Enhanced Carnivore To Crack Encryption Via Virus 522
suqur writes: "MSNBC has a story about a new Carnivore feature, dubbed 'Magic Lantern,' which arrives on a victim's computer in the form of a virus through email or well-known vulnerabilities. Magic Lantern uses keylogging to extract keys typed in, and sends them off to the FBI. This is similar to a story reported on previously, but taken one step further, allowing computers to be compromised remotely."
Criminals? (Score:2, Interesting)
Firewall (Score:2, Interesting)
Firewall (Score:1, Interesting)
Illegal search? (Score:2, Interesting)
Re:Illegal search? (Score:2, Interesting)
Re:I've said it before and I'll say it again... (Score:2, Interesting)
4.1 was vulnerable
http://www.securityfocus.com/archive/1/16269
and I know that 4.21 was vulnerable to a different exploit, but cant find the URL atm
Re:AV software. (Score:2, Interesting)
The virus has to be an executable attached either to a web page or an e-mail. The problems with this are manifest. In the case of e-mail, The Man either has to spam a whole universe of "suspects" or email a particular "suspect." In the case of a web-delivery, the "suspect(s)" must be induced to go to a particular web page. Unless of course The Man is going to force slashdot, Yahoo!, et. al. to load this baby. Many problems here.
So, assuming they get past all these hurdles then they need to depend on the fact that the "suspect" who is clearly security-minded -- this is key-logging software that one supposes is desinged to capture encryption keys as well as URLS, etc. -- is not going to have his security settings set way up or in any other way notice the delivery of the virus payload. Again, big hurdles.
Lastly, The Man depends on the "suspect(s)" not noticing any increase in network traffic as their every keystroke goes back out over the net as a transmission and ACK from the Carnivore box. One assumes that if the user goes into offline mode the wee beastie caches the data for later transmission. Another potential giveaway.
Finally, at each of these hurdles the critter is subject to capture, examination and reverse engineering by "suspects", suspicious sysadmins and clueful civil libertarians. After that is is only a matter of time before the code is out of the bag so to speak and The Man then gets stuck in a vicious circle of re-coding and redeploying the critter to overcome defenses.
In other words, it just doesn't make any sense. I can't beleive it would pass muster with any reasoably intelligent technologist in federal law enforcement let alone in the Courts.
Re:Awesome (Score:2, Interesting)
The only thing at all newsworthy about this is that it's now being used to gather legal evidence. Tools like this have been around for years--now the government is just trying to make evidence gathered thereby admissible.
Now, what would be techinically sweet is something like a van Eck phreaking, where you latch onto the radiation produced by your CRT and reproduce the scan. Some more info available here [shmoo.com].
Re:Short Answer: Yes (Score:5, Interesting)
Good luck... (Score:4, Interesting)
After all, it's doubtful that Microsoft would object to the FBI looking at their source code for such a project, it's doubtful that Apple would object--but even if they did, the lower levels of OS X are open-source Darwin--and of course Linux is open-source anyway. It doesn't seem too difficult for them to do.
It seems that if they were to do it the simpler way, it would be too easy to detect. If they installed it like a simple trojan, it would be trivial to detect, particularly by software such as ZoneAlarm and equivalents which monitor all attempts by programs to access the net. In fact, if it is what they used in the Scarfo case and they are using it now, if it were a simple trojan it would probably have been reported by now. People with something to hide know what software to use to protect them from such things.
For example, "Dr. Who's Encryption and Security FAQ" http://www.slack.net/~hermit/ebook/documents/secu
Call me crazy, but I think the FBI would take note of this readily available information and come up with a way to counteract it. Writing their trojan into your operating system itself seems like a damn good way to do this. Windows and Mac users and even Linux users expect certain processes to access the network, so why not exploit that to camouflage an "ultimate trojan"?
There would be only one way to counteract it, and this is mentioned in Dr. Who's FAQ: make detached PGP signatures for each important file in your OS that you'd expect not to change, and use a script to check them against the files each time you boot, or each time you choose to run it. If a file has changed, you know something is wrong.
Of course, this is very cumbersome--how many files exactly should you sign? Very tedious. I got to thinking on this some time back, and came to the conclusion that if you want the best possible security against unauthorized changes to your system, the best way might be to install your whole OS and all your apps, configure everything how you like, and immediately transfer the whole system to one file. Then, strip down your OS to the very minimal parts needed to boot and to check the signature on the "big file" and your stripped-down OS files, then decompress/mount then boot the whole OS in your "container" file. If you have lots of cheap RAM, you can decompress the file containing your OS into a RAMdisk to save some time and make the files less persistent. A lengthy process, depending on how big your OS/apps are, but if you want security there will be a price. This way, every file on your system is uncorruptable, untouchable by trojans and FBI spyware.
I experimented with just that using Windows 98SE, and though I don't know exactly how you'd do it with Linux or WinNT/2k/XP it is definitely doable with Win9x. First I installed Windows and all my apps, then made a Zip file (using no compression at all, for speed of unzipping at boot) of the whole system. Then I deleted the system except for minimal DOS command files and a RAM disk creation tool called xmsdsk.exe and a command-line unzip tool, altered Autoexec.bat to call xmsdsk with the parameters to make a 1GB RAM disk (there were 1.5gigs on the machine), called the unzip tool to unzip the file to the RAM disk, and had the config files boot Win98 from that drive. It took fiddling a bit, but finally I got it right and it worked. When my Win98 booted, in the startup folder was a shortcut to check the PGP signatures of all the startup files and the Big File that the system was stored in.
Not ideal. Quite slow to boot up. You can see why I don't actually still do this; it was more or less an experiment. But it did work. When the system was shut down, the RAM disk went away, and so any changes at all to the system would be undone. If the Big File the system came from, or any of the boot files, were modified it would show up the next time I booted when the signatures were checked. It was unweildy, but it did provide full protection of a sort I can't think how to have otherwise.
So, does anyone else have crazy ideas on how to provide security against such intrusions? Preferably ones that don't require a boot time long enough that you can go make breakfast in the intervening minutes.
Re:AV software. (Score:4, Interesting)
I doubt it would happen that way. Chances are, the "virus" wouldn't be self-replicating, at least the government's version wouldn't. If it were, there'd be no effective way to control it. So, if the only people who are sent this thing are people the feds want to bug, the AV companies most likely wouldn't see it.
However, all this goes out the window if someone gets hold of this thing somehow and modifies it. They could do several things. First, they could attempt to decompile it and then post the source for all to see. If they wanted to get more, um, creative, they could modify it so it becomes a truly self-replicating virus. Not only would this turn the thing loose on the Net at large, it'd also have the possible effect of taking out whatever computer the original virus was supposed to "phone home" to. How long could a machine set up to handle data from several thousand of these things last when it's getting bombarded with data from a few million? Finally, there's the possibility that it could be modified to seek out and attack computers owned by the government. Once it got in, it would sit there and spy on whoever was using that machine. Results could be sent anywhere. Protecting all those government computers would be a massive undertaking. Even if the feds had custom software to do it, distributing it in any meaningful way to locations around the country would almost guarantee that it'd leak out within a few days. But the truth is that federal computers are running the same software that everyone else is, and the people using them can be just as easily deceived as the average home user. All it'll take is for one programmer with talent, a chip on his shoulder, a good deal of free time, and access to the right tools to decide to fight code with code. If he gets hold of the feds' virus, he could use that. If not, well, he'd most likely roll his own.
This is a superbly stupid idea the feds are pursuing. If they write crappy code, only the truly moronic will allow this to get installed. If they write a really sophisticated piece of software, they could very well end up creating a monster that will turn around and bite them in the ass.
Pedophile PATRICK NAUGHTON (Score:3, Interesting)
As you well know, Java inventor Patrick Naughton, an ADMITTED PEDOPHILE [zdnet.com] developed secret software for the FBI so he can get out of jail sooner and be out on the streets molesting girls again.
ANYONE WHO MODERATES THIS DOWN MUST ALSO BE A PEDOPHILE
Please check my facts and moderate up
Re:yyeeeeeesh. (Score:2, Interesting)
But if a target is suspected by the FBI, you would hope that they would be clever enough to watch for backdoors, shield their machines from EMF, etc.
Re:yyeeeeeesh. (Score:2, Interesting)
We should be fighting against those who would use this software, not the software itself.
Bite the hand that feeds them (Score:2, Interesting)
I for one would enjoy spending quite a bit of my time reverse engineering the thing just so I could send them dummy information.
It's an old war trick. Break their code and feed them iffy information. They're so trusting of their technology most of those idiots wouldn't even see it coming.
This game works both ways
Re:Legal? (Score:5, Interesting)
I don't think it'll be illegal to use a secure system due to this, but I *do* think they're really asking for trouble if this thing "flies".
WARNING: The remainder of this post may in fact be advocating "terrorism" under the new definitions put forth by the U.S. gov with respect to "computer crimes". Why am I logged in? Because, quite simply, they can kiss my A$$.
Do you really think tens thousands of server admins would let this go without retribution? I for one sure as hell wouldn't. Invasion of my servers is, in my book, precisely the same as invading my home (maybe even worse). Okay, so how do we fix their little red wagon?
Go HoneyPot on their asses. Set up a bunch up of machines all over the place to get compromised, and have firewall software monitoring the destination of the nasty outgoing packets. From there, use a P2P model to distribute the destinations of such data, and D-E-N-Y the living hell out of their servers. For added flair, you could always include repetitious, highly profane strings in your denial actions (use your imagination).
I would especially advocate this concept for all technies living in various foreign nations whose citizens might get "bugged" by the our wonderful boys in blue. Yes, I am openly advocating retaliatory strikes against this sort of disgusting behavior.
And I think it's damned well warranted.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Carnivore antivirus? (Score:2, Interesting)