FBI Asks McAfee To Turn Head, Virus Detecting Software Coughs Obligingly
"Although the news of the FBI's evolved carnivore plug-in 'Magic Lantern' has been around for a week, McAfee has apparently just come out saying that it's software will not detect and alert its users to Magic Lantern's presence on their hard drive," mreowmix writes. "In a clever bit of programming, the FBI has created a virus like bit of code that sneaks onto systems via an email attachment. Once opened, the beauro-bug will then log keystrokes and send them back to headquarters for analysis. I guess McAfee was just impressed with this internet verite innovation enough to not want to stand in the FBI's way?"
More links and stuff here: http://www.plastic.com/article.pl?sid=01/11/25/2031258&from=rdf
FBI software cracks encryption wall
‘Magic Lantern’ part of new ‘Enhanced Carnivore Project’
By Bob Sullivan
MSNBC
Nov. 20 — The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as “Magic Lantern,” enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files.
http://www.msnbc.com/news/660096.asp?cp1=1
FBI's 'Magic Lantern' snooping technology old hat
By Robert Lemos, ZD Net
A new tool reportedly being developed by law enforcement agencies to remotely install surveillance programs on a suspect's computer is little more than 3-year-old hacking technology, security experts say.
Earlier this week, MSNBC reported that the FBI was working on a computer "virus" to install key-logging programs and other surveillance software onto a suspect's computer.
Yet if the details of the report are correct, the technique doesn't use a virus, but a Trojan horse, a program that acts without the person's knowledge.
"The technology has been around a bit," said Vincent Gullotto, director of Network Associates' antivirus emergency response team. "It seems like the FBI is just trying to see if they can come up with different options and ways that electronic surveillance can be done."
Calling the technology "Magic Lantern," the report stated that the intent of such software would be to remotely install a system that logs all keystrokes sent to a PC to obtain data and passwords.
The idea is old hat, said Fred Cohen, a security practitioner in residence for the University of New Haven. "It's not a very clever or novel thing," he said.
FBI representatives could not be reached for comment.
Cohen has taught law enforcement and industry security professionals many ways of collecting digital evidence. When such evidence is encrypted, the officer needs to work around the crypto system, not try to break the keys with computational muscle, he said.
"You want to go after the keystrokes," he said. By capturing the keys typed by a person, then law enforcement can learn the password used to unlock encrypted documents. If they tried to use computational firepower instead, cracking the code could theoretically take years, if not centuries.
For that reason, Cohen suggests that hacking tools be used. "In my class, I teach how they could use a Trojan horse to go after the keystrokes," he said.
Several hacking tools, the two most popular being Back Orifice and SubSeven, allow full control over a remote PC infected by the program, including keystroke logging and even recording a conversation if a microphone is connected to the PC. Both programs have been incorporated into Trojan horses and are several years old.
In fact, the FBI has already used similar, if more limited, surveillance software in at least one high-profile case to obtain a secret code to unlock encrypted files on the computer of Nicodemo S. Scarfo, a suspected mobster in the Gambino crime family.
In details unveiled by an affidavit in the case, the FBI installed a key-logging system on Scarfo's computer during a search of his office.
U.S. Rep. Richard Armey, a Texas Republican, sees such techniques — and their remote installation — as a better deal for citizens than Carnivore, the FBI's controversial e-mail surveillance system.
"The way we look at it, this may be better than other available tools," said Armey spokesman Richard Diamond. Where the Carnivore system — renamed the DCS 1000 — has access to an entire data stream and could potentially spy any traffic on that network, the so-called "Magic Lantern" technology would only be installed on a single PC.
"If Magic Lantern is as described, then it is a rifle-shot attack on a suspect," Diamond said, compared with Carnivore's shotgun blast.
One danger is that evidence-gathering tools such as Magic Lantern are not well defined in law. The technique could lead to unsupervised surveillance by law enforcement, because it's unclear whether any laws requiring oversight apply to the situation, said David Sobel, general counsel for the Electronic Privacy Information Center, a Washington D.C., policy think tank.
"This is more problematic than a traditional wiretap, because suddenly you are removing the communications provider from the equation," Sobel said. A wiretap order has to be presented to the phone company to connect to their network and snoop an individual's line. Even the Carnivore system requires the help of the Internet service provider to install it.
While Armey successfully added an amendment to the USA Patriot Act — a far-reaching package of surveillance laws passed last month — to provide oversight of the use of Carnivore by the FBI, it would not apply to Magic Lantern, Sobel warned.
"We don't know what this is capable of and whether it is being used properly," he said. "There may be no way to stop this from being installed on a computer."
http://www.usatoday.com/life/cyber/zd/zd1.htm
Yachyd Da
Kent
(added a few more)
I need the new KM's as they come! Please send me scans!
Daily News On The Watchtower and the Jehovah's Witnesses:
http://watchtower.observer.org