ARTICLE

Title: The Windows 10 Data Theft Architecture, Launched in 2015

Author: Charles Malone

Originally Authored on: Aug 21 2022
Modified on: Jan 15 2026

Summary: The Architecture of Windows 10 and how Microsoft has had the ability to steal your files, data, and intellectual property since its launch in 2015.



Please Support Our Effort

Spot.Fund/DataSecurityBootCamp

DataSecurityBootCamp.com/donate

The Architecture of Windows 10 and how Microsoft has had the ability to steal your files, data, and intellectual property since its launch in 2015

Alternate titles:

  • Why Microsoft skipped Windows version 9.0
  • Why the United States Pentagon willingly tried paying Microsoft $10 Billion in 2019/2020 for the JEDI/JWCC Program contract award, $4 Billion more than Jeff Bezos/Amazon bid for it
  • Why the United States White House can tell the world what Vladimir Putin's intentions with Ukraine are and what his mood is on any given day

There are other variations of this, but I think you get the idea...

I wrote a document that describes the architecture of Windows 10 and possibly newer versions, but its also a detailed description of my personal experiences since 2011 when my Texas DPS landlord at the time was taking data off my computers, and claimed he was a computer genius who had worked at the Pentagon. He was really upset when I finally figured out how to block his network access to my computer and locked his computer up as a side affect.

This history is needed to put the Windows 10 architecture in context to how and why I discovered this. Since the Texas DPS landlord experience, I've been researching Windows data security, though coding didn't start until about 2021, and have worked in the open side of a government program called the Raytheon Justice Program. Without being told, I determined this program develops and deploys OpenStack tools for all cellphone companies in the country and appears to be used for capture, parse, and examination of phone calls. Additional information to disclose is that between 2000 and 2015 I interviewed at a couple National Labs and learned bits of things that didn't seem significant at the time. But Raytheon was referenced by at least one of those labs as an undesireable vendor for the "communication" tools that had been developed, the OpenStack tools I presume. The government OpenStack installation requirement was also confirmed at a new telecom I interviewed with called Alcatel in DFW, who at the time was in process of determining the need for its placement on their network.

Further, The Obama mandate where government entities are not allowed to collect citizen data in 2016 was a pivot. Telecoms now have to get verbal or written permission from each customer for capturing their data, but telecoms don't disclose that data might still be exposed to government entities. I realized this when I upgraded my phone in mid-2016 where my cellphone company had me sign a data collection waiver in order so that I could get the device and new phone plan.

Subsequently in 2020, I was hired through a VAR into Verizon to research, design, and develop a network prototype plugin for a tool called Cisco Network Services Orchestrator. This device-on-boarding code was used to help with the on-boarding of network devices from two international telecomm companies purchased by Verizon: Tracfone(2020), and Vodafone(2014, and final purchase in 2020). One of them, Vodafone, has customers in 150 or so countries in Europe, including Russia, and other entities in Russia. And recently(2026), I realized Tracphone services Venezuela(referring to the US retention of Maduro).

After the Verizon job, which ended with a 30 minute notice on January 15th, 2021, "mysteriously" after I completed the primary work hired for, it seems that the tools I unknowingly helped develop were used against my personal computer as a test or possible retaliation for events that occurred in the Justice program, specifically coming from Verizons v0cdn.net. There have since been various connections to and retaliation from Justice and Verizon which I will refer to as "Economic Retaliation" which have occurred repeatedly since the Verizon role and are described liberally in my full document. Without this specific attack against my personal computer, I wouldn't have had the material to reverse-engineer, or to create SSD backups of over 50 drives to create checkpoints and analyze in a systemic fashion. Thank you Damiano.

Also I've described what appeared to be changes to the Microsoft/Verizon Windows infrastructure(as experienced from my personal computer at least), which occurred within two weeks after providing a detailed whistle-blower document to my Congressional Representative in 2022, but unless you were deep into the research as I was, you wouldn't recognize it. I don't believe my Congressman had anything to do with the apparent infrastructure changes, as part of the Windows 10 architecture ability appears to possibly intercept your email(or allow access in another way). Within a month after this, I was able to make a few more changes to my custom data security tools but was frustrated with a lack of results I was expecting.

I then went back to something in Windows I'd noticed during my research in 2021 and finally located something unexpected, but it was the smoking gun I'd been seeking. On July 31st, 2022, I started making configuration changes that provided results needed and I now have what I believe is the proof this document title and alternate titles provide. Windows is a virtualized hypervisor installation that can be accessed by Microsoft, and anyone they give access to, and because of the JEDI/JWCC Pentagon contract, government entities, at anytime without the computer owner's consent or knowledge, including any Windows systems anywhere in the world. Do understand, their are components of this data collection program, and some characteristics seen on my windows test system, I also have seen on Linux installations. Oracle, part of JWCC, contributes to the Linux kernel development and naughty things is well within their abilities.

And it only took me 21 days from first changes attempted on that July 31st day to get results I sought. One of the reasons for the exposure of this information is that I simply asked the Justice program director to please have my teammates quit vaping at their desks because their exhaust and exhalation was giving me congestion. Vaping in the workplace was and is still illegal in Texas. There are other reasons, too, such as my team members retaliation.

A few features of the Windows 10 architecture that I've been able to discover include:

  • Email interception as mentioned, though still looking into this
  • Capture of your files when you edit or manage them offline, using MSMQ for the delivery mechanism when you go online
  • A steps recorder to take screenshot images of your activities offline
  • A WebDav web backdoor into your computer
  • An IIS web server with FTP capability
  • Remote Access/Remote Desktop Services with RDP enabled, even on windows Home
  • The hypervisor host which you never see or have any control over
  • SMB server on the hypervisor host to gain access to your share data and computer file system
  • What appears to be a SMB/Samba direct access application
  • A phone home mechanism to a range of Verizon IP addresses which allows getting around your firewall(s) since your system is the one initiating the connection(s)(i.e. outgoing connections)
  • NFS over Internet from hypervisor host to connections made from AkamaiTechnologies and other CDNs on the investigative side of Verizon
  • Some type of remote filesystem of unknown purpose
  • A client syncing application for unknown purpose
  • Peer to peer networking client
  • Terminal services with extensive control mechanisms for things such as USB redirection command line tools and application server Many of these could certainly have dual purpose both on the hypervisor host and legitimate use on the guest container you have access to as the computers owner. It turns out some of these items are duplicates and some are innacurate as the truth is Windows Services can be tied or bonded to any of the many virtual network interfaces that are setup on a default system initially.

For example, Shares can be bonded to a virtual interface which then gives the remote user of your network interface, access to all drives and files on your computer, even from half-way around the world if that's where they initiate the connection from. A simple way to think of a hypervisor host is the idea of Microsoft putting a single Amazon or other type of cloud container on your computer, that they control and can access at any time they choose and only give you console login to use it. I was able to determine this as I found a Microsoft tool they had tried eliminating, and did from their own website, but I located it on another tools server location. More to share about this later.

Some specific things to take note of that this technology could allow: Microsoft can "acquire" intellectual property from any of their competitors to gain an unfair advantage. Microsoft could peek in on Wall Street financial markets to gain an unfair advantage on stock investments or sales in case of market problems. Microsoft could change votes on Windows based voting machines specifically if the machine(s) don't have a paper trail printout, exactly like what some people described happened during the 2020 elections, of which I saw at least two reports, and further in October 2022.

This does NOT include injecting votes by dead people, foreign voters, or other accusations of duplicate vote fraud. Peeking in on other governmental entities outside the United States seems also possible. The list is endless. If you do something on a Windows system whether online of off, your activity, data, communications, etc, could all be acquired if you are a target.

And one thing to clarify. The reference to Microsoft is generic. It could be a reference to anyone else given access to this technology, such as a government, a "friend" of Microsoft, someone who pays for access, people who have access to this technology and use it for personal means such as I've described with Raytheon and Verizon. I have specific examples of incidents to corroborate my claims. And remember this Windows 10 architecture was launched in 2015, five years before the Pentagon solicited bids from defense contractors for the JEDI/JWCC program. This is all why the Pentagon awarded Microsoft their $10 Billion asking bid price, $4 Billion more than the next closest lowest bid by Jeff Bezos and Amazon.

There's much more to this.

------------------------------------------------------------------

"Never interrupt someone doing what you said couldn't be done." -Amelia Earhart

References:

  • None

Related:

Please Support Our Effort

Spot.Fund/DataSecurityBootCamp

DataSecurityBootCamp.com/donate