NSA spying on Microsoft Windows crash error reports

ms-error-reportingIf you’ve used Microsoft Windows for any length of time, then a dialog box like this will be no stranger to you:

You may think that it’s harmless enough to click on the “Send Error Report” button and send details of the crash to Microsoft, but recent revelations about NSA surveillance underline that there are risks.

For instance, did you realise that by default Windows crash reports are sent unencrypted, potentially exposing information about the setup of your computers?

The error messages appear when a Windows programme stops working or ‘freezes’ and a computer user can choose to send an error report to Microsoft to highlight the problem, which is designed to help Microsoft engineers improve their products and fix bugs.

News that the reports are being sent to the controversial organisation’s top hacking unit, the Tailored Access Operations (TAO) division, come from the latest leaked documents from Edward Snowden, The Huffington Post reported.

According to a leaked presentation seen by Der Spiegel, the NSA’s TAO (Tailored Access Operations) division can be automatically notified whenever a targeted computer sends a crash report.

The automated crash reports are a “neat way” to gain “passive access” to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.

To understand more about the threat, check out this investigation from the researchers at Websense.

While there is no evidence to suggest that British intelligence agencies are using the same technique, Mr Clueley said it ‘would not be a massive shock’ if it was later discovered that they were, as the NSA and GCHQ have used a variety of similar methods to snoop on people in the past.

Bizarrely, whoever created the NSA presentation found the interception of the Windows crash error reports so amusing that they mocked up a version of the familiar dialog with their own wording,


Truly bizarre.

If (unlike the NSA) you fail to see the funny side of this, and want to prevent computers in your organisation from sending Windows Error reports to Microsoft (and potential snoopers) you may wish to make a group policy setting change.

And maybe it would be good if Microsoft made some changes at its end too, ensuring that future crash reports are sent properly encrypted.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s