NSA exploits Microsoft's internal error message

We have all received the message at one point or another; that anooying little window that pops up informing you that an internal error has been detected, it asks you if you would like to send an error report - apparently the action of reporting the bug allows the NSA's Tailored Access Operations (TAO) a way to spy on your computer - offered up on a silver platter by you.

According to the report from Der Spiegel, when TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft.



The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.

Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant.



A Microsoft spokesperson asked to comment on the reports was quoted in The Hacker News as stating, "Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about government actions are true."