Syskey

Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password

Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key that, by default, is stored in the Windows registry. Syskey can optionally be configured to require the user to enter the key at boot time as a startup password or load it on removable storage media (e.g., USB flash drive).

Syskey comes with Microsoft Windows, and was first introduced with Windows NT 4.0 SP3.[1] It was meant to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting useful information from it.[1] However, it is commonly being misused by scammers to lock victims out of their own computers in order to coerce them into paying a ransom.[2]

Syskey utility will be removed in Windows 10 Fall Creators Update and Windows Server "RS3" due to its weak cryptography and ransomware scams risks.[3] Microsoft recommends BitLocker as replacement.

Early vulnerability

In December 1999, a security team from BindView found a security hole in Syskey that indicated that a certain form of offline cryptanalytic attack is possible, making a brute force attack appear to be possible.[1] Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").[4] The bug affected both Windows NT and pre-RC3 versions of Windows 2000.[1]

Malicious use

Syskey has been abused for malicious purposes as part of technical support scams—a form of social engineering scam in which a cold caller, often claiming to be a Microsoft support agent, gains control of a computer using remote access software, and attempts to convince the user that they must purchase unnecessary "repairs" for it. The agent may invoke syskey in order to lock the user out of their computer if they do not pay.[5]

See also

References

  1. 1 2 3 4 Sabin, Todd (December 16, 1999). "bindview.syskey.txt". Packet Storm. Retrieved July 1, 2016.
  2. "SOLUTION: “This is Microsoft Support” telephone scam – Computer ransom lockout - Triple-S Computers Blog – Louisville, KY computer repair specialist". triplescomputers.com.
  3. https://support.microsoft.com/en-us/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window
  4. Khanse, Anand (March 9, 2012). "Use SysKey Utility to lock Windows computer using USB stick". The Windows Club. Retrieved July 1, 2016.
  5. "Tech support company with workers in India claims its 'good name' being ruined by scammers". Sydney Morning Herald. Retrieved 23 February 2017.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.