
32TB of Windows 10 internal builds, core source code leak online - manirelli
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
======
driverdan
Looks like there's some debate as to whether or not this has been exaggerated:
[https://www.betaarchive.com/forum/viewtopic.php?t=37282](https://www.betaarchive.com/forum/viewtopic.php?t=37282)

So far I haven't seen any links to source code.

Quote from one of the admins:

> Yes I have no idea where they got the 32TB stuff. We had a big leak of Win10
> builds yes, but these were all Windows Insider stuff that were collected
> over time available to all Windows Insider members at one time or another.

Edit: BA's official statement:
[https://www.betaarchive.com/forum/viewtopic.php?f=1&t=37283](https://www.betaarchive.com/forum/viewtopic.php?f=1&t=37283)

~~~
diodesign
Hiya - I wrote the article. What's happened is that the Beta Archive folks
have now deleted (or in the process of deleting) the private material that was
uploaded to the BA FTP. There most definitely was non-officially-released
internal Microsoft files in the archive, regardless of BA's intentions, such
as the Shared Source Kit, the ARM64 Windows Server build, the Mobile Adaption
Kit, and various prerelease versions of Windows.

We've updated the story to explain why things aren't what they seem.
Essentially, the files at the heart of the matter were there (we screenshotted
them and saved copies of the forum posts) at time of writing, and they were
removed later on Friday.

In terms of the 32TB: that's the full decompressed dump of Windows files
uploaded to BA. From what I understand, Microsoft hasn't released 32TB of
public Insider material, so obviously there's extra sauce in the mix.

That includes, yes, copies of officially released Insider builds plus
confidential private stuff that should never have left Microsoft, let alone
turned up in BA. We make this clear in the story - I'm starting to feel the
headline could have been better to make this clearer rather than grabbing the
biggest figure. I am beginning to regret this.

BA can twist and complain all it likes - but stuff that was confidential
within Microsoft ended up in their FTP archive (and some is still in there,
such as the ARM64 stuff). The next stage of this story will be to uncover how
exactly did this material escape Redmond.

C.

~~~
ryanlol
Clarify the 32TB and 8TB figures please. People with access to the archive who
successfully downloaded the confidential stuff did not get nearly that much.

Do you consider windows installation images to be "compressed files" in this
context?

~~~
diodesign
Compressed, it is ~8TB. Fully expanded it is ~32TB. I think the bigger issue
is not the final size, but that internal Microsoft material - particularly
source code - has escaped into public FTP. That, to me, is the main thing,
right?

C.

~~~
ryanlol
>Compressed, it is ~8TB.

But what data does this 8TB refer to specifically? Is this the source + all
the windows builds from a plethora of sources? Did you download 8TB of data
from BA and expand it to 32TB or was this a figure provided to you by one of
the raided hackers or their associates?

>think the bigger issue is not the final size, but that internal Microsoft
material - particularly source code - has escaped into public FTP

Happens regularly, although usually it's MS employees leaving stuff in public
FTPs or inside released ISOs, updates, whatever. redmond\ domain is huge and
the (accidental or not) leaks never stop.

~~~
withinrafael
It's ~8TBs of deduplicated Windows installation media. The Shared Source
Initiative material only amounts to ~1.2 GB, if that.

------
80211
This is a gross exaggeration. As far as I can see, what "leaked" was the
"shared driver source kit" that nearly any hardware vendor (like chipset
manufacturer) can get; basically anyone who puts up a few thousand bucks and
signs an NDA.

------
joe_the_user
If nothing else, it would be interesting to compare code quality of this with
leaks of much earlier Windows source files.

------
15charlimit
Does this mean an individual could actually get their hands on the fabled
Enterprise LTSB edition and thus actually have control over updates?

~~~
64738
All I did was change a registry setting (or maybe it was a gpedit) to prevent
automatic reboots. That was enough for me though, as I didn't appreciate my
running apps being shutdown during the night.

~~~
oneweekwonder
Can you maybe recall exactly what u did to stop your computer to automatically
shutdown(and up)?

I "resolved" the issue by dual booting. The second os(prev ubuntu, going to
deb) changes something that takes away win ability to automagicly turn on my
machine for updates.

------
nikanj
The unstripped binaries are a huge benefit for non-black-hat developers too.

~~~
gruez
Microsoft actually provides symbols for most windows components through its
symbol server.

~~~
bitexploder
The private symbols in these builds could actually be very useful. The article
alluded there were private symbols. So, even if only 1% of the overall windows
code was leaked, if there were, say private symbols for the heap allocator of
the kernel, for a practiced reverse engineer that is pure gold. Not as good as
code, but a hell of a lot better than having to figure everything out and name
functions and symbols themselves.

~~~
monochromatic
What kinds of private symbols aren't served by the symbol server?

~~~
my123
All of them. The server serves public symbols. Private symbols have structure
info and even local variable names, which are very useful.

------
phaed
This will make Windows less secure in the short term, but as good and bad
actors find bugs and Microsoft patches them, they will end up with a hardened
product. Their OS is now effectively open-source.

~~~
my123
It's only some core kernel and driver code, lower than 1% of the codebase.

~~~
dsl
Yup. It's the Windows Shared Source Kit, which is already mostly public. Many
of the big security firms and government agencies already have licences to the
full source code anyway.

The only thing this really gains anyone is it possible some non-public debug
symbols might have been left in some builds. Not earth shattering.

------
ryanlol
[http://www.bbc.com/news/technology-40366823](http://www.bbc.com/news/technology-40366823)

Dead man's switch?

------
blunte
Given the other article I read today about US companies bowing to Russian
requirements to review source code, I wonder if MS has also already given away
code that can be studied for security gaps.

~~~
Laforet
Microsoft indeed make their sources available for review by major customers
including governments. From what I heard this is done under NDA and reviewers
are forbidden from taking the code away from MS facility.

------
jaimex2
I guess Microsoft really were serious about going open source.

------
drenvuk
Looks like the page where the source kit was listed was altered since the
screenshot that's in the article was taken. I hope the files surface
somewhere.

------
palakchokshi
Can't imagine this was due to a hack of their systems. Seems more like an
(ex)employee took a data dump and released it. Or it could be spear fishing.

------
chris_wot
If you develop WINE or ReactOS do NOT look at any of this code.

------
kristofferR
Can someone with access take a more comprehensive screenshot of the contests?

------
throwaway201706
Throwaway account for obvious reasons. Does anyone have a link to the leaked
data?

At this point avoiding links is pointless as the source code will be
essentially public knowledge in matter of days/weeks. Damage control is the
only strategy left. The sooner security researchers outside Microsoft can
start analyzing and reporting vulnerabilities, the better.

~~~
notyourwork
Not understanding why this comment needs a throwaway account?

~~~
BoiledCabbage
Maybe he doesn't actually want it to research purposes, and actually wants a
quick and easy way to find it for other less noble purposes.

He never actually stated he wanted it for security, just left it easy to
imply.

------
Animats
It seems that the "leak" was what you need to develop a driver. You can sign
up for MSDN and get that, right? Does that come with the $3000/year it now
costs to subscribe to MSDN?

------
xefer
I must be possible to determine when this code was collected by matching the
files to version control time stamps.

I wonder if that could be used to narrow down who pulled the code during that
window.

------
tzakrajs
Just imagine if the source code for SMB was let loose.

~~~
rogersach
They're disabling it later this year, so I wouldn't go that far.

~~~
kristofferR
Just the outdated SMBv1 of course, SMB is still very much supported and in
constant development.

------
whatnotests
Links or it didn't happen.

------
westmeal
Looks like the WINE developers are going to have the time of their lives.

~~~
guiambros
Quite the opposite. WINE developers will have to go an extra mile to avoid
getting anywhere even remotely close to the proprietary source code, otherwise
they may get sued for copyright infringement -- even if they didn't
intentionally copied any of the code.

~~~
43224gg252
1\. How would Microsoft prove that they saw the code?

2\. If microsoft sued wine devs it would be horrible for Microsofts public
image. They won't do it.

3\. I hope the WINE devs don't listen to you.

~~~
jcranmer
> 1\. How would Microsoft prove that they saw the code?

Get the court to order discovery on all of your computers. They could probably
also get subpoenas for the source code hosting sites to reveal relevant access
logs. Or someone could admit to reading the source code someplace public, like
a bug tracker. Or they could argue that the choice of variable names and minor
details of algorithm details are too close to be coincidence. A jury convicted
Google because of rangeCheck, after all.

> 2\. If microsoft sued wine devs it would be horrible for Microsofts public
> image. They won't do it.

No it wouldn't, particularly not if they had a strong case (e.g., someone
bragging about it). If you think MS looks bad for suing people for stealing
the code, then you'd have to think the FSF looks bad for suing people for
violating the GPL and stealing the code of, say, Linux.

> 3\. I hope the WINE devs don't listen to you.

I hope they don't listen to _you_. The repercussions are quite large--it's not
unimaginable that shutting down the WINE project could result from a lost
case. These cases do happen, and defendants do lose (Oracle v. Google is a
notable recent one, and that's based on IMHO fairly weak evidence). There's a
reason that projects that do major reverse engineering for interoperability
have rather elaborate procedures for doing so.

~~~
yjftsjthsd-h
> you'd have to think the FSF looks bad for suing people for violating the GPL

I agree with your, but there are people who argue this.

~~~
Spivak
And I'm one of them. We don't want to alienate the already small number of
people who develop Free Software. I would rather see companies who violate the
GPL comply rather than seek damages. Actually bringing a suit, in my mind, is
basically the nuclear option.

------
justforFranz
America better get its act together about computer security.

~~~
microcolonel
As opposed to whom? Britain? Germany?

------
dep_b
A new bold step in Microsoft's Open Source endeavors!

------
jdubs
I guess windows 10 is now open source!

