next up previous contents
Next: Surveillance Up: New methods Previous: Net tapping   Contents

Backdoors

There are two different kind of backdoors: backdoors installed by intruders in a system to get back into the machine even if the administrator tries to secure it, for example, by changing all the passwords. The other kind of backdoors are mechanisms included in a program by the manufacturer.

In this context, the later case is more interesting. It allows the manufacturer or somebody else who knows about this backdoor to get access to installations of or data produced with this software. Sometimes, it is known that such a backdoor exists, but in most cases, this is a secret.

A known case is Lotus Notes. According to [22], in 1996, a backdoor was installed in the export version of Lotus Notes. The export was approved in exchange of having Lotus Notes turn in the key to the backdoor. Thus, the U.S. has the ability to read all encrypted messages written with Lotus Notes export version.

Although this was not kept secret, one should assume that there are certainly similar cases with other software packages exported by American companies.

Another example is cited in [6]. The American NSA (National Security Agency) "has been accused of getting confidential information from the World Bank and other international banks via a software trap the banks did not know existed". In 1992, an American House Judiciary Committee concluded that "there was a substantive evidence that software with the alleged trap door was illegally sold during the 1980s".

The most serious case I found described the encryption systems manufactured by the Swiss company Crypto AG. This company is one of the leaders in encryption systems, and its products have been bought by many governments all over the world, including countries like Iran and Libya. According to several reports (see [16], [17], [18]), these systems have a backdoor in form of a universal decryption key. This was also forced by the NSA which is in possession of this key. The author in [16] describes a number of cases in which the NSA was able to decrypt important messages from foreign governments which were protected by Crypto AG's systems. Whether or not this is true, it shows how easy it may be to intercept secret messages when the system used is manipulated.


next up previous contents
Next: Surveillance Up: New methods Previous: Net tapping   Contents
Tim Wellhausen
2000-01-20