• placebo@lemmy.zip
    link
    fedilink
    English
    arrow-up
    43
    ·
    2 days ago

    Now for the version in plain English: Sign into Windows with a Microsoft Account, and a server assigns your installation a permanent ID number. Windows stores it locally, several background services read it, and it gets stamped onto activity your PC reports back to Microsoft.

    Wait. I understand that this ID is used for Windows <> Microsoft communications. How did it escalate them to knowing that this ID was used to visit ngrok and the retailer’s website? Does Windows report website visits? Does it append this ID to HTTP requests? Or what’s the connection here?

    • ExLisper@lemmy.curiana.net
      link
      fedilink
      arrow-up
      6
      ·
      22 hours ago

      My guess is oauth. He basically used fake Microsoft account to access services during the hack and them used his actual microsoft account to access something else. He used VPN for the hack but he connected from his actual IP to the second service. The only thing linking those was the GID. So they figured out his actual IP address and checked other logins from this IP around the same time and found out his other accounts.

    • RainbowBlite@piefed.ca
      link
      fedilink
      English
      arrow-up
      40
      ·
      2 days ago

      The connection is that Windows records everything you do. So the FBI asks for every Windows user who accessed a specific site around a date/time and Microsoft can provide that.

      You accessed a site over VPN? Your ISP has no idea it was you, , and the VPN didn’t keep records, but Windows recorded that and sent it back to the mothership with your unique identifier.

      • Honytawk@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        30 minutes ago

        Where did you read that?

        Windows does not record everything you do, and especially does not link everything to an ID. Only the MS authentication and MS store stuff uses this GDID.

        The GDID isn’t even linked to your name if you don’t use a Microsoft Account. The FBI had to jump through hoops to get the information they wanted and only managed to do so after 4 separate instances where they tracked every social media the guy owned and compared it with logins that happened.

        The FBI can use any form of ID to track, and if Linux had a store it could use that ID as well.

      • angband@lemmy.world
        link
        fedilink
        arrow-up
        17
        ·
        2 days ago

        Exactly it, and their claim that it is stored with bitlocker level encryption is obviously meaningless if they have the keys.

        • 4am@lemmy.zip
          link
          fedilink
          arrow-up
          35
          arrow-down
          1
          ·
          2 days ago

          Fun fact, windows 11 backs up your bitlocker private key with Microsoft if you sign in with a Microsoft Account.

          There’s a database somewhere with every bitlocker key to almost every Windows 11 device on earth.

          I’m sure they let the NSA and the FBI right in. The CIA probably has sleeper agents working devops at Microsoft so they don’t even need to access it procedurally. $10 says Israel can access it too, because why the fuck not.