CIA program sought to compromise security of Microsoft's BitLocker

By Joseph Keller
published

More information has come to light on government surveillance, with new information revealing a campaign by the CIA to break through security on devices from Apple and Microsoft. Researchers working with the agency would apparently present their latest efforts at a yearly meeting called the "Jamboree". In 2010, a group of attendees announced that they were able to extract BitLocker encryption keys, according to The Intercept:

Also presented at the Jamboree were successes in the targeting of Microsoft's disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.

Microsoft was one of the many tech companies calling for mass surveillance programs to be curbed. The company has also resisted efforts by the U.S. government to obtain emails stored on servers in Ireland, receiving support from companies like Apple, Amazon, and Verizon.

You can read the full report at The Intercept at the link below.

Source: The Intercept

Joseph Keller
Joseph Keller
72 Comments
  • Enough snooping ... Ill text you when I take a poop .. With photo proof !
  • Aye. I'm interested in hearing what msft has to say about all this...
  • I'm sure there's an app for that. ;)
  • Sigh. That's all I can say
  • TRANSLTR
  • Omg Joseph! You revealed your bitlocker key to public with that photo.
  • Makes sense why not, if they can crack it then they can get into other governments, they don't care about you they care about the hundreds of other countries utilizing MS platform
  • An eye for an eye until the world is blind in hate. Is that what you want?...
  • Murica.
  • Not remotely surprising
  • This
  • Nice pun " not remotely suprising"
  • Bitlocker is where I keep my porn.
  • LoL
  • Illegally downloaded? There could be a problem here.
  • I don't illegally download anything.
  • Brazzers is in your BitLocker..?
  • Haha
  • Bastards!
  • And to open Bitlocker, need a key or some keys :P
  • No system is 100% secure and hack-proof. My personal opinion is that government entities should be able to access your data when there is a good reason, as long as there is some sort of oversight and accountability. But having a back door like that means that malware authors and even the angry script kiddie down the street could steal your private porn stash or hold your data for ransom too. It's a double-edged sword, and everyone has different opinions on it as well. On an unrelated note, does the padding (or lack thereof) on the articles with the new layout bother anyone? There is plenty of gutter on the left, right, and bottom, but the copy text butts right up against the bottom of the header image and looks awkward to me. (I know, first world problems.)
  • Have you lost your mind? Why would you think that the government SHOULD access our data?! That is wrong.
  • CIA goes outside USA. FBI (and NSA) are the ones that snoop within the USA.
  • NRO anyway....?
  • It's naive to think that any sort of information, whether recorded electronically or not, will ever be secure from anyone's eyes. Isn't it better to have the local police be proactive about preventing crimes committed by the serial rapist or child pornographer hiding out in your neighborhood? Having a young daughter, I'd be willing to sacrifice a small amount of my privacy to keep us safe instead of crying for justice after the fact at her funeral. But again, this is my opinion and you're welcome to disagree and have your opinion as well.
  • To answer your question... Yes, The  lack of padding between the image head and article text is annoying as F&%K!  
  • No it's not better. Once you give up freedom for security you are doomed to servitude Cry me a river if you want but then build me bridge to get over it... Posted from my HTC M8
  • "My personal opinion is that government entities should be able to access your data when there is a good reason"   and what is a good reason? it's sad to see people like you are so used to be spied by goverments that now it's "ok" for them to do it. especially if many users around the world use Microsoft Bitlocker and not only US citizens. I mean, it's not like CIA is an amazing agency that always do good things and the other are the bad ones, to feel ok about them trying to get into people bitlocker stuff.
  • I'm entitled to my opinion, you're entitled to yours. If it prevents the next major catastrophe (like 9/11), then I'll agree to it grudgingly. Again, with oversight and accountability. Reasonable suspicion with a warrant, not like collecting the entire nation's phone conversations without our consent.
  • No offense but I think you miss a vital point: Due process. Governments can access whatever they want. They need to get a warrant. There is oversight. Accountability. All these programs are stepping around the law in its entirety. No offense to you and you are certainly entitled to your opinion but what you posit is a world many brave men and women fought to prevent. Totalitarian, fascist states - not a place you want to be. In our social media fueled world, privacy is an encumbrance, an obstacle - remember that you yourself are the most vital thing you possess. Don't sell yourself cheaply. You are innocent until proven guilty - and you have the right to face your accuser and to mount a defense. No offense but blindly laying yourself out, naked for those you elect to govern on your behalf is a dangerous way to go. I'm a family man myself, and living in the UK, under the aegis of the EU (a whole other debate) I expect my privacy to be respected. I expect my family to be respected. My children to be respected. If someone wants something - come and ask. I have nothing to hide but ASK me. Directly. With respect.
  • They should get a warrant and there should be oversight, but obviously that hasn't happened in all cases. I don't agree with giving the CIA/FBI/etc carte blanche to all of my personal data at all times. If there is reasonable suspicion, then they should have the ability to use proper channels to obtain evidence for the safety of everyone involved. EDIT: I believe you hit the nail on the head with your edit, and this is point that I have apparently failed to properly express... "If someone wants something - come and ask. I have nothing to hide but ASK me. Directly. With respect." Thanks for sharing.
  • Thank you. Had a bit of a cut and paste issue :/
  • You're awfully naive if you think that will prvent 9/11 level events. Terrorists are not going to discuss their plans on Skype or put them in Googledocs. By far the biggest effect of US companies having to turn data over would be a global move away from US technology companies. That is already happening in Europe, Russia, China etc. But fear mongering in the US has everyone living in fear to the point where their willing to sacrific their liberty, privacy and tech jobs because of it.
  • ^^yes.
  • When a government has too much power, the next catastrophe will be caused by the government.  The problem with powers like these, is not the current round of people.  It's what the next generation does with it.  Give them freedom and they will push the limits.  Give them tyranny and they will push the limits of that too. "Oversight and accountability:" True oversight rarely lasts longer than a decade before the watchers become collaborators. Accountability? When was the last time the US government demonstrated the slightest shred of accountability in policing its own?
  • If they were real cops they would be able to get their evidence in other ways and would not need to unlock anyone's phone.
  • Star sports app is updated
  • There's a star sports app for windows phone?!!
  • Yes.
  • Is it encrypted with bitLocker?
  • And has CIA tried to encrypt it? 
  • My phone ‎fall accidentally on my face after reading this....
  • It is so funny reading articles like this and seeing comments like boo government, then reading comments on net neutrality... The government and each of its parts, individually and as a whole want to stay alive and relevant just like any company and church. Self preservation, we evolved like this.
  • I said boo government on net neutrality and I'll say it here and at every chance I get :-)
  • So if anyone thought all this hacking was done by 15 year old nerds in their bedrooms...... Think again.
  • You are being watched...
  • And that's why I wink to my webcam every so often. 
  • Sounds like the government might need physical access to the hardware to pull off this particular attack... Anyone know if this is true or not? An attack requiring physical access to the hardware is much less worrisome because it can be thwarted by keeping hardware containing truly sensitive information on your person or otherwise secured. Also it cannot be used for mass surveillance... Only targeted surveillance of someone they are suspicious enough of to justify the expenditure of significant resources.. Still worrisome but not nearly as much.
  • I read in 2011 this had been done by a security expert for one of the AV companies. He claimed then, that you had to physically alter the TPM chip. I guess we will never really know.
  • Wether you people agree or not, CIA, goverments, bla bla bla; they all already have access to your data/encrypted data. Nothing is hidden from them.
  • While this may be true, being able to use what ever they do have obtained illegally in a court of law is a entirely different matter. Cry me a river if you want but then build me bridge to get over it... Posted from my HTC M8
  • Yes the could be different in court of law if they didn't own the court of law. If they can access your data illegally that you won't even notice, don't you think they can pass the court of law? Because court of law, CIA, FBI are all one goverment and they keep secret of each other.
  • Don't really care if they snoopin, if I was that scared of my stuff getting out I wouldn't do, I'm not dangerous or terrorist, what they gonna find, oh some normal ass dude is playing Xbox on windows 10, they probably pay no mind to any of u crying about ur data.
  • Same here. Don't care too. But I told reality.
  • Is this really surprising or shocking? That a country's spy agency is seeking to defeat the technological security of another country? World War 2 Japanese/German encryption ring a bell?
  • Last time I checked, Microsoft isn't another country. 
  • i have only one wondering. why is this legal? is ms gov's property? NO! so why if i hack i get jail time and if gov agencies hack is perfectly ok? MURICA! -_-
  • That's a good question. The government makes the rules and does the illegal hacking under the guise of protecting its citizens and national security, and I'm not okay with that either. Obtaining information and evidence should be done legally and with full disclosure.
  • You got a point here.
  • We should all take photos of our ass holes and hide them in a folder marked confidential anti government data and let the bastards hack us so they can look at hairy asses all day!
  • This
  • Wow, thank you. That gave me a good laugh. The only downside is that we would probably end up paying more in taxes to cover the psychological damage done to people who had to look at thousands of assholes a day.
  • I just spit my beer all over my screen that was so funny.
  • Microsoft should sue for them willfully compromising their business.
  • Don't be evil
  • This is really old news.from my understanding is that in order to compromise a windows or mac with similar tpm implementation all someone had to do is freeze the ram with something like liquid nitrogen take it out put in another computer
  • Leave us alone government...
  • Everyone's a suspect, except the American government. They can do no wrong.
  • Sounds like it's time for Microsoft to use our come up with a different form of encryption.
  • It's a double-edged sword. It's the job of the CIA and Intelligence organizations to crack communications, so they're doing their jobs. However, that should only apply to non-US citizens both outside and inside the US. For actual US citizens they should be required to get a warrant so that there's accountability. Even though they would be bored to death reading any of my private communications, they're still mine and they have no constitutional right to them without cause.  
  • I am sick of these organizations that are supposed to protect us doing the opposite by being malicious computer users. I don't care if you are with the government or not, whether shady attorneys can figure out how to (wink wink) make it legal or not, if you are a malicious computer user exploiting technonology you are the same to me. These guys are basically hacker thugs with the protection of the government. If they find excploits for software they should report it to the vendor (in this case Microsoft), but instead they find exploits and use the exploits against anyone and everyone.  They are supposed to aim their work at adversaries, and evidentally the public is now an adversary. This stuff makes me sick.
  • What people aren't seeing is how this could be used for simpler things. Got a bunch of movies or music from a torrent? How about all those movies you "backed" up from Netflix? That is just one example. Be careful as the time is coming where we are all considered criminals in the US of A. I personally think that we are all going to have to become experts, especially when it comes to installing new harware in a machine. Gonna have to reverse engineer it just to see what's on and who's watching.