In a time of universal deceit — telling the truth is a revolutionary act.
For those of you who haven’t kept up, the National Security Agency’s Prism program has been in the news. Prism provides the NSA with access to data on the servers of Microsoft (NASDAQ:MSFT), Google (NASDAQ:GOOG), Facebook (NASDAQ:FB), etc, extracting audio and video chats, photographs, e-mails, documents, etc.
Prism is just a part of the NSA’s larger mass electronic surveillance program that covers every possible path someone might use to communicate; tapping raw data as it flows through fiber optic cables and Internet peering points, copying the addressees on all letters you physically mail, all credit card purchases, your phone calls and your location (courtesy your smartphone.)
All hell broke loose when Edward Snowden leaked all this to press. Given my talks on the Secret History of Silicon Valley I was interviewed on NPR about the disclosure that the NSA said they had a new capability that tripled the amount of Skype video calls being collected through Prism. Like most Americans I said, “I didn’t remember getting the memo that the 4th amendment to our constitution had been cancelled.”
But while the interviewer focused on the Skype revelation, I thought the most interesting part was the other claim, “that the National Security Agency already had pre-encryption stage access to email on Outlook.” Say what?? They can see the plaintext on my computer before I encrypt it? That defeats any/all encryption methods. How could they do that?
While most outside observers think the NSA’s job is cracking encrypted messages, as the Prism disclosures have shown, the actual mission is simply to read all communications. Cracking codes is a last resort.
The NSA has a history of figuring out how to get to messages before or after they are encrypted. Whether it was by putting keyloggers on keyboards and recording the keystrokes or detecting the images of the characters as they were being drawn on a CRT.
Today every desktop and laptop computer has another way for the NSA to get inside.
It’s inevitable that complex microprocessors have bugs in them when they ship. When the first microprocessors shipped the only thing you could hope is that the bug didn’t crash your computer. The only way the chip vendor could fix the problem was to physically revise the chip and put out a new version. But computer manufacturers and users were stuck if you had an old chip. After a particularly embarrassing math bug in 1994 that cost Intel $475 million, the company decided to fix the problem by allowing it’s microprocessors to load fixes automatically when your computer starts.
Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’sBIOS.).
Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.
The Dog That Never Barked
The NSA has been incredibly thorough in nailing down every possible way to tap into communications. Yet the one company’s name that hasn’t come up as part of the surveillance network is Intel. Perhaps they are the only good guys in the entire Orwellian mess.
Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes.
But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.)
Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.)
That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.
Two Can Play the Game
A few months ago these kind of discussions would have been theory at best, if not paranoia. The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor.
The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode?
And that may be why the Russian president is now using a typewriter rather than a personal computer.
Update: I asked Intel:
- Has Intel received any National Security Letters?
- If you had received a National Security Letter would you be able to tell us that you did?
- has Intel ever been contacted by anyone in the U.S. government about Microcode Updates or the signing keys?
- Does anyone outside of Intel have knowledge of the Microcode Updates format or the signing keys?
- Does anyone outside of Intel have access to the Microcode Updates or the signing key
Intel’s response from their Director of Corporate and Legal Affairs (italics mine):
“First, I have no idea whether we’ve ever received a National Security Letter and don’t intend on spending any time trying to find out. It’s not something we would talk about in any case, regardless of the subject of your blog.
Second, the questions related microcode and the speculative portion of your blog related to our encryption of microcode and the key all seem to focus around one question: Do we have backdoors available as a result of our microcode download encryption scheme? The answer is NO. Only Intel has that knowledge.”
Steve Blank is a retired serial entrepreneur-turned-educator who is changing how startups are built and how entrepreneurship is being taught. He created the Customer Development methodology that launched the lean startup movement, and wrote about the process in his first book, The Four Steps to the Epiphany. His second book, The Startup Owner’s Manual: The Step-By-Step Guide for Building a Great Company, is a step-by-step guide to building a successful company. Blank teaches the Customer Development methodology in his Lean LaunchPad classes at Stanford University, U.C. Berkeley, Columbia University and the National Science Foundation. He blogs about entrepreneurship at www.steveblank.com.
Don’t Miss: Microsoft Bing Blocks Child Abuse Images.