At The Crypto Con, I’ve repeatedly asserted that the use case and integrity of Bitcoin, and all forms of cryptocurrency, have been compromised right from the beginning. This is due to the existence of hardware backdoors in all of the hardware we use to buy, sell, and store cryptocurrency.
As I have already gone to pains to make clear, every modern Intel, ARM, and AMD CPU on the market has a dedicated subsystem. These subsystems are best described in simple terms as chips on chips—physical microchips embedded inside the microchips that form the heart of your computer or smartphone.
In some cases, these subsystems have their own networking capabilities. This means they can communicate via Bluetooth, Wi-Fi, and sometimes cellular networks, even when your device is powered off and even if you use physical hardware controls on your device to disable things like Wi-Fi and Bluetooth.
In every case, these subsystems also have privileged access to your physical device data storage area and any software your device runs. What this means from a cybersecurity standpoint is simple. As a device user, you have no access or control over the chip inside the CPU of your device. In fact, if you ever try to access or disable such a subsystem, you will likely brick your device, making it incapable of ever booting again. However, bad actors like hackers and three-letter agencies like the CIA may have access. In fact, such actors could be perusing all your most sensitive data, including any cryptocurrency you own right now, and you would never have any way of knowing.
Of course, Intel, AMD, and ARM all argue that the presence of such subsystems is wholly benevolent. In business contexts, the likes of Intel’s Management Engine allow business users to remotely manage systems even when systems are powered off or suspected of being stolen. However, this doesn’t explain why everyday computer users can’t disable such systems, especially given the fact that hackers have already compromised the security of such subsystems previously. You can’t even turn this so-called security feature off, even on stripped-down Android tablets intended for use as toys for small children. The looming question is, subsequently, why not?
Naturally, Intel and other CPU vendors are quick to malign any talk of such subsystems being backdoors into personal computers as nothing more than conspiracy. However, there is evidence that agencies like America’s National Security Agency (NSA) have had direct backdoors into at least all Windows computers since the 1990s.
What Is the NSA Key?
Until the release of Windows XP in 2001, a Windows software driver file labeled “ADVAPI.dll” had long represented something of an enigma to cybersecurity specialists. It was known that the driver was responsible for a range of encryption tasks in Windows. However, ADVAPI.dll seemed to have some unusual and intentionally obscured features present in every iteration of the .dll file from Windows 95 onward. Then in 1999, researchers began to realize why certain features might be obscured.
When Windows makes updates available to current operating systems, it does so in the form of stripped binary files. To make this simple to understand, when Windows developers are coding updates, they include a lot of information intended for human use. A developer may, for example, isolate a section of code and label it as something like “New Skin for Windows Media Player.”
When developers do this, they are making it easier for other developers to know what specific pieces of code in what can be large update files addressing several issues at once actually do. This makes it easy for other developers to double-check and debug code before it is released. However, adding identifiers (or what are known as debugging symbols) to code like this also makes the overall size of Windows Update files much larger.
To make update files smaller, software vendors like Microsoft usually strip code of debugging symbols before updates go live. This makes downloads faster and makes proprietary code more secure, as it is difficult for humans who might intercept files to take raw data and identify what individual bits of code actually do. However, on May 4, 1999, Windows accidentally released an update to all NT4-generation Windows operating systems without first stripping the final update file of its debugging symbols.
One of the first cybersecurity researchers to realize Microsoft’s mistake was British computer scientist Nicko van Someren. What Someren found also sent shockwaves through the 1999 cybersecurity scene. This was because, pertaining directly to Microsoft’s ADVAPI.dll driver file, Someren found two cryptographic keys. One labeled as “Key,” and the other ominously labeled as “NSAKey.”
Both of these keys were cryptographic public keys. This means that they would be used by the host Windows operating system to verify the integrity of new software signed by a trusted software vendor’s private key.
To make this simple, think of BitLocker encryption that Windows uses today. You can use your system login and password to access BitLocker and encrypt or decrypt your data. You can also generate a recovery phrase to use should you ever get locked out of BitLocker. However, only Microsoft has the private key to the BitLocker software you are using. All you have is the public key that allows your computer to verify that Microsoft’s version of BitLocker that your computer is communicating with is genuine.
Given the above, the existence of a Microsoft public key in a Windows update file isn’t unusual. With such a key, a computer can verify that software and updates from Windows and other trusted software vendors are genuine. The presence of an NSA key, though, would imply that the National Security Agency of the United States could also push programs and updates to Windows (likely without users knowing), which would also be acknowledged by Windows as legitimate and be installed and start functioning accordingly.
To put this in perspective, hackers and malicious entities absolutely love simple programs like keyloggers. These are programs that secretly record every key you press on your keyboard and send this data back to malicious third parties. Such parties then have access to anything you might have typed while using your computer. This can include anything from the contents of sensitive emails to website addresses, user login details, and user passwords for everything from online banking apps to secure online work areas and databases.
Thankfully, malicious third parties can only install things like keylogging apps on user devices if they have direct access to devices or can trick device users into installing apps themselves. However, if the NSA Key found in Windows in 1999 is genuine, this would mean that the NSA could discreetly push malicious programs like keyloggers to individual computers (or whole networks of computers), which would then be authorized to run by Windows itself.
All of this is, of course, only possible if the NSA key is/was really a key pertaining to the National Security Agency. To this day, Microsoft denies this. In fact, Microsoft took two official stances when rebuking its existence. Firstly, they argued that the discovered key was simply a misnamed genuine Windows backup key. However, at the same time, Microsoft made it clear that export rules existed that forbade Microsoft (and other technology vendors) from exporting encryption technologies overseas that the NSA was incapable of deciphering. This, though, is itself alarming, as this would imply that the key was not just genuine, but also part of a much larger NSA strategy to ensure that the agency was able to compromise the encryption of all 1990s consumer technologies.
No doubt, this will seem far-fetched to some. However, at the same time that the so-called NSA key was discovered in Windows, it was also revealed that in 1997, Lotus, a Microsoft Office competitor, had been forced by the NSA to weaken its own encryption. This way, the NSA would have a backdoor into all documents and emails created using the Lotus Notes Office Suite used by millions of individuals, businesses, and governments worldwide. Keep in mind that this is also a recorded fact, not mere speculation or hearsay.
Other Known NSA Backdoors & Security Agency Cybersecurity Threats
For the most part, when average consumers with only a passing understanding of cybersecurity think of cybersecurity threats, they bring to mind wholly software-based threats. We are all aware of the existence of viruses and malware. Because of this, we spend billions every year on antivirus software and malicious software removal tools. However, thanks to people like the NSA whistleblower Edward Snowden, we know that since at least the 2000s, agencies like the NSA have strived to embed security backdoors and spyware into physical microchips that most of our current consumer technology relies on to function in the first place.
Within the thousands of classified NSA documents that Edward Snowden released in May 2013, there are details of an NSA program implemented by the Signals Intelligence arm of the NSA (SIGINT), the aim of which was, by 2013, to have embedded backdoors into a wide range of new-to-market microprocessors specializing in encryption.
Embedded subsystems on laptop and desktop CPUs like the Intel Management Engine and AMD’s Platform Security Processor would certainly seem to fit the bill when it comes to the aim of the SIGINT program. However, it’s not just hidden microcontrollers in modern computer CPUs that we need to worry about.
As a case in point, few in the IT sector will ever forget the release of Windows 8.0 in late 2012. This was the successor to Windows 7, which famously dispensed with the traditional Windows Start Menu. Instead, Windows users who upgraded unwittingly to Windows 8 were met with Windows’ new “Metro” desktop metaphor. While a delight for some touchscreen device users, the new so-called “Start Screen” caused nothing but headaches for businesses and Windows power users. However, in Germany, it wasn’t just the change in the standard user interface of Windows that upset some cybersecurity researchers.
On the coattails of Windows 8.0 in 2012 came a new generation of computers—specifically, computers equipped with Trusted Platform Module (TPM) chips. Their purpose? Officially, TPM-equipped devices and their successors today are used to harden host operating systems against security threats like malware and viruses. They do this by working with host operating systems to determine what software can and cannot be installed on a device, independently of device users.
In Germany, the Federal Office for Information Security quickly raised alarm over TPM and Windows 8, specifically due to the fact that Trusted Platform Module security chips and compatible computer operating systems completely remove control from end computer users over what software is allowed to run on TPM-enabled devices. In fact, the problem with TPM is similar to that posed by the so-called NSA key from way back in 1999.
While the Trusted Platform Module chip embedded in most new computer motherboards can prevent malicious third parties from booting alternative operating systems or software when they have physical access to devices, the TPM chip only does what its programmers want, not what end computer users might want. If the likes of the NSA (who are leading promoters of TPM technology) therefore have access to chips during manufacture, they can essentially decide which of their own programs are allowed to run on devices, without end device users ever knowing. This was why German authorities urged state departments to avoid using Windows 8 on launch. Moreover, this is why several German and European powers have begun steadily migrating from Windows to open-source operating systems like Linux since 2012. (This is due to the fact that TPM technology only works with compatible host operating systems like Windows.)
One internal document from Germany’s Ministry of Economic Affairs in early 2012 states:
“Due to the loss of full sovereignty over information technology, the security goals of ‘confidentiality’ and ‘integrity’ are no longer guaranteed.” The same document goes on to state: “This could have significant impacts on the IT security of the Federal Administration,” before concluding by saying that: “The use of ‘Trusted Computing’ technology in this form… is unacceptable for the Federal Administration and for the operators of critical infrastructures.”
In short, German IT officials strongly suspected that the likes of the NSA really did have access to the Trusted Platform Module chips in new Windows computers.
Rüdiger Weis, a professor at Beuth University of Applied Sciences in Berlin, also went as far as to identify three theoretical ways in which TPM chips could be vulnerable not just to NSA spying, but also to spying by Chinese intelligence services (due to the fact that all TPM chips are manufactured in China).
The Enigma Enigma You Probably Don’t Know About
Were German state officials in 2012 just being paranoid about the idea of the NSA and possibly the Chinese having a backdoor into all new Windows 8 computers? In short, probably not. It was Germany, after all, that set the stage for encryption and cybersecurity as we know it.
From the 1920s until near the end of WWII, Germany was leagues ahead of the rest of the world when it came to its military and government communicating via state-of-the-art encryption. We’re talking, of course, about Enigma.
Originally, Enigma machines were commercially available electromechanical ciphers available to German domestic as well as military users. They worked by using rotors that swapped pairs of letters on a keyboard to encrypt messages that could be sent by telegram. Every day, the settings of linked pairs of Enigma machines would be changed so that even if a cipher sent by Enigma was broken once, ciphers the next day would remain secure.
Secured exclusively for military use during WWII, the use of Enigma gave Germany a significant edge over Allied forces. This was why the British famously enlisted the visionary mathematician Alan Turing to head a special group at Bletchley Park tasked with breaking the Enigma code. Today, we know that this effort was successful. However, what most people in the West aren’t aware of is the fact that the United Kingdom and the United States kept the breaking of Enigma a shared state secret until long after WWII was over.
Why breaking Enigma was kept secret was simple. When the Second World War was over, the U.S. and UK went to lengths to gift fellow allies captured Enigma machines, which they could use to send and receive secure interstate communications and diplomatic cables. All that allies of the UK and U.S. weren’t aware of for several years post-WWII was the fact that the Enigma code had long been broken and that, as a result, the UK and U.S. had gifted Enigma machines only to spy themselves on sensitive correspondence.
Global Military-Grade Encryption Backdoors
Following the success of German Enigma machines to snoop on allies long after WWII, the CIA went one step further in the 1970s by secretly purchasing a Swiss company called Crypto AG, which specialized in military-grade encrypted communications technology.
The goal of acquiring Crypto AG was simple. Switzerland, as a country, has a habit of abstaining from most global conflicts. Granted, Swiss banks have a habit of offering their financial services to both sides of many such conflicts. However, for the most part, Switzerland is perceived as a neutral political power on the world stage. The CIA, therefore, hoped that by secretly acquiring Crypto AG, they could dominate the world of secure, encrypted communications by building clandestine backdoors into all Crypto AG technologies.
Fast forward to the mid-1990s, and Crypto AG was regularly selling supposedly state-of-the-art encryption and cipher technologies to over 120 countries, including Libya, Iran, India, Pakistan, and several countries in South America. All that Crypto AG customers were not aware of was the fact that backdoors existed in all such devices, which gave the United States, UK, and Germany clandestine access to even the most secure and sensitive of communications.
Over the same period, the American-owned military-grade microchip manufacturer Actel was busy building backdoors into a host of chips used in defense technologies and critical civil infrastructure systems, even those tasked with securing the safety of nuclear power plants and nuclear material transport systems. Some even argue that such Actel backdoors form the basis of how nuclear and critical infrastructure-specific cybersecurity threats like Stuxnet are able to be deployed and compromise some civil and defense infrastructure platforms so absolutely.
Going Postal
Given the fact that for over half a century, the United States intelligence services have gone to several extraordinary lengths to backdoor almost all global encrypted communications, the idea that the same intelligence services might have a backdoor into your home computer shouldn’t seem so shocking.
Let’s also remember that the 1997 backdoor into the Lotus Notes Office Suite isn’t a matter of conjecture. This backdoor did exist, was exposed, and was used by the NSA to spy on Lotus Office Suite-created documents and emails. At the same time, Lotus regularly gave away free versions of its software in the form of free CDs in popular computing magazines. It is, therefore, not the case that the NSA was hoping to gather data from a few niche people of interest. Rather, they knew full well that most people using Lotus were regular, often budget-conscious home computer users. Why then, would the likes of the NSA not have a similar way of infiltrating Windows?
When thinking about this, we should also keep in mind that agencies like the NSA mandate that all microprocessor subsystems like the Intel Management Engine embedded in all current consumer technologies are disabled before devices become part of government or agency networks. They still insist that these subsystems are safe and definitely not backdoors. They just don’t want them inside their own computers.
Thankfully, there are computer vendors like System76 who allow regular members of the public to purchase modern computers with subsystems like the Intel Management Engine disabled. It is also theoretically possible to avoid security risks posed by the likes of the Intel Management Engine by simply using older, pre-2008 computer hardware. There is just one problem.
According to the NSA whistleblower Edward Snowden, the NSA operates a department called the NSA Access and Target Development Department. This is an entire department tasked with using the postal service to intercept computer and networking technologies ordered online.
On being intercepted, packages are opened, inspected, and contents are implanted with hardware backdoors (if they don’t have them already) before being forwarded on to unsuspecting consumers.
Of course, there is the old saying that if you have nothing to hide, you have nothing to fear. However, if you are purposefully looking for the likes of a System76 computer to avoid being (potentially) spied on by government agencies, this would imply that you have something to hide.
It should also be kept in mind that three-letter agencies like the NSA don’t spy on individuals or groups retroactively after flagging individuals or groups as security threats. Rather, such agencies strive to have constant, real-time, total data awareness.
Put simply, you are not a person of interest. Everyone, everywhere, all the time is a person of interest. Whether you like it or not, this is just the smartest way to go about intelligence gathering. After all, if you know absolutely everything about everyone everywhere, you will rarely be caught out by anything.
The Implications of NSA Total Information Awareness for Cryptocurrency
At this point, you might be asking yourself how what has been a short crash course in NSA spying history pertains to the world of cryptocurrency today. In reality, though, the implications are simple.
Safe storage of any form of digital currency relies absolutely on devices where such currency is stored being impenetrable to hackers and other malicious third parties. As it stands, it can be proven without doubt that American three-letter agencies like the NSA have strived to have clandestine physical and software-based access to all consumer computing electronics and military-grade computing devices for at least the past two decades.
If your hardware wallet runs using a chip from ARM, your security is compromised. If your laptop runs an AMD or Intel CPU, your security is compromised.
If you want to make things super simple, we were given cryptocurrency in the first place only so that a few humans could play at being rich for a while before the powers that be began implementing total economic control over everyone.
There is no such thing as a cryptocurrency cipher the NSA cannot break or bypass via embedded technologies to confiscate any crypto you own if they want to. At present, if you own cryptocurrency, you are just being allowed to own it in the same way that countries like Libya and Iran spent 20+ years believing that using Crypto AG technologies allowed them to communicate secretly.
This is why, for now and in the future, a sound mind will always realize that cryptocurrency has no real inherent value. It’s called cryptocurrency to sound secure. In reality, though, it’s far less secure than any medium of exchange that humans have ever invented because someone made it that way before you even thought about buying it.