux   | 05/07/08
eh? rtk   | 05/07/08
And how cntlaltdel   | 05/04/08
Why would Microsoft need to create backdoors voska1   | 04/30/08
ever thought that perhaps the vulnerabilities are put there on purpose? stevey_d   | 05/01/08
Why would Microsoft need to create backdoors Patronus   | 05/02/08
COFEE It is a compilation of publicly available forensics tools Jeremy W   | 04/30/08
Reply to Jeremy W justanitguy   | 04/30/08
Does seem to be a bit of a conflict... John L. Ries   | 04/30/08
Does seem to be a bit of a conflict... Patronus   | 05/02/08
Not protecting me... srobtjones@...   | 04/30/08
You realize that computer forensics are used for murder and narcotics also Patronus   | 05/02/08
Reading is Fundamental heyitstodd   | 04/30/08
COFEE It is a compilation of publicly available forensics tools Patronus   | 05/02/08
"there's no Windows backdoor"?????? Mike Hunt   | 04/30/08
I concur srobtjones@...   | 04/30/08
There is no NSA key and never has been Patronus   | 05/02/08
It's easy to proove -there's Windows “back door.” Who ordered this article? Just_true   | 04/30/08
Oh really now. Set the koolaid down Patronus   | 05/02/08
Thanks that you agreed with me by posting no logical arguments. (NT) Just_true   | 05/02/08
hilarity coffeeshark   | 05/07/08
If your mind doesn't support questioning of your master, it doesn't prove.. Just_true   | 05/08/08
How can I prove a negative? mhenriday   | 04/30/08
RE: Sorry, conspiracy buffs, there's no Windows none none   | 04/30/08
RE: Sorry, conspiracy buffs, there's no Windows ps.zd@...   | 04/30/08
Reading is Fundamental heyitstodd   | 04/30/08
Re: Reading is Fundamental (but so is reasoning) none none   | 04/30/08
snuck != physical possession rtk   | 04/30/08
The goal is to have a rank amateur gather the information. Patronus   | 05/02/08
RE: Sorry, conspiracy buffs, there's no Windows ps.zd@...   | 04/30/08
You're so not right you're not even wrong. johnay   | 04/30/08
Please go pick up a book on cryptography Patronus   | 05/02/08
RE: Sorry, conspiracy buffs, there's no Windows heyitstodd   | 04/30/08
Can I translate? Cola Kitty   | 05/01/08
how about this stevey_d   | 05/01/08
Who needs a back-door when the windows are open? JonathonDoe   | 05/01/08
RE: Sorry, conspiracy buffs, there's no Windows as901   | 05/01/08
nice try rtk   | 05/01/08
Its more than Linux dos,nt like Ed Bott. hugh@...   | 05/01/08
So, how to block such attacks? heliomphalodon   | 05/01/08
RE: So, how to block such attacks?? bfilipiak@...   | 05/01/08
Would Microsoft (or Ed) tell you if there were Ole Man   | 05/01/08
you've little faith rtk   | 05/01/08
you know they're all in on it coffeeshark   | 05/07/08
You know all about insanity, eh? Ole Man   | 05/14/08
A "real" backdoor would be accessible over the Internet seanferd   | 05/01/08
No! They're in my Netgear as well?!?!!!!!11one11! odubtaig   | 05/14/08
doesn't work that way cwhull   | 05/02/08
RE: Sorry, conspiracy buffs, there's no Windows wbenton0   | 05/03/08
RE: Sorry, conspiracy buffs, there's no Windows do it yourself IT   | 05/05/08
Yes there is. Duke E. Love   | 05/07/08
No there isn't. rtk   | 05/07/08
You Must Be A Clown, Right? dsx1962@...   | 05/14/08
RE: Sorry, conspiracy buffs, there's no Windows psychosmurf   | 05/13/08
If you have physical access... Spiritusindomit@...   | 05/14/08
Message has been deleted. reality nightmare   | 05/19/08
RE: Sorry, conspiracy buffs, there's no Windows papaver   | 08/08/08
Nice tinfoil you got there! Ed Bott  ZDNet | 08/08/08
RE: Sorry, conspiracy buffs, there's no Windows fred@...   | 10/27/08

What do you think?

19 Trackbacks

The URI to TrackBack this entry is:
http://blogs.zdnet.com/Bott/wp-trackback.php?p=435

  • Sorry, conspiracy buffs, there’s no Windows “back door”
    Techdirt’s Mike Masnick is usually pretty reliable, but he completely blew it today, hitting the publish button on one of the sloppiest, most inflammatory stories I’ve seen in a long time: Microsoft Gives Vista Backdoor Keys To The ...

    Trackback by Untitled — April 29, 2008 @ 6:53 pm

  • Corrections, Misconceptions and Flat Out Hypocrisy
    Ed Bott of "Ed Bott's Microsoft Report" takes issue with many of the blogger's who reported on this story (I'd assume he includes this blog in his "echo chamber" comment). Here's a quote. OK, now go read the linked story from the ...

    Trackback by TomsTechBlog.com — April 30, 2008 @ 5:06 am

  • Corrections, Misconceptions and Flat Out Hypocrisy
    Ed Bott of "Ed Bott's Microsoft Report" takes issue with many of the blogger's who reported on this story (I'd assume he includes this blog in his "echo chamber" comment). Here's a quote. OK, now go read the linked story from the ...

    Trackback by TomsTechBlog.com — April 30, 2008 @ 7:21 am

  • Sorry, conspiracy buffs, there’s no Windows 'back door'
    Before anyone emails me about today's tech reporter-induced stupidity, I'll let Ed Bott clear the air:. Techdirt’s Mike Masnick is usually pretty reliable, but he completely blew it today, hitting the publish button on one of the ...

    Trackback by Supersite — April 30, 2008 @ 1:17 pm

  • Microsoft giving police tools they can get for themselves
    This was looking like it could have been a great story for the conspiracy theorists in all of us: Microsoft is helping law enforcement agencies by giving them USB keys with forensics tools to help with cybercrime investigations. ...

    Trackback by Network Security Blog — April 30, 2008 @ 2:27 pm

  • "For anyone who is ill-informed enough to think that these tools ...
    “For anyone who is ill-informed enough to think that these tools are going to land in the hands of bad guys, I have some bad news. They’re way ahead of you. The community-developed USB Switchblade has been around since at least ...

    Trackback by jameso@elwood.net — April 30, 2008 @ 2:42 pm

  • USB port vulnerability
    USB port vulnerability. Microsoft's COFEE computer forensics tool is a USB device that plugs into a PC and runs a series of tests and queries against the PC to gather data that can help law enforcement. USB Switchblade is a free ...

    Trackback by Edward Bilodeau's Weblog — April 30, 2008 @ 3:32 pm

  • Linkpost | 4.30.2008
    • AT&T to cut the price of Apple’s new iPhone and The $199 iPhone? Something’s Missing from the Picture — Fortune says AT&T will subsidize next-gen iPhone, cutting price by $200. But NYTimes speculates on a higher-priced data plan, ...

    Trackback by tech news blog — April 30, 2008 @ 4:08 pm

  • No Secret “Backdoor” in Windows, Darn
    has been in Windows since its conception. Some are claiming that in seconds the tool will hand over all of your passwords and decrypt any information on your hard drive. That’s an interesting concept, but not exactly how it works. Ed Bott thankfully jumped all over the ridiculous assumptions

    Trackback by Anonymous — May 1, 2008 @ 3:12 am

  • Network Security Blog
    150 tools or one tool with 150 commands?) and makes it easier for beleaguered cops to perform an investigation. A number of people, most notably Mike Masnick, have jumped to the conclusion that this offers some sort of back door to law enforcement. Ed Bott fires back calling this inflammatory and rants a bit against the echo chamber that is the blogosphere. I can see why Mike would jump to the conclusion he did, that Microsoft was offering up some special sauce for criminal investigators, but as Ed points out, the

    Trackback by Anonymous — June 25, 2008 @ 3:16 am

  • Microsoft COFEE device
    I've been keeping up today with a story that was reported in the Seattle Times regading the Computer Online Forensic Evidence Extractor device Microsoft has made available to law enforcement agencies. So far I've read Ed Bott's

    Trackback by Anonymous — June 28, 2008 @ 3:11 am

  • Headlines from the Computer Security Blogosphere
    150 tools or one tool with 150 commands?) and makes it easier for beleaguered cops to perform an investigation. A number of people, most notably Mike Masnick, have jumped to the conclusion that this offers some sort of back door to law enforcement. Ed Bott fires back calling this inflammatory and rants a bit against the echo chamber that is the blogosphere. I can see why Mike would jump to the conclusion he did, that Microsoft was offering up some special sauce for criminal investigators, but as Ed points out, the

    Trackback by Anonymous — July 2, 2008 @ 3:12 am

  • Josh's Windows Weblog - Windows Connected
    Here is a recap of some of the news this week that you might have missed. Microsoft walks away from Yahoo! - Thank goodness! There is no "back door" in Windows, despite what you may have read about a certain COFFEE utility. If you are paranoid use Bitlocker and your data is safe. Windows 7 and Windows Live want to play nice Xbox 360 possibly getting Blu-Ray drive

    Trackback by Anonymous — July 8, 2008 @ 3:11 am

  • Windows Connected
    Here is a recap of some of the news this week that you might have missed. Microsoft walks away from Yahoo! - Thank goodness! There is no "back door" in Windows, despite what you may have read about a certain COFFEE utility. If you are paranoid use Bitlocker and your data is safe. Windows 7 and Windows Live want to play nice Xbox 360 possibly getting Blu-Ray drive

    Trackback by Anonymous — July 8, 2008 @ 3:11 am

  • Network Security Blog
    150 tools or one tool with 150 commands?) and makes it easier for beleaguered cops to perform an investigation. A number of people, most notably Mike Masnick, have jumped to the conclusion that this offers some sort of back door to law enforcement. Ed Bott fires back calling this inflammatory and rants a bit against the echo chamber that is the blogosphere. I can see why Mike would jump to the conclusion he did, that Microsoft was offering up some special sauce for criminal investigators, but as Ed points out, the

    Trackback by Anonymous — July 13, 2008 @ 3:11 am

  • Microsoft walks away from Yahoo!
    Microsoft walks away from Yahoo! - Thank goodness! There is no "back door" in Windows, despite what you may have read about a certain COFFEE utility. If you are paranoid use Bitlocker and your data is safe. Windows 7 and Windows Live want to play nice Xbox 360 possibly getting Blu-Ray drive

    Trackback by Anonymous — July 15, 2008 @ 3:10 am

  • Microsoft Gives Vista Backdoor Keys To The Police
    It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin

    Trackback by Anonymous — July 16, 2008 @ 3:10 am

  • COFEE Time
    up the idea that they were right all along; that the built in security features of Windows, including the likes of BitLocker, can be busted wide open if you're Microsoft, or close friends with Microsoft. Of course, it's allot of nonsense, and Ed Bott explains in more detail. This USB key contains a collection of publicly available tools, and is merely a way of making it easier for computer forensics teams to do what they can already do anyway. As any hacker will tell you, the easiest machine to hack, is one you have

    Trackback by Anonymous — July 16, 2008 @ 3:10 am

  • No Secret “Backdoor” in Windows, Darn
    There is a lot of incorrect information going around the Internet right now about how Microsoft is helping out law enforcement with some forensic

    Trackback by Anonymous — July 22, 2008 @ 3:10 am

advertisement

Recent Entries

advertisement
Click Here

Archives

ZDNet Blogs

Fusion

advertisement
Click Here