Forgot your password?
typodupeerror
Encryption Security

Enhanced Carnivore To Crack Encryption Via Virus 522

Posted by timothy
from the trust-us-once-again-ma'am dept.
suqur writes: "MSNBC has a story about a new Carnivore feature, dubbed 'Magic Lantern,' which arrives on a victim's computer in the form of a virus through email or well-known vulnerabilities. Magic Lantern uses keylogging to extract keys typed in, and sends them off to the FBI. This is similar to a story reported on previously, but taken one step further, allowing computers to be compromised remotely."
This discussion has been archived. No new comments can be posted.

Enhanced Carnivore To Crack Encryption Via Virus

Comments Filter:
  • Legal? (Score:5, Insightful)

    by aridhol (112307) <ka_lac@hotmail.com> on Tuesday November 20, 2001 @06:39PM (#2592819) Homepage Journal
    Does this mean it will now be illegal to use a secure system? Having any type of security/virus protection will be circumvention of law-enforcing software.

    And what happens if this "happens" to get installed on a foreign government's computer? Can we say "espionage"?
    • Does this mean it will now be illegal to use a secure system?

      Pending its approval, wouldn't that make the SSSCA illegal? :P
    • Re:Legal? (Score:5, Insightful)

      by Felinoid (16872) on Tuesday November 20, 2001 @08:15PM (#2593457) Homepage Journal
      Additionally what happends to ISPs and SysAdmin who automaticly filter e-mail viruses.
      Could someone go to jail simply for NOT running an e-mail virus?
      Could Microsoft, RedHat, Apple or Sun get in trubble for fixing a defect?
      Could the government ask Microsoft to install a back door then on descovery when Symantic patches Windows to CLOSE the back door or if BugTrap discovers it and a third party patches it.. Would the government sue for discovery or patch?

      And Linux hacks have been known to exist that (for security reasons) pretend to be known Windows back doors to employ known defects in script kiddy toolkits.
      The defects themselfs could be easy to discover just in the way the backdoor works.. "Ahh here the script kiddy has a file reception system were I can send ANY file I want... any size.. oh and a typical redundency compression system.... Let's see compression code.. repeate "0" for 16 gig.. ok thats 6 bytes than expand into 16 gig.. He's dead.."

      On the inverse...
      "In todays news known terrorist Al Be Dumbby was set free on a legal technicallity.
      The terrorist group 'born stupid' is now counter suing for infecting Al Be Dumbbys computer...
      Many suggest this lawsute is an act of intelegence and disproves the groups contention that the terrorists have an inherent right to be stupid.
      Others point out had Al Be Dumbby not clicked on the virus or used Windows to start with this wouldn't be an issue"
    • Re:Legal? (Score:5, Interesting)

      by trilucid (515316) <pparadis@havensystems.net> on Tuesday November 20, 2001 @10:40PM (#2593995) Homepage Journal

      I don't think it'll be illegal to use a secure system due to this, but I *do* think they're really asking for trouble if this thing "flies".

      WARNING: The remainder of this post may in fact be advocating "terrorism" under the new definitions put forth by the U.S. gov with respect to "computer crimes". Why am I logged in? Because, quite simply, they can kiss my A$$.

      Do you really think tens thousands of server admins would let this go without retribution? I for one sure as hell wouldn't. Invasion of my servers is, in my book, precisely the same as invading my home (maybe even worse). Okay, so how do we fix their little red wagon?

      Go HoneyPot on their asses. Set up a bunch up of machines all over the place to get compromised, and have firewall software monitoring the destination of the nasty outgoing packets. From there, use a P2P model to distribute the destinations of such data, and D-E-N-Y the living hell out of their servers. For added flair, you could always include repetitious, highly profane strings in your denial actions (use your imagination).

      I would especially advocate this concept for all technies living in various foreign nations whose citizens might get "bugged" by the our wonderful boys in blue. Yes, I am openly advocating retaliatory strikes against this sort of disgusting behavior.

      And I think it's damned well warranted. :(

      Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
      Yes, this is my protest to the sig char limit :).
    • Re:Legal? (Score:3, Funny)

      by Elvis Maximus (193433)
      "He that breaks a thing to find out what it is has left the path of wisdom."
      -- Gandalf the Grey

      "More importantly, he has violated the DMCA. Get him, boys!"
      -- Jack Valenti
  • Criminals? (Score:2, Interesting)

    by realdpk (116490)
    Bob Sullivan, I am offended. "The software, known as "Magic Lantern," enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement." Nobody I know uses encryption to hide illegal actions. Even the people I've caught doing illegal things don't do this.
  • Regardless of how some / many people here think about what they are doing, you have to admit that its very sexy from a technical perspective.

    I would love to meet the guy who thought this up.

    • Re:Awesome (Score:2, Interesting)

      This isn't sexy at all from a technical perspective. It's boring and passe. Keyloggers are old, as are trojans or viruses that install software on remote computers. I could throw one together from publically available code before I leave work today.

      The only thing at all newsworthy about this is that it's now being used to gather legal evidence. Tools like this have been around for years--now the government is just trying to make evidence gathered thereby admissible.

      Now, what would be techinically sweet is something like a van Eck phreaking, where you latch onto the radiation produced by your CRT and reproduce the scan. Some more info available here [shmoo.com].

  • AV software. (Score:5, Insightful)

    by nate1138 (325593) on Tuesday November 20, 2001 @06:41PM (#2592843)
    What are the odds that antivirus software could be updated to find this virus? It obviously couldn't be cross-platform either. And if the gov't somehow manages to pressure a/v companies into not including it in virus defs, what would happen if some malicious kiddie got hold of the code, and unleashed a much more destructive version, knowing full well that most machines were not protected? Who would be liable in that case?
    • Re:AV software. (Score:3, Insightful)

      by Brento (26177)
      What are the odds that antivirus software could be updated to find this virus?

      I think you have to look a lot deeper than that. Even if Symantec tells me that they're protecting me against this "virus", can I really believe them? And what happens after that, does Uncle Sam release version 2? If you're Symantec, do you really want to draw the wrath of the government to fight a virus that isn't, and get into a codefight with government agencies? AV companies might have some deep pockets, but they're no match for our tax dollars, if Ashcroft decides he wants to spend our money this way.

      This is the time when a foreign virus detection has the opportunity to jump into the limelight and steal some serious business from the big US AV companies.
    • Re:AV software. (Score:2, Interesting)

      by -cman- (94138)
      Well this is just getting silly.

      The virus has to be an executable attached either to a web page or an e-mail. The problems with this are manifest. In the case of e-mail, The Man either has to spam a whole universe of "suspects" or email a particular "suspect." In the case of a web-delivery, the "suspect(s)" must be induced to go to a particular web page. Unless of course The Man is going to force slashdot, Yahoo!, et. al. to load this baby. Many problems here.

      So, assuming they get past all these hurdles then they need to depend on the fact that the "suspect" who is clearly security-minded -- this is key-logging software that one supposes is desinged to capture encryption keys as well as URLS, etc. -- is not going to have his security settings set way up or in any other way notice the delivery of the virus payload. Again, big hurdles.

      Lastly, The Man depends on the "suspect(s)" not noticing any increase in network traffic as their every keystroke goes back out over the net as a transmission and ACK from the Carnivore box. One assumes that if the user goes into offline mode the wee beastie caches the data for later transmission. Another potential giveaway.

      Finally, at each of these hurdles the critter is subject to capture, examination and reverse engineering by "suspects", suspicious sysadmins and clueful civil libertarians. After that is is only a matter of time before the code is out of the bag so to speak and The Man then gets stuck in a vicious circle of re-coding and redeploying the critter to overcome defenses.

      In other words, it just doesn't make any sense. I can't beleive it would pass muster with any reasoably intelligent technologist in federal law enforcement let alone in the Courts.
    • by xsbellx (94649)
      "It obviously couldn't be cross-platform either."

      Kind of makes one pine for elm.
  • Firewall (Score:2, Interesting)

    by MstrFool (127346)
    Is it just me, or would any one else start to wonder about the aplication trying to get out through ZoneAlarm? any simple firewall would catch that trying to send data to the FBI and alert the person to the spying. Just watch how fast the system gets scrubbed when the 'crook' sees something like that. once again they forget that the people who are a real danger will have no truble getting around thier snooping, and worce, this one will alert them to the fact that they are being checked out.
    • Unless it works like the other outlook mail viruses, and simply sends an email, then deletes the evidence that it sent one. That should bypass a firewall just fine.
    • write it so it disables the zone alarm notify process.

      Now zona alarm simply will be "INFECTED" with the virus itself and shut down

      of course theres many ways of doing it, disable it, or clone it so the user never knows its shut down, simply have a little "fake" zone alarm process, fake zone alarm in the system tray and everything the only diffrence is its not zone alarm, its the virus.

      This is just too easy, this is basic hacking stuff that every programmer or hacker knows.

      of course, to the average person, this is magic, this is serious hacking.
      • write it so it disables the zone alarm notify process.
        Now zona alarm simply will be "INFECTED" with the virus itself and shut down

        This might work for some, but for many people the firewall that is protecting them is not running on their machine, it is running on a gateway machine. Perimeter firewalls are very common in business and also quite common for the home network. I watch my firewall logs and would certainly notice an outbound connect attempt on an unfamiliar port. Now, they certainly could connect through an already open port, masquerading as a email, http request or(ideally) a connection to port 443 on the remote server. If they used port 443, they could encrypt the stream and even if you were watching every packet go by nothing would look out of the ordinary. The outbound connection would look just like a normal HTTPS transaction, and additionaly be protected from prying eyes (yours and any networks it must transit before it reaches its destination). Hopefully someone will "catch" one of these in the wild, and we will be able to dissect it. I would wager it has some very interesting methods of sending the information and keeping hidden.

  • by Violet Null (452694) on Tuesday November 20, 2001 @06:41PM (#2592846)
    In other news today, the FBI was arrested en masse for violating numerous newly legislated anti-terrorist laws prohibiting compromising remote computers...
    • Silly rabbit! Our government MAKES the rules. They don't have to be held ACCOUNTABLE for those rules./sarcasm

  • by perdida (251676) <thethreatproject@ya h o o .com> on Tuesday November 20, 2001 @06:42PM (#2592856) Homepage Journal
    of the case against Microsoft by disgruntled federal employees.

    Mail-virus attachments are best contracted via Outlook or web mail clients; anybody with advanced security will not have a problem here.

    Unless the government starts persecuting people on Linux and *BSD systems, because they are inimical to the FBI's spying methods.

    Foucault's Panopticon, here we come..
  • As a licensed user of Norton AntiVirus, I would like to know when you are coming out with the latest version of NAV that allows me to get rid of this stupid virus known as "Magic Lantern".


    Please make the fix available as soon as possible, or there will be consequence - know what I mean?


    Joe Soprano

  • by intensity (118733) on Tuesday November 20, 2001 @06:43PM (#2592866) Homepage
    a) The FBI kicks in your door and installs Outlook

    b) You always open email with the subject "Snow White and the 7 FBI Agents"

    c) You run the attachment called "FBILOVESYOU.VBS" (and you run Windows, Outlook, etc)

    Blah, dumb communist FBI
  • Illegal search? (Score:2, Interesting)

    by easter1916 (452058)
    If it spreads in virus form, wouldn't that constitute an illegal search or wiretap? If it lands in a foreign government machine, wouldn't that constitute espionage?
    • Re:Illegal search? (Score:2, Interesting)

      by Rorschach1 (174480)
      The mass media don't know a virus from a worm from athlete's foot. It could be a targeted SATAN or ISS type tool, or a BO-type trojan. That might be the easiest... just control your target's web access, proxy everything they download, and covertly slip in a trojan with a convenient EXE...
  • This has got to be great PR for the anti-virus companies out there. I can see it now:

    ... and version 2.4.whatever of our product will protect all you criminals from the FBI!

    Does this mean that those not running windows will now be "suspicious persons" ?

    Cheers,
    -- RLJ

  • So now and then I see a conspiracy theorist say that the government is suspicious of nonconformist OS users...

    So what happens when it becomes virtually impossible to use M$ OSs for terrorism?

    Right, it makes us alternate OS users look suspicious.

    Mind you, I'm generally not that paranoid, but if you ever read the Washington Post [washingtonpost.com] check out today's (11/20) article about Bush's consolidation of executive power and think about his family *cough*dad's CIA*cough* and friends, and tell me it isn't a little worrisome.
  • by Violet Null (452694) on Tuesday November 20, 2001 @06:44PM (#2592879)
    It watches for a suspect to start a popular encryption program called Pretty Good Privacy. It then logs the passphrase used to start the program, essentially given agents access to keys needed to decrypt files.

    If this is true, then it would seem all you need to do to foil this latest slightly-hare-brained-scheme would be to rename pgp to something else, such as goawayfbi.
  • by fobbman (131816) on Tuesday November 20, 2001 @06:45PM (#2592897) Homepage
    Thanks to the FBI, a whole new market is now being pushed into exploring the world of alternative operating systems.

    Talk about a boon to the Open Source movement! Show the people (not just the bad guys) that Microsoft's numerous vulnerabilities can be used by Big Brother to monitor them. I can't think of a better way to boost Linux distro sales.

  • by Anonymous Coward on Tuesday November 20, 2001 @06:46PM (#2592912)
    The first thing that comes to mind is a flagrant violation of the DCMA.
    How does the government expect to work around this one? There are so many things that can go wrong...

    1. Probably OS-dependent. Remember: virii for one platform (i.e., Win) will probably not work for others. That was not hard to get around

    2. Human link involved. This virus will presumably be propagated via email, or some other form of trojan. Those who tend to use encryption tend to block this type of thing from happening to their machine anyway. Yet another reason not to open email/attachments from an addresser named "CIA" :P. That was easy to get around.

    3. Network link involved. Those who use encryption are usually savvy enough to detect extra packets flying from their machine to some unknown address, which would easily be identified in a reverse-lookup.

    My goodness, they are getting desperate, aren't they.
  • We can't do it, we can be jailed by showing a proof of concept, we're called terrorists if we give out proof of concept code, but the same people jailing us and calling us terrorists are doing it on purpose....

    That makes me think of alcoholic parents telling their kids not to drink while they are wasted 24hrs a day. Well even that's more logical, at least the kid CAN STILL make a choice, either be like his parent or be the total opposite..... whereas here...
  • Linux? (Score:2, Insightful)

    by matth (22742)
    So, would running Linux avoid this problem?
    Since it's vulnerablities in windows that seem to allow the FBI to get in, would linux be ok?
    In addition, is this legal? To break in using vulnerablities? Wouldn't that make the FBI in essence doing illegal things?
    This only works then because windows has security holes eh?
    • "So, would running Linux avoid this problem?"

      Short answer, no. Linux systems have vulnerabilities as well. It is not some magical 100% secure OS. Likewise, Linux systems are designed for remote access capabilities. Compare to classic MacOS, where there was no remote shell capability built into the OS. This part is an arguable point.

      Take a Windows system, and run Euroda instead of Outlook. That helps a lot.
      • Obviously. No software available today has 0 backdoors. But even so, the question is somewhat valid. They should have instead asked: "So, would running a really obscure OS avoid this problem?". And the answer is: depends on how obscure, and whether the FBI considers you important enough to spend time modifying their tools just for you and your OS.

      • Running a client OS is no defense, especially not MacOS- your going to download your email with some closed-source app, and thats when you get trojanned.


        On the other hand its possible to build a stripped down linux box running only a command line program like xmail- which you built yourself from source (add openssh and gpg). Plus you'd want a stripped down kernel with only the simplest possible feature set that runs on your hardware.


        You could even wrap the box, moniter, peripherals and cables in aluminum foil, if youre super-paranoid :)


        Cant do that with windows/macos or any large graphical modern proprietary os, period, because
        you cant trust the os, and you cant trust PGP commercial version.

        • Re:Short Answer: Yes (Score:5, Interesting)

          by interiot (50685) on Tuesday November 20, 2001 @08:13PM (#2593441) Homepage
          Even easier: use an encryption program that their virus doesn't know how to sniff yet. Their virus doesn't sniff all keystrokes (yet), just for specific encyrption programs. You don't even necessary need to change encryption schemes, just use a different front-end for typing in your password.
  • Virus Email (Score:5, Funny)

    by mESSDan (302670) on Tuesday November 20, 2001 @06:49PM (#2592936) Homepage
    The virus can be sent to the suspect via e-mail -- perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect's computer and insert Magic Lantern, the source said.
    Email Template:

    From: Bill@Slashdot.org
    To: Fred@Slashdot.org

    Subject: Magic Lantern.doc.pif

    Hi! How are you?

    I send you this file in order to have your advice.

    See you later. Thanks
  • A CERT advisory about 1337 h4x0rz in the FBI who are attacking the net with email worms...

    I wonder if mcafee etc will be updated to catch these viruses ;)

    If the FBI virus gets out of hand and e.g. destroys corporate, governmental, or military data, could the FBI be held criminally liable?

    Which individuals are writing this software anyway? That's what I'd really like to know.

    Software doesn't write itself, individual programmers do. So who are these individuals?

    My guess is they're hiding under a rock somewhere, too cowardly and ashamed to show their faces in public.
  • Being a bit pedantic here, but do they mean a trojan or a virus? I would be very worried if it were a virus as viruses propogate - in criminals it could spread from one criminal to another, so no problem there. But if it passed to an innocent user, who then passed it onto friends, I'm sure there would be a civil liberties outcry.

    I'm sure trojans must have been used for keylogging before. But won't using this mean getting a wiretap order? I also don't know how this system will cross jurisdictions: can the FBI infect a user in another country to get secrets? Sounds like spying to me, and it would ensure countermeasures from other governments and a change in computing systems to defeat the virus.

    I'm hoping that some antivirus company makes a scanning system to detect this 'virus' and eliminate it. Otherwise its a change to a more secure OS, or using GNUpg (they did only mention it working on PGP, didn't they?) could do the trick.
  • by Ardax (46430)
    You guys coming?

    But if the software is a virus (or trojan, or some other malware), wouldn't that make it a tool of terrorism?

    Does that mean we can have a military tribunal for the MIB? :-)

    This is sickening.

    Please, please, PLEASE, somebody tell me that someone will write a program to watch for this "Magic Lantern" and disable it, or at least warn the user that it's installed.

    Hmm...

    Oh, and by the by... To anyone who wants to make that "if you're not doing anything wrong..." argument, please send me pictures of your wife naked. Just put my address on the back of a 3x5 print, along with your credit and checking account numbers.

    Oh, that's private?

    Then f**k off and don't let me hear you say it again until you're willing to put your money where your mouth is.

    Quite rightly, I don't think that it's anyone's business to see the data on my computer, unless they have a real warrant and show up at my house with it. On the same token, I think that keyloggers should fall under wiretapping regulations. (Does anyone know if they do or not? Last I heard the FBI was trying to say that it didn't.)

    It's going to take a LONG time to fix the damage our government is doing. If we're lucky, some of us will live to see something akin to real freedom again. If we're not, well, we'll just have to make sure that the stories get passed down to our children.

    Maybe soneday I'll take the time to cohesively form my thoughts on this, but at any rate, I think y'all get the idea.
    • I always figured I'd flee if this thing ever happened, but as it turns out between varied treaties, and the WTO there is no place to go.
      I guess they learned from all the people that went to Canada to dodge the draft.
  • I'm wondering what it will take to beat Magic Lantern (at least, v1.0). Obviously, any criminal with the money to hire good IT will put preventative measures in place. The usual anti-virus precautions, preferably done manually or Open Source in case the FBI leans on Norton, McAfee and the rest to put blind spots in their software.

    I'm also wondering if you could rename/recompile PGP or other encryption software so that Magic Lantern won't trigger when it's activated. Also, entering a key without the keyboard (mouse clicks, off a .TXT file on a floppy, whatever...) would make keyboard logging useless.

    Other ideas?

  • by Elwood P Dowd (16933) <judgmentalist@gmail.com> on Tuesday November 20, 2001 @06:55PM (#2592988) Journal
    I'm sure that this is (-1, Redundant) by now, but...

    Are there any cases involving damage done to personal property in eavesdropping operations? That is, legal taps? Any lawyers here? I gotta imagine that this would be a very very dangerous thing for the government to get into. Not only could it cause damage to personal property, but if the suspect is smart enough to encrypt their stuff, they're going to be smart enough to know when they've been h4x0red by an email virus.

    This story makes a lot more sense if you remove every reference to "our sources" and replace it with "my little brother."
    "The FBI is developing software capable of inserting a computer virus onto a suspect's machine and obtaining encryption keys, my little brother told MSNBC.com."
    I believe *that*.
  • by AgTiger (458268)
    Store the encryption software on a non-networked machine (the encryption machine).

    Store the encryption keys on removable media that is never left with the encryption machine when encryption/decryption is not actively being done.

    Data in encrypted/decrypted form must be brought to the encryption machine via good old sneakernet (diskette).

    Extra bonus points if the entire operating system and software suite on the encryption machine lives on read only media, such as a CD-Rom.

    FBI Chief: What happen?
    FBI Grunt: Someone set up us the disk.
    • by Tackhead (54550) on Tuesday November 20, 2001 @07:16PM (#2593133)
      > Extra bonus points if the entire operating system and software suite on the encryption machine lives on read only media, such as a CD-Rom.

      Remember Ken Thompson's hack! You only get the bonus points if you compiled the OS (and CD-ROM burning software) from source on a compiler you wrote yourself ;-)

      • And you bootstrapped the compiler by hand... Otherwise, how do you know that the compiler that you used to compile your compiler didn't have an exploit?

        Holy crap, I get confused reading that last sentence, but it's semantically correct!
  • Note to self: build auto-gpg-encryption into xP [sourceforge.net].
  • The feds already used a third-party keylogger that could be delivered via email [pcworld.com]. It is called DIRT [codexdatasystems.com].

    I suspect the feature that makes this new keylogger more useful is that it is incorporated in their "DragonWare" suite of software, just like carnivore's lesser known post-processing programs Packeteer and CoolMiner [cryptome.org].
  • Allthough I do think we should remain open for news like this I also think it becomes a bit boring. I mean hasn't it allready been proven that if you need (tight) security you should not use Windows ?
  • Since this is sponsored by the government, and obviously is something that would be instantly picked up by anti-virus software, what are the possibilities of the government making deals with anti-virus companies to NOT detect Magic Lantern? After all, if one "victim" is running active virus protection, bye bye magic lantern.

    What about a search warrant?

    Random thought: There is probably already a back door built into windows for this purpose... the result of many meetings between the DOD, FBI, CIA, and microsoft.
  • DMCA Exempt (Score:2, Informative)

    by rsimmons (248005)
    Even though this sort of curcumvention measure is illegal under the DMCA for a private citizen, the DMCA also includes language that makes law enforcement exempt from these very laws.
  • covertly inserting code to gather information (or otherwise bash their box) onto someone's computer without their consent or knowledge is protected by our Bill of Rights!

    They need a warrant (last I checked) to search someone's house. They need a warrant to use wiretaps.

    Why is it that they think they can insert a 'virus' to log keystrokes? if this goes into the realm of Van Eck phreaking then I could understand (since van eck just picks up the stray emissions from your box...hmm, tempest anyone?), however, I still stand by the fact that *they need a warrant*

    if they want to check out my files on my computer, knock on my door, present a _proper_ warrant, and proceed. That's the lawful way. Dumping a virus on someone's box is just uncool, and in fact, should render anything gathered from said box inadmissable.

    of course IANAL...which is said all too frequently around these parts, any real lawyers care to comment?
  • What worries me is how long has this been out there?! I mean, this could have been out there for months, and if the US Government has leaned on the various Anti-Virus program makers in the US...this could have been going on for many months now.

    ttyl
    Farrell
  • This certainly explains why the gov't backed off of the MS case (beyond the economy-in-the-bucket angle). Combine this, the DMCA, the SSSCA, and the FBI not being held to be in line with the DMCA and SSSCA, and you have this:

    Only OSes with gov't-licensed security and DRM standards installed can be sold/installed/run legally. This means Microsoft, and possibly Mac. (I'm sure *BSD and Linux will be able to get certified, after going through a many-month/year-long certification obstable course and re-programming cycle). Backdoors will be inserted (if Magic Lantern isn't installed outright as a feature...)
    And naturally, reverse engineering any of this (to close the backdoor, fix/change crypto, remove the MAgic Lantern virus, etc.) is highly illegal.

    Anyone remember the sample dialog from a game included in the Paranoia! RPG? Let's revise:

    Hacker 1: "The MS Crypto API uses ROT13!"
    Hacker 2: "No way it could be ROT13! You lie! COMMIE!" *zap zap zap* (Hacker 1 dies)
    Hacker 3: "How can you know it wasn't ROT13?? You looked! COMMIEE!" *zap zap zap* (Hacker 2 dies)
    Hacker 4: "How do you know what ROT13 is? COMMIE!!" *zap zap zap* (Hacker 3 dies)
    Hacker 5: "How do you know that ROT13 is even cryptographic? COMMIE!!" *zap zap zap* (Hacker 4 dies)
    Hacker 6: "Ubj qb lbh xabj gung vg'f abg? PBZZVR!!" *zap zap zap* (Hacker 5 dies)
    Hacker 7: "You are SO dead." *zap zap zap* (Hacker 6 dies)
    (and so on)
  • And of course if you find that your system has been infected and you run an AV program on it, you are arrested for violating national security.

    That's like saying that the police have the right to break your window and then look inside from across the street. While a dozen other people climb through it, of course.
  • If the FBI is going to use methods like this,
    how long before the next Windows System Pack
    saves them the work by logging PGP passwords
    and sends them off by some mechanism pre-arranged
    with the FBI?
  • Can anyone tell me how having my passphrase obtained via keylogging will allow the FBI to unencrypt my private messages? Unless I'm much mistaken, you need my (well ok, the message receivers) private key in order to do that. I have never actually *typed* a private key, it is generated by gpg. If all this tool is doing is keylogging, they can't actually use the information gained to crack a key unless a) they get physical access to my machine or b) they install some other kind of virus that will start sending pgp data files as well.

    I guess they could just do a secret search of my house if they obtained the passphrase, but that's about it. If they did I would have those fsckers in court quick as a limpet.

  • Keyloggers and trojans are not impressive, Every hacker knows about this

    however i suppose the average fool who happens to be usnig encryption doesnt.
  • The FBI doesn't need a virus to do this, all they need to do is tell Microsoft they'll drop the charges against them if they agree to secretly include code to do whatever the FBI wants. How hard would it be to add a keylogger to Windows XP's millions of lines of code? Not hard. The hardest part would be transmitting the data, but with most people being computer-security ignorant that won't be a problem.

    What this really is is a way for the FBI to catch petty criminals. It will do absolutely nothing against professionals or anyone else who has a clue...
    • How hard would it be to add a keylogger to Windows XP's millions of lines of code? Not hard

      Of course it won't be hard. The hard part (for Microsoft, anyway) will be explaining what is going on to people when their PC suddenly blue-screens with a cryptic message about Big Brother. "bigbrother.vxd caused a General Protection Fault in module fbigov.exe at 3248:3489."
  • by MrResistor (120588) <peterahoff&gmail,com> on Tuesday November 20, 2001 @07:26PM (#2593197) Homepage
    ...as long as it requires a warrant before it can be used.

    Of course, anyone who would be vulnerabe to this is either a moron or doesn't feel that they have anything to hide, so it seems kind of pointless.

    Of course, the truely paranoid communicate with their computer using morse code with their space bar and scroll lock LED. I can see it now:

    Head of Investigation: "What have we got from the J Random Hacker log file?"

    Computer Specialist: "84,365,928 spaces, sir"

    • ...as long as it requires a warrant before it can be used.

      No, you're missing the point. If the FBI could get a warrant on you, they'd just require you to give them your passphrase, or just subpeona the information that was encrypted in the first place. The reason that the FBI needs this is because they know that they can't get warrants for what they want to do, because it's illegal and they have no probable cause for sticking their noses in your business.

      You know that if the FBI can't get a warrant for the information in the first place, they won't be able to get a warrant for this either, so what would they plan to do with it, other than break the law?

  • I guess they aren't if you are the fbi...
  • Step 1: Be an FBI stool pidgeon and send an infected document to your Mafia Boss.

    Step 2: His custom anti-virus software detects the virus.

    Step 3: You are fitted for some new cement loafers.

    Are they serious!?!?
  • Some people have said to use two computers, on on the net, and the other not connected. Encrypt and decrypt on the unconnected system, and use floppy or zip disks to move files to and from the connected system.

    But really, as long as the system you read email on isn't doing the actual en-/decrypting, they can both be on the net. Read email on one computer. Transfer files from and to the encrypting system over the network. This keylogging program, Magic Lantern, only works if the machine it infects runs the PGP program. It's useless if only the computer next to it runs PGP. Magic Lantern would still be installed on the email machine, but since it never runs PGP, it can't do anything. It can't perform keylogging on the encrypting computer, even if the two are networked. No need to use floppies.
  • by warpeightbot (19472) on Tuesday November 20, 2001 @07:38PM (#2593258) Homepage
    Well, the good news is that the FBI still thinks I'm stupid enough to run Windows.

    The bad news is sooner or later some idiot is going to lable Open Source a terrorist movement....

    Idea: Come up with an app that sits on the SMB port (139, is it?) and acts like a Windows box... I believe the word is "honey pot"? One could port-redirect one's firewall to an old 486 running this thing, so as not to overload the firewall itself, and use QoS to keep the bandwidth down... sort of a LaBrea... well, not sort of, I consider ANYBODY trying to sniff around my computers a criminal, badge or no.

    --
    Keep your laws off my Internet

  • by camusflage (65105) on Tuesday November 20, 2001 @07:58PM (#2593351)
    I received an email with the subject "Good Times", and I opened it. My browser popped open, and sent me to a site that had the headline, "See what really happens 'behind closed doors' when John Ashcroft and George Bush get together." My firewall picked up something weird, but I don't know anything about that, because I was already getting ready to format my disk.
  • Sand box system? (Score:3, Insightful)

    by Jumperalex (185007) on Tuesday November 20, 2001 @08:01PM (#2593362)
    Couldn't you avoid this by running your encryption software (aka PGP) on a non-networked computer? Then xfer the cyphertext via floppy. And if you don't physically secure a box then you are just asking to be compromised.

    No matter what they do they can't get at a non-networked box unless they physicaly break in and hack it and then again to retrieve the data (or transmit via radio waves). As for the networked box it never sees anything but cyphertext, no passphrases are used, and anything it puts on the floppy doesn't matter cause even if it gets on the sandbox it can't get anywhere.

    Oh sure they could get tricky, do things with floppy boot sector virii that will run in the sandbox, log and save to the floppy, then re-run once it detects a network connection, but to this non-programmer that seems 1) problematic and 2) pretty easy to avoid. maybe even use CD-R or CD-RW.

    Comments?

  • Just thinking on the technical side, using an email virus to propagate the FBI's monitoring tool is a good idea, but what about the social and economic cost of such an application.

    Think about this for a minute (beyond what you've already been thinking, if you've been thinking at all :))...

    Various viruses have caused billions of dollars worth of economic damage to countries, both inside and outside the United States. These are costs which are solely borne by the companies themselves.

    Microsoft has finally tried to ramp up their security awareness, and default settings, so there is some progress being made, however small. Meanwhile, companies are realizing the costs of viral attacks (and worm attacks) and are at the least paying to fix existing holes.

    Now, the FBI comes along and wants to use these "existing" holes to deploy their virus. But do these holes exist? Is this really an option? The FBI would have to be inventing new viruses, or Microsoft would have to leave portions of their OSes open to allow the FBI attack(s) through. Of course, that leaves room for other attacks...

    And people like me will either use an alternative OS to begin with (my Mac, or my Linux box) and/or secure their Windows box (and run as a regular use). I do not run virus scanning software on my Windows 2000 machine because I have (what I think are) good security practices:

    Outlook is fully patches

    I keep up to date on the Windows security patches

    I run as a regular user and thus cannot modify system files

    Javascript, etc are disabled in my browser

    I don't open README.EXE files

    So assuming the FBI wants to capture my keystrokes, how exactly is it supposed to work?

    Technically I think the idea has merit, but the economic cost of leaving system open for such attacks (from the FBI or script kiddies in Columbia) is going to necessitate patches which will stop the FBI's "Magic Lantern" in its tracks.

  • ... even with an insecure operating system

    1. boot diskless system from CDROM which contains image of operating system and encryption software, and your password protected private key
    2. physically connect system to network
    3. copy encrypted email messages to system
    4. physically disconnect from network5. decrypt email
    6. shutdown system
    (am I missing anything?)
  • All your 5kR1p7 are belong to us!

    All your keystroke are belong to us!

    All your exploit are belong to us!

    Move all keystroke, for great injustice!
  • by Puk (80503) on Tuesday November 20, 2001 @08:47PM (#2593602)
    At first I thought that this was just stupid, because no one running a reasonably secure system, keeping up to date with the latest patches, etc, would be caught by it. But then I thought: why rely on already known (and fixed) and other yet undiscovered holes, when you can roll your own?

    recently seen in #anti-trust:
    *** BillG is now known as GMoney ***
    <GMoney> How can we get out of this DOJ crap?
    <FBI> I have this "security patch" I'd like you to distributed through Windows Update. Say it fixes some hole using malformed URLs in IE5 and IE6. No one will blink twice. I'm not even sure most XP users can read.
    <GMoney> Will you put in a good word for me with the DOJ?
    <FBI> Sure.
    <FBI> DOJ: Let Microsoft go scott-free, or I post incriminating pictures of John Ahscroft and Hilary Rosen to usenet.
    <DOJ> Rokie dokie, baws.
    GMoney laughs maniacally.
    FBI laughs maniacally.
    DOJ tries to laugh maniacally, but chokes on the pencil eraser he was chewing.

    *poof*. Insta-hole. Security patches are worthless if you can't trust the source. And yes, this wouldn't work with non-MS OSes, especially decentralized open source ones. I hope.

    -Puk
  • by Anonymous Coward on Tuesday November 20, 2001 @09:50PM (#2593826)
    ...may have developed this software as part of his plea bargain. [mercurycenter.com]


    As you well know, Java inventor Patrick Naughton, an ADMITTED PEDOPHILE [zdnet.com] developed secret software for the FBI so he can get out of jail sooner and be out on the streets molesting girls again.


    ANYONE WHO MODERATES THIS DOWN MUST ALSO BE A PEDOPHILE

    Please check my facts and moderate up

  • by Courageous (228506) on Tuesday November 20, 2001 @10:50PM (#2594021)

    Surely they couldn't be planning on replicating it like a virus. Striking out a random and invading the computers of people they don't have authorization isn't just ethically suspect, it's a federal crime under current and highly visible law.

    C//
  • by Platinum Dragon (34829) on Tuesday November 20, 2001 @11:37PM (#2594129) Journal
    How many straws will it take before the people of the United States, the people who take pride in living in the "best nation on Earth", the "land of the free," stand up and say ENOUGH?

    Is a sense of security worth allowing Stalinist Russia to be reborn in America?

    How many straws, America? How many?
  • by mattr (78516) <mattr.telebody@com> on Wednesday November 21, 2001 @05:29AM (#2594941) Homepage Journal
    Just as guerilla and terrorist tactics are effective responses to contemporary warfare, networked resource scanners and some degree of AI will become part of the arsenal of cyber theives and soldiers.

    Problem is, as government-funded tools filter out into public networks it will spark a discussion of these tools in a public forum, which once they are decompiled and attack modes are diagnosed, will give tons of people the ability to launch more sophisiticated attacks. Either it's someone who reengineers it and hands it to script kiddies, or it's other organizations or nations which will feel an imperative to grab the next escalated technology level.

    Consider: the article says "levels the playing field with criminals" or something to that effect. It also means the FBI will use tools criminals use. It is easy to see this becoming espionage when used against a foreign firm by the FBI or by someone else who has appropriated their technology.

    Few firms have virus-busting firewalls or antivirus packages which can handle new attacks before they cause damage or hide in archived material. Perhaps the scariest thing is that if a new variant is created for a specific "sting", it could quickly take over many computers over a large geographical area (consider Code Red graphs) before antivirus manufacturers or the public at large come up with a patch. In the past there has been a chance at getting a patch before infection.

    But with the public funding a combination of email hole, pc based server, network scanner, key logger, and encryption program defeater, it seems that we are *very* quickly going to enter a much more dangerous situation than ever before.

    It is not possible that this technology will never be misused by the government.

    It is not possible that this technology will remain in the hands of the FBI.

    It is not possible that this will not accelerate worldwide efforts to provide more and more dangerous security-breaking software/services.

    Because it is so cheap to develop this kind of a weapon, it is my opinion that it is 100% likely that terrorists, multinationals, and national security organizations around the world *will* coopt this technology or will develop something identical to it (or more powerful) on their own. This is the part that scares me. No more Net! Who will ever install a binary from a public server? Who will ever trust interactive content and the plugins which it requires? Who will be trusted to hold the keys?

    The FBI is moving a physical wiretap capability highly limited by timing and resources, into a software wiretap regime of high speed, exponential viral growth, widespread destablization of security prior to a court order, and extremely low cost of deployment.

    This attempt to coopt the entire networked computing base as a wiretap infrastructure is the most dangerous force I can identify to the world economy and spread of the Internet in all facets of life. It is very hard to have reasonable security for most people at broadband speeds, but one could be forgiven for hoping that problems would be solved in time. Not when the crackers' growth metric takes off exponentially and leaves pro-security forces behind.

    I don't think I'd mind if this was used against the people who have attacked the U.S. In fact I'd be surprised if something more powerful wasn't used already. But now we are going to start getting a trickle-down of progressively military weaponry operating silently in our homes.

    The cat is out of the bag.. and the technology obviously already exists. The only choice we have is to promote some kind of open source, open science project which could have some hope of markedly improving security in general, could dampen the effects of for example thousands of concurrent Magic Lantern - style attacks from every part of the world. To me, an open, international project is the only way to protect computing in the future.

    The FBI already has plenty of tools, and there is no reason it can't improve its cyber attack capability without building such a dangerous system. I certainly don't want to protect the mafia. But unless proven otherwise I think we have to assume that things will get worse all around before they get better.

    If you want to see a simulation of the "gray goo" doomsday of nanotechnolgy, simply wait a few months for the next wave of network pathogens.

    We will not be safe until we have the U.S. and other governments on the side of the public, with a law against cyber-germ warfare and a well-funded infrastructure to combat cyber-pathogens which do appear with some kind of human and computer based immune system before we enter the age of the network-borne pandemic.

You know that feeling when you're leaning back on a stool and it starts to tip over? Well, that's how I feel all the time. -- Steven Wright

Working...