19 February 2000. Thanks to WK, PC, MS.

http://www.theage.com.au/breaking/0002/19/A27800-2000Feb19.shtml

The Age, February 19, 2000

US secret agents work at Microsoft:

French intelligence

Source: AFP | Published: Saturday February 19, 7:44 AM

PARIS, Feb 18 - A French intelligence report today accused US secret agents of working with computer giant Microsoft to develop software allowing Washington to spy on communications around the world.

The report, drawn up by the Strategic Affairs Delegation (DAS), the intelligence arm of the French Defence Ministry, was quoted in today's edition of the news-letter Le Monde du Renseignement (Intelligence World).

Written by a senior officer at the DAS, the report claims agents from the National Security Agency (NSA) helped install secret programmes on Microsoft software, currently in use in 90 per cent of computers.

According to the report there was a 'strong suspicion' of a lack of security fed by insistent rumours about the existence of spy programs on Microsoft, and by the presence of NSA personnel in Bill Gates' development teams.

The NSA protects communications for the US government, and also intercepts electronic messages for the Defence Department and other US intelligence agencies, the newsletter said.

According to the report, 'it would seem that the creation of Microsoft was largely supported, not least financially, by the NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.'

The report claimed the Pentagon was Microsoft's biggest client in the world.

Source: Intelligence Online: http://www.intelligenceonline.fr

(INTELLIGENCE NEWSLETTER #376 - 17/02/2000)

FRANCE : Defense Ministry Frets About Microsoft

Intelligence Newsletter has learned about a confidential report commissioned by the defense ministry's Strategic Affairs Department that underscores France's misgivings and fears concerning the Microsoft group. The 100-page report, entitled "Security of Information systems: Dependency and Vulnerability," was handed in to the department's chief, Marc Perrin de Brichambaut in early February. It was drafted by an admiral, Jean Marguin, and two experts.

In its findings, the report pinpointed flaws in Microsoft software but worried chiefly about the lack of transparency in the system and the risks of collusion with American intelligence agencies that this could imply.

The report said "strong suspicions of non-security have been fed by persistent rumors concerning the existence of spy programs or back doors in Microsoft software, and the presence of NSA personnel in Bill Gates' R&D teams." And, to make its point, the report referred directly to France itself: "after all, what would we do if we possessed such an effective group as Microsft?"

Marguin accused Microsoft of "totally lacking in transparency, as its source codes are inaccessible" but he also voiced suspicion regarding current encryption systems because : "with MS-DOS one doesn't control the entire security chain, even if one encrypts the data that one processes." In a chapter entitled "The Microsoft threat, myth or reality?" the experts referred to last summer's discovery by the Canadian researcher Andrew Fernandes, who identified a line of code bearing the initials NSA on Windows.

Marguin and his experts made three guesses about the incident: either the code was a way for NSA to reduce the encryption capacity of Microsoft products earmarked for export; or the line enabled NSA to read the encrypted messages it receives more rapidly; or it was a key used by NSA to install its own applications when it acquires computers working on Windows.

Striving to establish links between NSA and Microsoft, the report said: "it would appear that the NSA largely encouraged -- including financially -- the setting up of Microsoft, and that IBM had MS-DOS imposed as its operating system by the same agency." [See original French below: A la fin de ce chapitre, tentant de décrire les liens entre l'agence de renseignement et la société, ils écrivent: "il semblerait que la création de Microsoft ait été largement encouragée entre autres financièrement par la NSA, et que IBM se soit vu imposer le MS-DOS comme système d'exploitation par la même administration."]

IBM's decision in 1981 to adopt MS-DOS as operating system for all its PCs lies largely at the origin of Microsoft's success.

Copyright 2000 Indigo Publications

Reproduction or dissemination prohibited in any form whatsoever

(photocopy, mailing lists, intranet, etc.) without written permission of the editor.

Indigo Publications - 142 rue Montmartre, 75002 Paris France

Tel. : +33 1 44 88 26 10 - Fax : +33 1 44 88 26 15

Email : webmaster@IntelligenceOnline.com

(LE MONDE DU RENSEIGNEMENT n°376 - 17/02/2000)

FRANCE : Le ministère de la Défense ausculte Microsoft

Le Monde du Renseignement a pris connaissance d'un rapport confidentiel commandé par la Délégation aux affaires stratégiques (DAS) du ministère de la Défense, qui atteste de craintes importantes des autorités françaises à l'égard de la firme Microsoft. Ce document de 100 pages intitulé "Sécurité des systèmes d'information : dépendance et vulnérabilité" a été remis début février au directeur de la DAS, Marc Perrin de Brichambaut. Il a été rédigé par un amiral chargé de mission pour le ministre de la Défense, Jean Marguin, entouré de deux experts. Dans ses conclusions, l'étude pointe les défauts de fiabilité des logiciels Microsoft, mais surtout les manques de transparence et les risques de collusion avec les services de renseignement américains que ceux-ci impliquent.

Ainsi les auteurs enregistrent "un fort soupçon de non-sécurité alimenté par des rumeurs insistantes faisant état de l'existence de programmes espions ou de back doors dans les logiciels Microsoft, et de la présence de personnels de la NSA dans les équipes de développement de Bill Gates", et pour plus de clarté, ils interrogent directement leur commanditaire : "après tout, selon le principe de réciprocité, que ferions-nous si nous disposions d'une société mondiale aussi performante que Microsoft ?". Si le rapport reproche à Microsoft "un manque total de transparence puisque les codes sources sont inaccessibles", il invite également à se méfier des systèmes de cryptographie mis en oeuvre, car selon lui : "en présence de MS-DOS on ne maîtrise pas l'ensemble de la chaîne sécuritaire, même si on procède au cryptage des données traitées ". Dans un chapitre titré "La menace Microsoft, mythe ou réalité", les experts mandatés par la DAS reviennent sur la découverte réalisée durant l'été 1999 par le chercheur canadien Andrew Fernandes, qui identifia sur Windows une ligne de code portant les initiales NSA.

Leur analyse retient trois hypothèses: soit il s'agit d'un moyen pour la NSA de diminuer les capacités de chiffrements des produits Microsoft destinés à l'export; soit cette ligne permet à la NSA de déchiffrer plus rapidement les messages cryptés qu'elle intercepte; soit enfin il s'agirait d'une clé utilisée par la NSA pour charger ses propres applications quand elle acquiert des ordinateurs fonctionnant sous Windows. A la fin de ce chapitre, tentant de décrire les liens entre l'agence de renseignement et la société, ils écrivent: "il semblerait que la création de Microsoft ait été largement encouragée entre autres financièrement par la NSA, et que IBM se soit vu imposer le MS-DOS comme système d'exploitation par la même administration" (NDLR: la décision d'IBM en 1981 de prendre le MS-DOS comme système 'exploitation de tous ses PC est à l'origine du succès de Microsoft).

Copyright 2000 Indigo Publications

Reproduction et diffusion interdites sous quelque forme que ce soit (photocopie, mailing lists, intranet, etc.) sans l'autorisation écrite de l'éditeur.

Indigo Publications - 142 rue Montmartre, 75002 Paris France

Tel. : +33 1 44 88 26 10 - Fax : +33 1 44 88 26 15

Email : webmaster@intelligenceonline.fr

To: webmaster@IntelligenceOnline.com

From: John Young <jya@pipeline.com>

Date: 19 February 2000

Subject: Microsoft Report

Editor

Intelligence Online

142, rue Montmartre

75002 PARIS

Dear Editor,

We have seen your provocative February 17 report on Microsoft in "Security of Information systems: Dependency and Vulnerability." We wish to publish your report on our Web site at cryptome.org and ask your permission to do so.

Further, can you tell me if the original report is available, and if so, how I can obtain a copy.

Thank you very much,

John Young

Cryptome

http://cryptome.org

251 West 89th Street

New York, NY 10024

Tel: 212-873-8700

Date: Sat, 19 Feb 2000 17:28:03 -0800

To: John Young <jya@pipeline.com>, cypherpunks@cyberpass.net From: Tim May <tcmay@got.net> Subject: Re: MS Funded/Founded by NSA? At 12:26 PM -0800 2/19/00, John Young wrote: >A French intelligence report alleges that Microsoft was >set up with NSA funding and that NSA imposed MS-DOS >on IBM, and also alleges that NSA agents are now working >at Microsoft: > > http://cryptome.org/nsa-ms-spy.htm > >The full confidential report has not been published and these >allegations are made by an intelligence newsletter which >claims to have seen it. The Age, an Australian newspaper, >has reported on the topic today -- that account leads the file >above. > >The NSA MS key revelation appears in the reports, and may >have prompted the intelligence investigation and speculation, >along with the April 1999 report for Europarl, due to be considered >by EuroParl in a week, which also warns of Microsoft's and Intel's >possible cooperation with US intelligence to use Winte as a spying >tool. > >Still, we had not before seen an allegation that NSA was in on >the gitgo with Microsoft and that DOS had been forced upon >IBM. Is that old news or new, or merely a French counterattack >on Echelon-like espionage? It's probably a bouillabaisse of paranoid conspiracy theory, journalistic sensationalism, piling on, French nationalism, and a desire to distract attention away from French industrial espionage. (Recall the confirmed report that Air France was bugging commercial travellers.) PC-DOS was so primitive in 1980, when IBM's Boca Raton division--itself a backwater, led by Phil "Don" Estridge--that it is inconceivable that it had any "spying" hooks built in. I mean, come on! Besides which, it was written initially by Tim Patterson, of Seattle Computer, and only bought hastily by MS when it looked like they would get the IBM contract. (So the French paranoids would claim that Tim Patterson was operating his little company in Seattle with the intent of selling his spy software to MS. Get real.) PC-DOS, later MS-DOS, was also small enough in those days that nearly every function could be analyzed in detail, and the code could be dissected. Ditto for the chips. I worked for Intel during that period when this supposed NSA "Operation Wintel" was being developed, and I can assure you that the chips of the day had no particular features of interest to the NSA, save for some of the well-known bit twiddling instructions wmight otherwise have been. (But a lot less well-suited than it _could_ have been.) Most compellingly, until fairly recently the Net was primarily run off of Sun and similar computers...we all know that, of course. Sniffers on Sun networks would have been more interesting (and there's anecdotal evidence that a certain San Diegan developed precisely those tools for the NSA). Arghh..where to continue? Consider that at least several other manufacturers of Intel-compatible chips exist. AMD, obviously. But also Cyrix/National/Via, and Texas Instruments, and IBM. Did all of them design in the "special NSA sections"? Without any of them talking? (And these are only the recent deals. In the past, Matra/Harris, a French-affiliated company, was a producer. Ditto for a bunch of others, American, European, and Asian. All of them in on the conspiracy?) As a paranoid theory, it's not even interesting. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments. Date: Sat, 19 Feb 2000 19:48:31 -0500 To: John Young <jya@pipeline.com> From: Matthew Gaylor <freematt@coil.com> Subject: Re: MS Funded/Founded by NSA? Cc: cypherpunks@cyberpass.net John Young <jya@pipeline.com> wrote: > Is that old news or new, or merely a French counterattack >on Echelon-like espionage? [Note from Matthew Gaylor: Nearly every security expert I know won't use Windows on their personal machines. Everyone is aware of the security issues that arise with Microsoft and it is common knowledge that many intelligence workers have cover jobs with various corporations. But I don't place complete confidence in the French either. Kenn Cukier formally of Communications Week International and now the International Editor at Red Herring had this interesting paper on France's spy network. http://www.cfp99.org/program/papers/cukier.htm "France reportedly has developed its own "Frenchelon" -- a worldwide network of spy satellites and listening stations that systematically eavesdrop on communications in the United States and elsewhere. Monitoring stations are said to exist in French Guiana, in the city of Domme in the Dordogne region of southwestern France, in New Caledonia, and in the United Arab Emirates. The information gleaned is reportedly used for both political and commercial ends. Additionally, some speculate that the French project may mark the first step in a pan-European effort to counterbalance the U.S.'s global spying capabilities. Germany is said to partially fund France's initiative in return for access to the information it collects."]