My friend Trevor tells me when he downloaded the recent DirectX ‘critical update’ from Windows his firewall prompted a puzzling message.
I’m going to pass his inquiry along as I’d like to know the answer as well.
If you choose to install the update you download a setup file from download.microsoft.com (nothing abnormal about this), this setup file then runs and downloads the various components that make up the upgrade from www.fbi.gov
I only realised this when my firewall asked me for permission to connect to port 80 at www.fbi.gov
Why is the FBI acting as a download source for a Microsoft program?
A quick search of google didn’t help.
Does anybody know why the FBI is acting as a fileserver for Microsoft? And just how far does this relationship extend?
This is really curious, indeed. I posted it on my blog, as well, and nobody seems to be able to tell what’s going on.
Did you friend try writing to Microsoft?
Trevor and another friend have come up with this much so far…
[Anti-State]
Did a little reasearch and found that http://www.fbi.gov is an alias for fbi.edgesuite.net which is an alias for a33.g.akamai.net. Akamai is a company that does a lot of e-business solutions for the US Government and hosts http://www.fbi.gov. Microsoft has also bought part of Akamai specifically for multimedia applications. Edgesuite (fbi.edgesuite.net) is an Akamai product.
So it could be possible that Akamai is hosting some of the DirectX downloads and for some reason (the DNS?) the host shows as fbi.gov.
Does your firewall software have a logfile that you could review, specifically for that instance?
***
Did a little more research and found out that download.microsoft.com (where it was probably downloaded from) also shows as residing on an Akamai server. Still don’t know why it showed fbi.gov though…
[Trevor]
Unfortunately I didn’t think of keeping the logs at the time. They have since been over written.
The upgrade has two stages you download a program called DXWSETUP.EXE from download.microsoft.com, this is the install program. It then makes a connection HTTP to http://www.fbi.gov port 80, or at least that was the connection my firewall asked if I would allow.
Thanks for the Akamai tip Anti-state, they are the link between Microsoft and the FBI. It seems that Akamai provide a distributed network for handling those periods of sudden increased traffic to a site. If I read correctly, if there is a sudden increase in traffic to a site Akamai’s Edgesuite software shunts the traffic through other servers in its network.
While researching the Microsoft/Akamai/FBI connection I did turn up some interesting findings. The following web page is a good starting point. The allegation, however, that McAfee approached the FBI in an effort to avoid it’s antivirus programs detecting the FBI’s eavesdropping programs has been denied and all links to the original news articles are now dead.
http://www.pingmeplease.com/paranoid.htm
*************
It seems to me that it would still be strange for the file source to be the FBI. And I think that Canberra, which showed up as the final source on Trevor’s trace, is the spy station in Australia, but I could be remembering incorrectly and haven’t researched it yet.
I’ll ask him if he’s written Microsoft yet.
Why can I not run Microsoft Critical update?