NSA Trawls Crash Data For App Vulnerabilities – Report

The National Security Agency (NSA) is reportedly using a key tool in hunting down and fixing application bugs.

The spy agency supposedly uses crash data in order to remotely find vulnerable software within the companies and organisations it is monitoring.

Crash Data

The tool, known as Dr. Watson and developed by Microsoft, records information about the state of a Windows system when an application crashes. The service sends the crash information to Microsoft and has helped the software maker and third-party application developers eradicate many flaws that caused program instability.

Yet, the data has also been secretly collected by the National Security Agency using a distributed system of network taps as a way to remotely detect software vulnerabilities, according to a report published in Der Spiegel on 29 December.

By combining its ability to sift through large amounts of data and the fact that the crash reports are unencrypted, it’s entirely possible that the National Security Agency could collect information on the software vulnerabilities inside specific networks or companies, Alex Watson, director of research for security firm Websense, told eWEEK.

“Your typical organisation generates enough reports that over a period of time you can create a blueprint of what the vulnerable applications are on the network,” he said.

The NSA’s capability to dig into the application crashes of organisations worldwide comes out of a report in Der Spiegel documenting the NSA’s Office of Tailored Access Operations, a cyber operations group inside the agency which finds ways to get at the hard-to-reach information that the spy agency deems essential to its mission.

The report, co-authored by digital rights activist and security researcher Jacob Appelbaum, outlined the catalogue of capabilities offered by the TAO, including so-called “implants” – hardware devices and software programs designed to be secreted in computer systems or networks for surveillance purposes.

The ability to collect information produced by the crash reporting tool known as Dr. Watson gives the NSA and other potential attackers the ability to collect information on systems to which they have no access, Websense’s Watson said. In a detailed analysis of what information is provided by the tool, Websense warned that the data, while valuable, present a very real potential of data leakage because much of the information is uploaded without encryption.

Valuable Insight

“Applications that report this information without encrypting data risk leaking information at multiple points,” Watson wrote in the analysis. “This includes any upstream proxies, firewalls, and ISPs that are in between the corporate network and the destination as well as the application developer and their partner organisations.”

Microsoft is not the only company to collect crash dumps. Apple’s Mac OS X has a similar facility for sending information back to the company to improve the quality of software.

While companies may be threatened by the risk of data leakage presented by the spy agency’s alleged collection of crash dumps, the information can be valuable in detecting advanced attackers, says Websense’s Watson. Attempts at exploiting software flaws often lead to program crashes. This enables target organisations to determine whether a crash was caused by suspicious activities and allows them to set up defences against attackers, he said.

“These reports have been used to date to understand application crashes, but I think there is tremendous opportunity to use them to find indicators of attack activity,” he said.

What do you know about whistleblowers and their tech? Take our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

12 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

13 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

14 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

15 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

18 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

18 hours ago