Sorry, conspiracy buffs, there's no Windows "back door"

Sorry, conspiracy buffs, there's no Windows "back door"

Summary: The Techmeme echo chamber has decided to whip up a controversy today with a new variation on an old story. The latest claim is that Microsoft has built a secret "back door" into Windows and has been handing over the the keys on a USB flash drive designed exclusively for law enforcement. It takes about five minutes of investigation to uncover the real truth. No, there is no back door. And no, these aren't super-secret hacking tools that give the police an unfair edge. After all, the bad guys developed their own version of these tools years ago. I've for the details in my full report.


Techdirt's Mike Masnick is usually pretty reliable, but he completely blew it today, hitting the publish button on one of the sloppiest, most inflammatory stories I've seen in a long time:

Microsoft Gives Vista Backdoor Keys To The Police

It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys.

OK, now go read the linked story from the Seattle Times. There's not a word - not one word - about back doors or encryption. Sadly, the usual suspects in the Techmeme echo chamber are whipping the inaccuracy around the infield at major league speeds. CrunchGear says Microsoft has "developed a thumb drive that helps Johnny Law quickly extract information, encrypted or otherwise, from computers." And Valleywag talks about "a USB dongle that plugs into a computer, bypasses any Windows passwords or encryption, and quickly downloads sensitive data such as your Web browsing history."

I've heard of jumping to conclusions, but these are some truly giant leaps.

All three stories reference the same Seattle Times story, which never says or even implies that the tools on this USB drive could break any sort of encryption, including Microsoft's BitLocker Drive Encryption. In fact, these tools have been distributed since last June and were actually discussed three weeks ago in a Microsoft press release published April 8:

At LE Tech today, we will also be talking about the tools we are providing to law enforcement. For example, our security team in the Asia-Pacific region, led by senior investigator Anthony Fung, developed the Computer Online Forensic Evidence Extractor, or “COFEE.” The tool provides investigators with a means to easily and quickly extract “live” data from a suspect’s computer at the point of seizure, before turning it off.

COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button --completing the work in about 20 minutes.

What Microsoft has done, according to this story, is to repackage some of the standard tools used by computer forensics experts when they seize a computer as evidence. So instead of a computer forensic technician having to perform a bunch of time-consuming tests manually, he or she can use these automated tools to capture information in a few minutes.

For anyone who is ill-informed enough to think that these tools are going to land in the hands of bad guys, I have some bad news. They're way ahead of you. The community-developed USB Switchblade has been around since at least September 2006. And as security expert Jesper Johansson points out, it has an impressive feature set:

Basically, these tools make it really easy for just about anyone to exploit people who leave their USB ports unprotected. For example, Switchblade can dump the following:

  • System information
  • All network services
  • A list of ports that are listening
  • All product keys for Microsoft products on the computer
  • The local password database
  • The password of any wireless networks the computer uses
  • All network passwords the currently logged on user has stored on the computer
  • Internet Explorer®, Messenger, Firefox, and e-mail passwords
  • The Local Security Authority (LSA) secrets, which contain all service account passwords in clear text
  • A list of installed patches
  • A recent browsing history

All of this goes into a log file on the flash drive, and takes about 45 seconds.

Forensic technicians working for law enforcement are simply hackers with white hats. They know, just as the bad guys do, that if you have physical possession of a computer, you can pull the data off the hard drive and you can decrypt local passwords. There's nothing new involved in the story that's getting all the publicity today, and there is certainly nothing to suggest that there's a "back door" involved.

In fact, if this rather unremarkable collection of Microsoft-developed hacker tools actually did contain anything new, I would certainly expect that the highly vocal security community would have said something. If there turned out to be a back door in BitLocker or any other form of encryption, the real experts would be publishing the results. But they haven't said a thing, because there isn't a story here.

Let's see how long it takes for the corrections to begin appearing. I'm not holding my breath.

Update: Ben Romano of the Seattle Times, who wrote the original story, has published an updated post (Looking for answers on Microsoft's COFEE device) that also tries to clear away some of the FUD. Ben's whole post is worth reading, but if you're too busy, here's the conclusion: "It sounds to me like the device doesn't do anything that a trained computer forensics expert can't already do. This just automates the execution of the commands for data extraction." In a later update, he adds: "Via email, a Microsoft spokeswoman said COFEE is a compilation of publicly available forensics tools, such as 'password security auditing technologies' used to access information 'on a live Windows system.' It 'does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret "backdoors" or other undocumented means.'"


Topics: Windows, CXO, Hardware, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What do you expect?

    From the loosers at ValleyWag and the rest of the SV echochamber?

    They're like Hillary Clinton. Screeching and screeching lies until people believe they are true.
      • Message has been deleted.

    • LOL....nt

    • Why would they bother to create a back door

      When they left so many windows unlocked?
      • So many?

        as in none?

        Check CanSecWest, Apple's the one with unlocked windows.
  • I was actually expecting a refutation

    All you've really said is that law enforcement doesn't need a back door because MS' encryption is easily broken. You've presented no evidence on the back door issue one way or the other.

    Don't know whether MS has back doors in Windows or not, and your story doesn't provide any further enlightenment thereon.
    John L. Ries
    • How can I prove a negative?

      The story as reported was inaccurate and sensational. If there was a back door that had been distributed to more than 2000 police agencies all over the world, do you think it cold remain a secret? Please.
      Ed Bott
      • not only kept it a secret amongst 2000 "fine upstanding" cops

        but kept it from the hackers and crackers of the world as well.

        Sure, the best minds in security missed it, and use the equivalent of stick and stones for tools, while barney fife just uses the built in back door via his handy usb key.

        The trolls are getting seriously desperate.
      • A backdoor - who really knows

        Your blog title is misleading as you cannot prove it one way or the other, its speculation.

        If there is one, it would only be given to the organisations that know how to keep secrets.

        To say, with conviction, that there is no backdoor is wrong unless you've had access to the code and have the skills to interpret it.

        Would i trust a MS spokesperson to confirm a "ya" or "nay" to the presence of a backdoor? No, i wouldn't.
      • Awfully difficult...

        ...and not your job. But you're the one who selected the title. Best you can claim is that there is no rational reason for believing that there is, but you didn't demonstrate that either.

        On the whole, you would have been better off to have let this one lie.
        John L. Ries
        • I stand behind my headline and story

          I believe that 15 years of history and hacking from a very determined security community would have uncovered any such backdoor by now., Meanwhile, the stories I linked to are all examples of very sloppy journalism, drawing conclusions that are simply not called for. And for what it's worth, the author of the original piece in the Seattle Times agrees with me.
          Ed Bott
          • Too bad!

            It is plainly misleading, but you probably gets more hits that way, eh?
            Mike Hunt
          • What you can claim...

   the evidence in favor is highly unconvincing. And, in fact, government doesn't need MS to build them a back door; hackers did it for them years ago.

            But why MS is handing out hacking tools to law enforcement (from whence they can fall into the hands of unofficial snoops), I have no idea.
            John L. Ries
          • Really

            Care to point out where the back door into Vista is located? Got a street sign or seomthing we can follow?
          • Read my previous posts

            I said I don't know if there is one or not and there wasn't anything that Ed wrote that informed me on the issue one way or another.

            I stand by that statement.
            John L. Ries
          • not quite

            you stated in your previous post that hackers built their own back door into windows years ago.

            IF that were true, someone would've walked away with 20 grand and a new laptop on day one of cansecwest.
          • They did

            It was called "Open Orifice 2000", if I remember rightly. Never did see anything on whether MS figured out how to block it.
            John L. Ries
          • It was "Back Orifice"

            by cDc (cult of the dead cow) and was targetting win98.

            the followup, Back Orifice 2000, was marred by being released to the world with an infection of it's own. Probably caught a lot of script kiddies with that one.

            None of these types of tools would work against Vista in it's default config.

            That's not to say a 'power user' couldn't mess up vista enough to allow it to happen...
          • And just to add...

            Back Orifice required that a server be installed on the target machine, after which it could be controlled remotely from an administration console. It's the same technique that the current crop of Trojans use. It doesn't take advantage of any "back door" in Windows. It relies on tricking the victim into installing a piece of software that in turn opens the front door.

            As for my headline being in error... The original story in Techdirt still has a headline talking about Microsoft handing out USB keys and opening a "backdoor" for law enforcement. I have established to my satisfaction that no such thing is going on. The story as published in Techdirt is wrong.
            Ed Bott