US government officials could be working under cover at Microsoft to
help the country's cyber-espionage programme, according to one leading
The warning comes in the wake of the Flame virus that targeted key
computers in the Middle East, and in part used confidential Microsoft
certificates in order to access machines.
According to Mikko Hypponen, chief research officer at security firm
F-Secure, the claim is a logical conclusion to a series of recent
discoveries and disclosures linking the US government to 2010's Stuxnet
attack on Iran and ties between Stuxnet and the recent Flame attack.
“The announcement that links Flame to Stuxnet and the conclusive proof
that Stuxnet was a US tool means that Flame is also linked to the US
government,” Hypponen said.
It's plausible that if there is an operation under way and being
run by a US intelligence agency it would make perfect sense for them to
plant moles inside Microsoft
“This makes you think that this breach of Microsoft's update system was
done by the Americans and most likely a US agency, someone like the
NSA,” Hypponen said. “That must make Microsoft mad as hell that its most
critical system, used by 900 million of its customers, was breached by
The Flame virus used forged Microsoft certificates to gain access to
computer systems because it is one of the most trusted companies, with
any code-signing certificates from the company given white-list access
“It's plausible that if there is an operation under way and being run by
a US intelligence agency it would make perfect sense for them to plant
moles inside Microsoft to assist in pulling it off, just as they would
in any other undercover operation,” he said. “It's not certain, but it
would be common sense to expect they would do that.”
Microsoft hasn't offered a comment on the claims.
|_|0|_| Marti T. van Lin, alias ML2MST