Feeds

Microsoft, HURTING after NSA backdooring, vows to now harden its pipe

Snooping on private messages 'breach of the 4th Amendment'

Secure remote control for conventional and virtual desktops

Microsoft is scrambling to encrypt its data centers' interlinks – after a fresh Snowden leak suggested the NSA and GCHQ tapped into the cables and intercepted sensitive network traffic.

Documents obtained by the Washington Post from the whistleblower show that Microsoft's Hotmail, Windows Live Messenger services and Passport communications were scanned by software called Monkey Puzzle, which was developed at the British snooping nerve-center GCHQ.

Reaching into the private unencrypted interlinks allows both intelligence agencies to effectively spy on Microsoft customers, and copy their messages and address books, it is claimed.

"These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution." Brad Smith, Microsoft's general counsel, said in an email to The Register.

Smith, given his role as a legal eagle, also pointed out that the documents don't constitute proof per se that the NSA is tapping into its traffic surreptitiously. But he said the company's engineering teams will be beefing up security, "including strengthening security against snooping by governments."

Sources familiar with the matter say Microsoft will get to work on shielding its network traffic in the coming days, and senior executives are meeting to discuss the issue and plan a response. The Windows giant is already smarting from the commercial and reputation hit it has taken from the PRISM scandal and the latest situation just adds salt to the wound.

One email in Edward Snowden's leaked dossier, dated November 2009, comes from a developer at GCHQ. It explains how the Monkey Puzzle software can scoop data from Google, Yahoo! and Microsoft Passport, saying "the NSA can send us whatever realms they like right now."

Snowden also revealed PowerPoint decks rated top secret showing that "metadata-rich" address books were downloaded and stored on multiple databases. One showed the interception of a message on the now-defunct Windows Live Messenger system.

The news comes a month after another leak from the globetrotting whistleblower showing that the NSA was doing the same thing with Google and Yahoo!'s interlinks. One Google engineer was moved to obscenity when shown the tapping plans, dubbed Project MUSCULAR by the NSA, and El Reg wonders if Redmond CEO Ballmer is turning the air blue this morning.

Following the October leak, Yahoo! announced it will begin encrypting its interlinks between data centers, and Google has been doing so for some time. But Microsoft said it was holding off on such a move as little as two weeks ago.

Based on the documents released so far, tapping data-center interlinks appears to occur mostly overseas – where the NSA can operate solely on presidential say-so alone rather than having to get permission from the courts. The spooks are also reportedly going through third-party companies to slurp the data.

"NSA's focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the US government," the agency told WaPo in a statement. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.