Evidence For The Microsoft WinXP Pro Bugging Device
By Mark McCarron
( MarkMcCarron_ITT@hotmail.com,
angelofd7@icqmail.com)
Introduction
In the first article, I set out a 'hypothesis' and
progressed through the Microsoft Windows XP Operating
System demonstrating it to be a bugging device. Since,
then, all types of accusations have appeared about my
motivations, from 'propaganda' to 'delusions'. I think
what people were really asking, was rather than
providing a vague overview, could I provide a
technical, point-by-point, breakdown of the OS, that
is both clear, concise and accurate that demonstates
it function as a 'bugging device'.
No problem. Well, I could not be expected to put up
with that now, could I? After all, a chance to kick
the big guy, square in the digitals, would be a sin to
waste. The hacker, Cracker and Open Source community
would never forgive me.
This time, there is no hypothesis, nor anywhere to
hide...
...and it's not 'exactly' a bugging device, its 'a
whole lot more'.
Hello, Hello, Hello...What Do We Have Here Then?
As we demonstrated throughout the hypothesis of the
previous article, Windows XP can clearly be
'interpreted', as having been designed for espionage,
specifically, as a remote 'bugging device'. This gives
us good grounds from which to launch an examination of
the physical evidence. If the hypothesis had not given
'grave cause for concern', nor demonstrated, that the
Microsoft Windows XP could be designed for that
purpose, such an examination, in public, would have
been unfair to Microsoft.
We are going to view the various forms of supporting
evidence, available across the Internet, and build a
clear overview of what I see in Windows XP. I will
maintain the same structure as the first article
throughout, with slight alterations, and provide both
references and commentary from a forensics point of
view.
Please Note:
Anything that appears in this document, is the sole
responsibility of its author and not, necessarily, a
view shared by the distributers of this information
(i.e. websites, etc). It is provided as a source of
information, only. All legal liability belongs to the
author.
Microsoft Windows XP - The Supporting Evidence &
End-User Tests
Conducted: September 2004
Conducted by: The GIEIS Project
Department: Forensic & Cyber-Psycho Warfare
Note: You must be online for any form of remote
connection.
Connection attempts can be tested by end-user. Install
a firewall,
such as Sygate's Personal Firewall (FreeWare V5.5
2525) and leave it
to ask for each connection.
You will need full ownership and 'special priviledge'
rights to
examine this in detail.
General Features
1. Start -> Search :)
a. Click Start->Search and Select 'For Files and
Folders...'
b. Notice the connection attempt to Microsoft captured
in your
Firewall.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to Microsoft.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home'.
h: Notice this statement:
WinXP Search Assistant Silently Downloads
http://www.theregister.co.uk/2002/04/11/winxp_search_assistant_silently_downloads/
or:
http://makeashorterlink.com/?O56822569
"When you search the Internet using the Search
Companion, the
following information is collected regarding your use
of the service:
your IP address, the text of your Internet search
query, grammatical
information about the query, the list of tasks which
the Search
Companion Web service recommends, and any tasks you
select from the
recommendation list."
i. Notice the IP address is stored by Microsoft
(during beta testing).
j. Notice Microsoft, therefore, has a list of
developers.
k. Notice grammatical information's primary use is in
psychological
profiling.
l. Notice there is no other reasonable explanation to
store grammer,
as the text is already stored. Grammer is of no use in
'keyword' text
searches, as it is a literal search.
m. Notice how it is all related against marketing
information.
n. Notice this is by design.
o. Notice this is intentional.
You are therefore a number, not a citizen. :)
2. Help System, F1
a. Press F1 to bring up help, in any Microsoft
application.
b. Notice the connection attempt made randomly (keep
trying!) to
Microsoft captured in your Firewall.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to Microsoft.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home'.
h. Notice this is by design.
i. Notice this is intentional.
You are therefore a number, not a citizen. :)
3. Microsoft Backup
a. Change the ownership of a second drive, then use
backup to copy the
files.
b. Notice this provides rapid disk access.
c. Notice this was designed by 'security experts'.
d. Notice this is by design
e. Notice this is intentional.
4. Process Viewer (Task Manager)
a. Press CTRL-ALT-DEL to get to the task manager,
b. Now select the 'Processes'tab.
c. Examine how there is no 'useable' information from
which a file
process can related to real file information.
d. Use another process viewer and compare the output.
Notice that
Windows was designed to restrict this output to the
end-user.
e. Notice that applications have the 'option', to
appear on this list.
f. Notice that this would require the 'creation' of
another product,
to perform this task.
g. Notice this is by design.
h. Notice this is intentional.
5. Dr Watson
a. Examine previous implementations of Dr Watson on
earlier versions
of Windows, in relation to XP implementation, type
'drwatson' in the
run box.
b. Notice the lack of output of vital information
required to locate
keyloggers, etc.
c. Notice the output has been replaced by a simple
message box.
d. Notice that this required deliberate modifcations
to the earlier
implementations.
e. Notice this is by design
f. Notice this is intentional.
6. The Windows Registry
a. Run the registry editor by typing 'regedit'
b. Progress through every entry
c. Notice each entry with personal information.
d. Notice that the windows activation code, is
actually a form of
combined report and MD5-type identifier that uniquely
identifies the
end user's machine and the end users hardware.
e. Notice that the registry is divided into clear
sections, separting
human and machine generated material.
f. Notice how this provides consistant
psycho-analytical information
in the appropriate format.
g. Notice how information is scattered throughout the
drive.
h. Notice this is by design.
i. Notice this is intentional.
7. Temporary Files
a. Check under C:\Documents and
Settings\Administrator\Local
Settings\Temp and for any user name you may have.
b. Notice the extensive amount of files retained in
this folder that
are required.
c. Notice the 'various contents' of those files.
d. Notice this was designed by 'experts'.
e. Notice this is by design.
f. Notice this is intentional.
8. Recycle Bin
a. Disable the recycle bin,
b. Clear a new parition,
c. Make sure all files can be seen and you have full
owership rights
throughout all containers and sub-containers.
d. Now create a text file and delete it.
e. Notice the creation of the 'RECYCLER' folder.
f. Notice this step is redundant,
g. Notice it creates a copy of your file.
h. Notice it waste cycles because it must delete the
copy & the
origonal.
i. Notice that this is deliberate coding.
j. Notice this is by design.
k. Notice this is intentional.
9. Recent Files
a. Check under C:\Documents and
Settings\Administrator\Recent and for
any user name you may have.
b. Notice the extensive amount of files retained in
this folder that
are not contained under the Start button's 'My
Document's'.
c. Notice that additonal screens have been introduce
to obscure the
'Clear' button.
d. Notice the clear button only remove 'certain'
links.
e. Notice each new file, is more information hidden in
alternate
datastreams, throughout the drive.
f. Notice there is no reason for this.
g. Notice that this is recording your activities
h. Notice the pattern of behavior.
i. Notice this is by design.
j. Notice this is intentional.
10. NotePad
a. Create a text document and write a document.
b. Now save it, watch how the screen jumps to the
position of the
cursor.
c. Notice that this requires 'specific' coding.
d. Notice how RTF documents do not line-space copy and
pasted text.
e. Notice how this would push you towards Microsoft
Office.
f. Notice this is by design.
g. Notice this is intentional.
11. Swap Space/Virtual Memory/Page File
a. Notice that it cannot be disabled.
b. Notice that this would require the 'creation' of
another product,
to erase sensitive information.
c. Notice this is not a design requirement, but, an
'extra addition'
to the code.
d. Notice this is by design.
e. Notice this is intentional.
12. Firewall
a. Notice that Messenger (Not MSN Messenger) bypasses
the incoming
firewall.
The issue is described here:
http://www.windowsxpatoz.com/cgi-bin/search/index.cgi?answer=1036285319&id=
=1234567890
b. Notice that this allows the transmission of any
form of data into
your PC, with the 'proper exploit' (backdoor access
code).
c. Notice it is incoming only
d. Notice this allows information to leave your PC
unrestricted.
e. Notice that this was designed by 'security
experts'.
f. Notice this is by design.
g. Notice this is intentional.
13. Memory Usage
a. Notice that memory leaks are associated with
pointers and
references.
b. Notice that pointers and references generated at
runtime, are
normally variables.
c. Notice that a variables would normally contain, so
form, of
end-user inputted information.
d. Notice how these 'memory leaks' are written to disk
by the swap
system, that cannot be disabled.
e. Notice how this creates highly specific MFM
recoverable reminants
of sensitive information.
f. Notice how this procedure is by human design and
not a natural,
expected progession of the code.
g. Notice how this degrades the performance of your PC
during usage.
h. Notice how this forces upgrades to new Operating
Systems and
Hardware.
i. Notice how this is equivilent to 'sabotage through
design' of
end-users machines.
j. Notice how this generates new capital through new
'updated'
versions of products.
i. Notice that this is highly illegal and breaches
monopoly commision
rules.
j. Notice this is by design.
k. Notice this is intentional.
14. Automatic Updates
(See Services)
15. Raw Sockets
a. Windows sockets embed your IP address into the
packet header.
b. Notice this is a US DoD/DARPA design
implementation.
c. Notice that this design allows for MAC resolution
through ARP/RARP
cache.
d. Notice Windows prevents creation of new protocols.
f. Notice this is by design.
g. Notice this is intentional.
16. Remote Access Bugs
a. Notice how the latest 'update' allows all security
to be breached
remotely and swiftly.
Security Watch Special: Windows XP SP2 Security Center
Spoofing Threat
http://www.pcmag.com/article2/0,1759,1639276,00.asp
b. Notice how there is no real security
WinXP SP2 = security placebo?
http://www.theregister.co.uk/2004/09/02/winxpsp2_security_review/
c. Notice that since my first article Microsoft
updates to SP2 are 80%
lower than than expected.
Microsoft misses XP SP2 target by 80 million
September 22 2004
by Paul Festa
Only one-fifth of target PCs updated since launch.
http://www.silicon.com/research/specialreports/enterprise/0,3800003425,391=
24199,00.htm
d. Notice that it had a major impact on business
decisions.
Corporate users snub Windows XP SP2
Published on: Wednesday, 22 September 2004, 09:37 GMT
http://www.ebcvg.com/news.php?id=3774
Firms aim to tighten Linux security
Published on: Friday, 24 September 2004, 16:30 GMT
7 million EURO investment
http://www.ebcvg.com/news.php?id=3817
e. Notice that Microsoft 'loses' code:
"Back in February federal judge Ron Boyce requested
Microsoft to turn
over some DOS, Windows 3.X and Windows 95 source code
to Caldera's
lawyers and expert witnesses. Microsoft refused, so
last month the
judge gave them five days to hand it over or face
fines. Caldera CEO
Bryan Sparks says that Microsoft gave them most of it
within the five
days, but they "didn't deliver all the source code.
They said they
couldn't find some of the Windows 95 and DOS source
code we
requested." Sparks said that Caldera will file a
formal complaint to
force Microsoft to, um, "find" the missing code. This
is a sure sign
of desperation."
f. Notice how absurd this is.
h. Notice that exploits for code are available almost
immediatly
available upon release.
i. Notice highly sophisticated applications and code
are available to
exploit the code, almost immediatly.
j. Notice the consistant lack of development time.
k. Notice a remote access bug is no different than a
'backdoor access
code'.
l. Notice a free Operating system, OpenBSB, can
achieve this without
much funding.
m. Notice Microsoft has 'nearly' all the money in the
world.
l. Notice the consistant pattern of behavior.
m. Notice this is by design.
n. Notice this is intentional.
17. Music Tasks
a. Notice how you are not told Microsoft is
advertising.
b. Notice how this is 'subtly' introduced and located.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to 'a consortium of US
businesses'.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home'.
h. Notice how you, your machine and your 'personal
habits' are
uniquely connected to each session.
h. Notice this is by design.
i. Notice this is intentional.
18. Windows Media Player
a. Notice that updates cannot be disabled.
b. Notice that this application can be modified at
will.
c. Notice your computer and user account is uniquely
identified by
default.
d. Notice remote access to your music library is
granted by default.
e. Notice this allows any radio station to examine the
contents of
people's collections.
f. Notice this identifies end users uniquely that have
extensive media
collections.
g. Notice that Windows Media Player, searches for
every media file
throughout your drive.
h. Notice how subtle these 'features' are.
i. Notice that this is a 'phone home' to the 'US based
consortium'.
j. Notice how you, your machine and your 'personal
habits' are
uniquely connected to each session.
k. Notice this is by design.
l. Notice this is intentional.
19. Alternate Data Streams
a. Notice there is no facility to examine the
alternate data stream.
b. Notice that Microsoft didd not inform people that
thumbnails were
cached in this area.
c. Notice for years, US security products did not
clean this area of
the drive.
d. Notice there is still not great support for
cleaning these areas.
e. Notice how obscure the setting is to disable this
'feature' is.
f. Notice how subtly it is placed in the middle of
options, such as
not to draw attention.
g. Notice that the 'What's this?' option does not
mention any of these
facts.
h. Notice that you are warned folders may take longer
to open if it is
disabled.
i. Notice that this 'cache' was never required before.
j. Notice that it should not any longer, than a
millisecond, to open a
non-cached folder than a cached folder.
k. Notice, this is not the case.
l. Notice this is by design.
m. Notice this is intentional.
20. Stability
a. Notice how memory leaks would prevent longterm
application
execution, due to memory corruption and fragmentation.
b. Notice the random memory 'Access Violations', that
terminate an
application's execution on a randon basis.
c. Notice how this could have resulted in a major air
disaster.
Microsoft software implicated in air traffic shutdown
http://news.zdnet.co.uk/0,39020330,39167074,00.htm
d. Notice how money is placed before human life.
e. Notice Microsoft's complete disregard for health
and safety
practices of mission-critical systems.
f. Notice how Microsoft does not mention the source of
the problem.
g. Notice this is by design.
h. Notice this is intentional.
21. Web-Cams and Microphones
a. Notice that these devices can be activated remotely
b. Notice that this can be done in 'stealth'
c. Notice that this is by design
d. Notice the current deployment of worm
Meet the Peeping Tom worm
http://www.theregister.co.uk/2004/08/23/peeping_tom_worm/
e. Notice how independent actions can exploit
sophisticated breaches
almost upon release.
f. Notice that this absurd without sufficient
development time.
g. Notice this is another 'scam'.
h. Notice this is by design.
i. Notice this is intentional.
22. Control Panel
a. Notice how the control panel has been replaced by a
simple menu by
default.
b. Notice that the majority of end-users would not
know how to revert
to the old one.
c. Notice how this cuts of access to event messages
and numerous vital
monitoring services throughout Windows.
d. Notice how Windows policy, is to make end user,
more and more,
technically retarded, rather than encouraging the user
to expand their
knowledge.
e. Notice how it is designed to look like a childs
toy.
f. Notice how this affects human behavior by making
the end user feel
comfortable, relaxed and 'unthreatened'.
g. Notice how this encourages people to 'open up',
rather like a
psychiatrist and a comfortable chair.
h. Notice how subtle these modifications are.
i. Notice it is all by design.
j. Notice the consistant 'psychological aspect'
embedded into Windows.
k. Notice this is by design.
l. Notice this is intentional.
23. Automatic Error Reports
a. Notice how all system information is transmitted to
Microsoft.
b. Notice how that includes 3rd party applications.
c. Notice this is 'automatic'.
d. Notice there is no clear way to disable the
function.
e. Notice the extensive amount of information, both
traceable,
profilable and user related.
f. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to 'a consortium of US
businesses'.
g. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
h. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
i. Notice that no information about this event is
provided to the
end-user.
j. Notice that this is a 'phone home'.
k. Notice the pattern of behavior.
k. Notice this is by design.
l. Notice this is intentional.
Internet Explorer 'Features'
1. Temporary Internet Files
a. Go to C:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files (or your username).
b. Notice that this is not the real files.
c. Change the ownership rights of the drive.
d. Give yourself full permissions.
e. Notice you do not have full permissions as default.
f. Notice that to obtain full permissions requires
extensive training
in Windows.
g. Notice 95% of end-users would not have such
training.
h. Notice that 95% of end-users are unable to view the
contents of the
files and folders.
i. Notice that Windows is a domestic platform
j. Notice that this is not consistant with end-user
requirements.
k. Notice how awkward Windows makes everything.
l. Notice this is by design.
m. Notice this is intentional.
2. Index.dat
a. Notice this file is invisible to 95% of end users.
b. Notice this file cannot be accessed by 95% of end
users
c. Notice that this file associated personal logons,
with internet
activity.
d. Notice it records even deleted material.
e. Notice it has date and time stamps located
throughout.
f. Notice the focus on recording images viewed.
g. Notice how your web activities are monitored.
h. Notice how this is completely redundant
i. Notice this is by design.
j. Notice this is intentional.
3. Cookies
a. Notice usernames and encrypted password are stored
in these files.
b. Notice these files are access by US market
research.
c. Notice that information is gathered as you
progress.
d. Notice that this is providing a 'continuously'
updated profile.
e. Notice there is no requirement for cookies.
f. Notice that major US sites refuse to function
without having access
to read/write functions on your drive or
scripts/ActiveX, etc.
g. Notice how obscure the clear function is located
and 'titled'
h. Notice how obscurely located the folder is.
i. Notice this is by design.
j. Notice this is intentional.
4. Auto-Complete
a. Notice that this is enabled by default.
b. Notice the wide range of user inputted information
it retains.
c. Notice that this is stored in a quick access area.
d. Notice how when disabled, it keeps prompting for
reactivation.
e. Notice how that prompt cannot be disabled.
f. Notice how annoying that becomes.
g. Notice that this would encourage reactivation.
h. Notice this is by design.
i. Notice this is intentional.
5. MSN Messenger
a. Notice how MSN Messenger behaves like a trojan
Windows Messenger Trojan Update
http://www.theregister.co.uk/2002/04/02/windows_messenger_trojan_update
b. Notice how it is activated upon hotmail activation.
c. Notice that no clear explanation is given to why.
d. Notice that Microsoft has proved it has control of
your PC remotely.
e. Notice how by default it loads at startup
f. Notice that this loads it 'trojan' capabilities
into memory.
g. Notice MSN Messenger, technically, intercepts
keystrokes by design.
h. Notice how updates are forced upon the end-user,
even if they do
not have the product.
i. Notice how it cannot be uninstalled.
j. Notice that Microsoft is recording your deleted
contacts
k. Notice this is part of a highly consistant policy.
l. Notice this is by design.
m. Notice this is intentional.
Microsoft Windows XP Services
1. Application Layer Gateway Service
Download Sygate's Personal Firewall (Freeware) and
leave it on
training mode.
a. Create a LAN with ICS
b. Connect to the Internet
c. Notice the various connection attempts
d. Notice the connection attempt to ARIN captured in
your Firewall.
e. Notice that none of these connection are required.
b. Notice the connection attempt to Microsoft captured
in your
Firewall.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to Microsoft.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home' to a US
'consortium'.
h. Notice this is by design.
i. Notice this is intentional.
You are therefore a number, not a citizen. :)
2. Automatic Updates
a. Notice that this enabled by default.
b. Notice that disable mechanism is obscurely located
and not part of
the services.
c. Notice that old flaws are relaced with new ones,
during an update.
d. Notice this transmits information between you and
Microsoft on a
very regular basis.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol, directly to Microsoft.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home'.
d. Notice how this a 'rotational approach' were new
and old flaws are
simply removed and re-introduced.
e. Notice how any software can be delivered to your
PC.
f. Notice how Microsoft has direct remote control of
any XP machine.
h. Notice that terminal servies would give them a
desktop and access
to your hardware/network.
g. Notice this is by design.
h. Notice this is intentional.
3. Computer Browser
a. Notice that every machine on the network is known.
b. Notice that this is not required.
c. Notice that this only provides additional network
traffic.
d. Notice that this provides navigational information.
e. Notice that it provides quick access to this
information.
f. Notice this is by design.
g. Notice this is intentional.
4. Fast User Switching Compatibility
Can be tested by the end user. Check 'User Accounts'
in the control
panel.
a. Notice this is enabled by default.
b. Notice that no explanation to the fact that it
hides the
administrator account is provided.
c. Notice that there is no quick access to the
administrator account.
d. Notice to get to the administrator's account
requires in-depth
knowledge of Windows.
e. Notice how this does not fit in with 'user-friendly
usage'.
f. Notice that they have tried to make access as
difficult as possible.
g. Notice that any encrypted file system can be
accessed by through
the 'hidden' administrators account.
h. Notice how easy post-forensic and psychological
analysis has been
made.
i. Notice this is by design.
j. Notice this is intentional.
5. IMAPI CD-Burning COM Service
Can be tested by end user.
a. Place a CD in the drive. (Best type CD-R)
b. Navigate through the CD and watch the title bar
move to the CD
Burning drive. This may take a while to replicate and
make sure you
can see the 'full address' in the title bar.
c. Notice that the CDs image layout has been cached by
windows.
c. Notice that files are copied to the C drive first.
d. Notice this is not required.
e. Notice that this slows everything down by making
redundant
operations.
f. Notice this is by design.
g. Notice this is intentional.
6. Indexing Service
a. Notice that this is not required.
b. Notice that Windows searches are extremely slow
without it.
c. Notice there is no reason for this to be that way,
DOS searches
like a bullet, so will my own custom search program.
d. Notice this just catalogues your drive.
e. Notice with Microsoft's remote access capability,
this provides
rapid access to files information.
f. Notice the entire system defaults to being ready
for indexing.
g. Notice the pattern of behavior.
h. Notice this is by design.
i. Notice this is intentional.
7. Internet Connection Firewall(ICF)/Internet
Connection Sharing(ICS)
a. Notice how each implementation shares your files
b. Notice how SP2 has been 'pre-configured' to do
this.
Windows XP Service Pack 2 Firewall Configuration Error
Exposes File
and Print Sharing to Remote Users
http://msmvps.com/donna/archive/2004/09/23/14011.aspx
c. Notice that this consistant pattern of behavior.
d. Notice that 5 years has passed with the same issue
since Win2k.
e. Notice that this is not an error.
f. Notice that this is a 'pre-9/11 policy'
g. Notice this is by design.
h. Notice this is intentional.
8. Messenger
a. Notice how this is enabled by default.
b. Notice that this bypasses your incoming firewall.
c. Notice that this send and recieves 'data' (No such
thing as text)
d. Notice how this can send information from your PC.
e. Notice how this can receive any form of data and
execute it with
the right exploit (backdoor access code).
f. Notice how it can broadcast to any IP address,
rather than being
restricted to NETBios or DNS names.
g. Notice how it is scriptable rather than a GUI.
h. Notice how awkward this makes usage in any
environment (standard
messages can staged in a GUI too, even imported.).
f. Notice this is not required.
g. Notice this is by design.
h. Notice this is intentional.
9. Network Connections
a. Notice that this service is simply additional
overhead.
b. Notice it is not required.
c. Notice that it catalogues your network connections
and all access
information.
d. Notice the only useful function is to provide quick
remote access
to the information.
e. Notice the clever 'bearly noticeable' addition that
this is.
f. Notice the consistant pattern of behavior.
g. Notice this is by design.
h. Notice this is intentional.
10. Protected Storage
a. Notice how this can not be viewed by any Windows
application.
b. Notice 3rd party applications can.
c. Notice that it is, therefore, by definition, 'not
very protected'.
d. Notice its only function is quick retreival of
sensitive end user
information.
e. Notice this was designed by 'security experts'.
f. Notice you've been conned. :)
g. Notice this is by design.
h. Notice this is intentional.
11. Remote Procedure Call (RPC)
a. Notice this cannot be disabled.
b. Notice that remote procedure calls, allow your PC
to be operated
remotely.
c. Notice, in 80% of case, RPC is never used.
d. Notice it was designed by people who know this.
e. Notice this provides 'listening port' services.
f. Notice the pattern of behavior.
g. Notice this is by design.
h. Notice this is intentional.
12. Remote Registry
a. Notice this in enabled by default.
b. Notice that remote access to the registry provides
access to your
entire psychological profile.
c. Notice that information is structured for rapid
access.
d. Notice no explanation is given to why it is there.
e. Notice that in 90% of cases it is not required.
f. Notice this was designed by people who know this.
g. Notice this is by design.
h. Notice this is intentional.
13. Server
(Unevaluated in this report)
14. SSDP Discovery Service
a. Notice how this service is enabled by default.
b. Notice how it is a redundant service already
provided by a PC.
c. Notice its only function is to catalogue the
devices on a network
to each node.
d. Notice the amount of bandwidth this absorbs.
e. Notice its only function is for remote orientation
and rapid
information collection.
f. Notice the pattern of behavior.
g. Notice this is by design.
h. Notice this is intentional.
15. System Event Notification
(Unevaluated in this report)
16. System Restore Service
a. Notice the quick retreival format for system
restore (edited).
C:\WINDOWS\system32\Restore\filelist.xml
1.0
E
%windir%\system.ini
%windir%\tasks\desktop.ini
%windir%\win.ini
*:\AUTOEXEC.BAT
*:\CONFIG.MSI
*:\CONFIG.SYS
c:\placeholder\ph.dll
%cookies%
%favorites%
%History%
%internetcache%
%nethood%
%personaldocuments%
%ProgramFiles%\WindowsUpdate
%windir%\Downloaded Program Files
%windir%\Offline Web Pages
%windir%\PCHealth\HelpCtr\Config
%windir%\PCHealth\HelpCtr\Database
%windir%\PCHealth\HelpCtr\DataColl
%windir%\PCHealth\HelpCtr\System
%windir%\PCHealth\HelpCtr\Vendors
%windir%\pchealth\ErrorRep\UserDumps
%windir%\prefetch
%windir%\temp
*:\~MSSETUP.T
*:\$WIN_NT$.~LS
*:\$WIN_NT$.~BT
*:\System Volume Information
*:\SIS Common Store
*:\TEMP
*:\TMP
*:\W95UNDO.INI
*:\W98UNDO.INI
*:\W9XUNDO.INI
*:\WININST0.400
*:\WINLFN.INI
*:\WINUNDO.INI
%SRDataStoreRoot%
%windir%\system32\wbem\repository
%windir%\system32\wbem\repository.tmp
%windir%\system32\wbem\repository.bak
%SystemDrive%\Documents And Settings\All
Users\Favorites
%SystemDrive%\Documents And Settings\All
Users\Documents
%SystemDrive%\Documents And Settings\Default User\My
Documents
%SystemDrive%\Documents And Settings\Default
User\NetHood
%SystemDrive%\Documents And Settings\Default
User\Favorites
%SystemDrive%\Documents And Settings\Default
User\Cookies
%SystemDrive%\Documents And Settings\Default
User\Cache
%SystemDrive%\Documents And Settings\Default
User\Local
Settings\History
%SystemDrive%\Documents And Settings\Default
User\Local Settings\Temp
%SystemDrive%\Documents And Settings\Default
User\Local
Settings\Temporary Internet Files
*:\Documents And Settings\*\Application
Data\Microsoft\Internet
Explorer\Quick Launch
~~C
~~D
1ST
CFG
CMD
CNT
DATA
DESKLINK
DIALOG
DIR
DISABLED
DUN
DYNCMD
INCL
INF
INI
INK
IP
LIVEREG
LNK
MANIFEST
MAPIMAIL
MYDOCS
NAME
POLICY
PROPERTIES
REG
SCK
SECURITY
SELFREG
SHARED
TAG
US
USA
USERPROFILE
VCPREF
WINSYS
WIPEINFO
WIPESLACK
ZFSENDTOTARGET
b. Notice that this cannot restore a system, other
than for very minor
errors.
c. Notice 3rd party applications would not function or
corrupt system
data.
d. Notice the designers were prepared to take the
risk.
e. Notice how focus is given to maintaining user data
belonging to the
main user.
f. Notice that the main users psychology would be
reflected throughout
the system.
g. Notice that non-main users are dropped because
insufficient
information would exist to separate each user from the
main user,
however, the inverse is easily automated with
practice.
h. Notice how this system just eats resources.
i. Notice the pattern of behavior.
j. Notice this is by design.
k. Notice this is intentional.
17. Terminal Services
a. Notice this is enabled by default.
b. Notice 90% of end users would not know how to
disable it.
c. Notice that 90% of end users do not need this.
d. Notice how this traps people into windows using
clever manipulation.
e. Notice how Windows reduces the technical knowledge
of end users.
f. Notice how this provides entire access to your
machine, even
without your knowledge, using the 'latest expoloit'
(updated backdoor
access code).
g. Notice the pattern of behavior.
h. Notice this is by design.
i. Notice this is intentional.
18. Windows Time
a. Notice that it connects to either Microsoft or the
US military.
c. Notice how this transmits your IP address, in the
packet structure
of the IP protocol.
d. Notice how the ARP/RARP cache can be used to obtain
the MAC address
of the remote machine.
e. Notice how this gives both traceable (MAC ID
Resolution) and unique
identification to each node.
f. Notice that no information about this event is
provided to the
end-user.
g. Notice that this is a 'phone home'.
h. Notice this is by design.
i. Notice this is intentional.
You are therefore a number, not a citizen. :)
19. Wireless Zero Configuration
a. Notice how this exposes your Wireless network.
b. Notice how this can be 'tapped'.
c. Notice this was designed by 'security experts'.
d. Notice that even the hardware encryption is weak
'by design'.
e. Notice that wireless signals can be detected in
space, as they
propagate at the speed of light, the ionisphere would
only filter the
signal.
f. Notice that NASA broadcasts from Mars using less
than 0.0001 watts
of signal strength.
g. Notice that wireless broadcast are around 1 watt in
Europe.
h. Notice that this is 1000% more powerful than a
broadcast from Mars.
i. Notice we have no idea what is located in space.
j. Notice that exposing the network is the entire
intention.
k. Notice this is by design.
l. Notice this is intentional.
Conclusion
1. Consistant unique identification of end user.
2. Consistant profiling of hardware.
3. Consistant connection attempts to some form of US
based
'consortium' that uniquely identify each end node.
4. Pattern consistant with a large scale mapping &
psychological
information gathering process, of end users, on a
global basis.
5. Advanced Psychological Focus - Clearly adapted from
from cold-war
research in psycho-warfare techniques (advanced
embedded psycho-tropic
colour schemes). Collection, distribution and
'psychosis'
manifestation.
6. Consistant pattern of behavior towards security.
Windows is
designed to create 'highly specific' array of
companies. Specifically,
the IT security industry.
7. Consistant slow inclusion of 'subtle' features
aimed at end user
manipulation and the public acceptance of that
manipulation over time.
8. Consistant recording of end users 'habits' and
'personal
preferences'.
9. Consistant pattern of making these files
'inaccessable' to end
users.
10. Consistant pattern of collecting end user
information.
11. Consistant attempt to collected end user
information by the
deliberate introduction of 'highly specific flaws'
into the operating
system.
12. Consistant pattern of being 'done by design'.
13. Consistant attempts to hide this activity from end
users.
14. Consistant pattern of behavior matching covert
intelligence
gathering techniques.
15. Implemented long before 9/11.
16. Evidence would suggest the US has some form of
nuclear powered,
super-computer, processing center requiring parts on a
daily basis.
Groom Lake, Nevada? Alien cover story, strange air
activity nightly,
FAA restrictions on crash sites, etc?
==================================
related article follows
==================================
Microsoft chosen as exclusive Homeland Security
contractor
http://www.govexec.com/dailyfed/0703/071503h2.htm
July 15, 2003
By Shane Harris
sharris@govexec.com
The Homeland Security Department has chosen Microsoft
Corp. as its preferred supplier of desktop computer
and server software, according to a statement issued
late Tuesday. The move is a significant development in
the government's ongoing merger of 22 agencies and
comes as officials are selecting various technology
companies' products as de facto standards for the
department.
The contract "establishes a key partnership
relationship" between the government and Microsoft,
the world's biggest software maker, the statement
said. The department has purchased a license for about
140,000 desktop computers and is consolidating other
Microsoft agreements held by Homeland Security
agencies into the five-year contract. The deal is
worth $90 million.
Homeland Security employees' computers now will be
outfitted with Microsoft's Windows XP operating
system, as well as the Microsoft Office Professional
version of software products. And perhaps most
important to Homeland Security's mission to get
agencies communicating more easily, Microsoft will
provide the standard e-mail software for the entire
department.
Months before the Homeland Security Department was
established in March, officials labored over an
inventory of the various software, hardware and
network brands security agencies are using. Their
ultimate goal has been to select one company as the
sole supplier in each of several technology
categories, such as e-mail or desktop computers.
Microsoft's selection for such a wide range of
software products would seem to indicate that
officials have found those brands are used and favored
by the majority of security agencies.
Dell Marketing L.P, a division of Dell Computer Corp.,
also was chosen to provide "day-to-day management" of
the license agreement, the department's statement
said. The statement didn't disclose the value of that
deal. The Microsoft contract was awarded June 27.
=================================