Forgot your password?
typodupeerror
Security

FBI Confirms Magic Lantern Existence 461

Posted by chrisd
from the aldous-would-be-proud dept.
The_THOMAS (and many others) writes: "A day after major anti-virus firms waffle on their support for 'Magic Lantern', and nine days after Thomas C Greene of The Register tried to throw cold water on it's existence, the FBI Confirms the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"
This discussion has been archived. No new comments can be posted.

FBI Confirms Magic Lantern Existence

Comments Filter:
  • Paranoia (Score:4, Interesting)

    by Jebediah21 (145272) on Thursday December 13, 2001 @01:05AM (#2697510) Homepage Journal
    I'm not worried about Magic Lantern. I'm worried about the stuff we haven't heard about yet. Really, if the FBI wants to spy on citizens (or criminals for that matter) there is no way they would let their ideas be known.
  • by dbitter1 (411864) <slashdot.carnivores-r@us> on Thursday December 13, 2001 @01:27AM (#2697606)
    A Slackware user myself, I am somewhat used to retrieving the source of my updates and compiling them myself. Although I don't check all of the PGP keys, most of the source I update regularly DOES have a digital signature.

    Technically, Windows Update could insert something that removes the need for Microsoft's signatures and the Debian example would work just as well for our friends at M$.


    As a similar matter of example: With W2K SP/2, M$ decided to disable the ability to disable Windows File Protection. A nice concept in some respects, but forces you to keep whatever files M$ thinks you should have... say... NetMeeting (or any other program you no longer get to uninstall.)

    A bit of research, and a good-ole 2 bytes of NOP carefully inserted disables WFP. I was a bit shocked when I realized it did work! I boot W2K now, and although no WFP causes an event log message, the only way to tell my SFC.DLL is hacked is to test the signature manually! No "A Windows File Fails Integrity Checks" error message comes up. It could have just as well been the FBI's hack. Or, worse yet, the FBI could use WFP to ASSURE that you can't replace their files with a clean, non-recording version!...


    Shiver

    P.S. Try using SSH + SFTP. Beats the WUFTP problems and the tricky firewall rules FTP bringeth.

  • by dfeldman (541102) on Thursday December 13, 2001 @01:42AM (#2697678) Homepage
    And 'rpm -U' doesn't say a single word when I install an unsigned package. By the time I could see that the package was unsigned (and potentially a copy of magiclantern-i386.rpm), it would be too late.

    Distributions should reject packages that aren't signed with a trusted key by default. And make the user specify the --really-install-an-untrusted-package flag in order for the package manager to accept it.

    df

  • by wbattestilli (218782) on Thursday December 13, 2001 @01:43AM (#2697688)
    In the case of Redhat at least, if you use up2date to update your system, each rpm is checked for a GPG signature.
  • by webwench_72 (541358) <.webwench_72. .at. .yahoo.com.> on Thursday December 13, 2001 @02:10AM (#2697752) Homepage
    There's a homily about how, when everyone is a lawbreaker, government has total control over everyone -- there will always be a pretext for detaining any person.

    As another poster mentioned, it is quite likely that none of us would like to have all of our keystrokes made public -- some of our innermost thoughts go right through our keyboards, and Magic Lantern wouls apparently make no distinction between keystrokes that you intend to publish on the web, and those intended to stay private (financial info, personal letters, diaries, medical correspondence). If you think this sort of tapping would only occur under warrant, you aren't following the latest news.

    Since 9/11, we already see our government detaining people for more extended periods of time even when the detaineee has not been accused of a crime, refusing to share the evidence [sfgate.com] against those detained, and the Dept of Justice is even, per AG Ashcroft, allowed to monitor conversations between people in custody and their lawyers [aclu.org]. That last one applies to everyone, and is not limited to suspected illegal immigrants.

    This is the top of a very slippery slope. If we give away rights to privacy in our homes and with our legal counsel, we will never get these rights back.

    "A man who gives up some of his liberty for a little temporary safety deserves neither liberty nor safety." - Benjamin Franklin

    "Whether or not legislation is truly moral is often a question of who has the power to define morality." -- Jerome Skolnick
  • by t0qer (230538) on Thursday December 13, 2001 @02:52AM (#2697841) Homepage Journal
    The one thing I take heavy issue with is the anti-virus companies decision to have the product that I paid to make sure unauthorized programs not run on my computer are letting this one in. To be honest, do I really need antivirus programs with all that I know now?

    I have a bbiagent.net router that I routinely check on. Several times my friends have brought over M$ machines infected with viruses, I would see them trying to connect to the router on goofy ports, then look up what viruses use that port and take the right action.

    What would be really nice is if the EFF or some similar organazation makes a blacklist of products infected with this crap. I don't think it would be too hard to detect, lots of smart people out of work with time on their hands now. More of us than the FBI, yeah coppers good luck!

    I would not buy a product nor subscibe to a service that allows access unauthorized by me. The rest of /. should do the same.
  • by doorbot.com (184378) on Thursday December 13, 2001 @03:11AM (#2697869) Journal
    One solution is as follows... make a clear, concise statement that companies will refuse to run virus scanning software at all as long as the FBI's "virus" is allowed to roam free and unchecked.

    Then, watch as Melissa hits again and devistates the economy. Seem radical? Yes. But frankly, there comes a time when drastic steps need to be taken. Just think about how long it would take, in such a scenario, for the FBI to force the antivirus makers to update their software to clean things out... Short-sighted lawmakers may take away a citizen's freedom, but we still have the power to control what does and what doesn't happen in our government (well, with regard to the FBI).

    Maybe an open source anti-virus tool for Windows is a better idea... as long as the FBI's targets are protected the software will be useless.
  • by Anonymous Coward on Thursday December 13, 2001 @03:18AM (#2697885)
    Idiots! Its *NOT* the FBI! Its Executive branch and the Legislative branches of government as well.

    In 1999 and 2000 The US goverment created some brand new covert departments to explicitely write keyboard loggers and forensic tools. These departments are also charged with writing computer snooping tools in general for spying on US citizens.

    For deniability and for control, the departments were not created under the umbrella of the CIA, the NSA nor even the NRO.

    The Executive branch of government created one small software writing department controlled by the president and his cronies and secret service.

    The Judicial branch created one not affiliated with the FBI strongly, but perhaps so.

    Each has miniscule budgets for employees and staffing of about 16 million bucks a year.... totally negligible compared to the billions the NRO consumes tapping space-borne telephone calls.

    But these small departments make tools to intercept PGP passphrases for black-bag no-knock warrentless searches, and other naughty tools that emit bursts of modulated energy by tickling RAM on motherboard of uncached data lines to enhance greatly the Tempest emmisions.

    This modulated energy is usually burst and spread just after an ATA-IDE disk access so that it is less detectable by studying relationships between typing and monitoring using FM bugsweep tools.

    The data from these tools can then be seen outside the system and can contain all sorts of goodies, emails, passphrases, even one-bit compressed images of screen updated areas.

    Anyway, its not bullshit. Just search the nets older press releases and read cryptome.org more often.

    and for goodness sake, only use a laptop for your pgp mail and always store all data in a pgpdisk volume and use a hack to click-enter your passphrase from a tablet of fuzzy edged glyphs randomly plotted, instead of the usb and adb tappable HID devices such as modern keyboards.

    I am all certain you know all about the hardware keyboard loggers.

    life sucks
  • by macmouse (525453) on Thursday December 13, 2001 @03:26AM (#2697906) Homepage
    Why hasn't anyone thought of this before?..

    Its a bit insane but think about it..
    This would ideally be applied to jxtra (www.jxta.org) - suns peer to peer protcal layor (different things can be put ontop, like a web browser, a IM message,file sharing, etc).

    Have the a key/checksum on the file itself. Then to authenticate, connect to the p2p network. Each host would have their own UNIQUE key. The longer a machine is up the more trust. Nearby machines get the key as well.

    So, to authenticate the program goes and finds a bunch of random machines, asks what their keys are and what the key is for the package file. Then, you check the machines keys with other machines to make sure they can be "trusted". This would be a cross between the gpg signing "web" and p2p networking.

    So the machines that have been on longer can be trusted more. This is to prevent a machine at the isp to generate new keys on the spot (or use the same one over and over again). It would have to be around for a resonable amount of time (24 hours?).

    So each time you check package x, at random a series of "hosts" are asked what their checksums are for package x. For the paranoid, could add some route/different isp checking as well. Let say it asks 20 machines. If all match, then odds are pretty good its correct. Also, each host's key would have to be unique and "trusted". Then you can go out onto 100's (even more?) of hosts to check.

    True, (in theory) it would be possiable to fiter for those specific requests, generate a seperate key for a bunch of ip's RANDOMLY and have them authenticate with each other, but that would be quite difficult. In order to do that, they would essentially have your connection severed from the net, with no direct path and on a "virtual" network, in which case your screwed anyway.

    It isn't the most efficent way, but probably about as secure as you could get. Well, without being the govenment itself ^_^.
  • by fluido (9095) on Thursday December 13, 2001 @03:37AM (#2697925) Homepage

    What if they tell them: you let us spy on windows users, and we will be as helpful as we can be in the field of antitrust and similar stuff.

    While I believe that it is concretely possible to receive an infested .deb or even an infested kernel, I believe we linux users have two advantages: 1) we are more attentive and careful and 2) we know how to handle our systems.

    Our system could become compromised, but there would most probably be little time before we found out. And really fixed our boxes.

    Which is what attentive and careful windows user could also do if they had hold of the source.

    So, the solution is, yes, to use an open OS, but also to be and remain attentive and careful. And to learn what we are doing and why. This is what information age boils to:

    a) you don't use computers (and you probably live in some monastery in the mountains).

    b) you use computers but you prefer to remain ignorant about what happens behind the hood. I would prefer to say: you are used by computers.

    c) you understand computers, you use them for what they're worth, you don't let any corporation or government pull dirty tricks to you. You help family and friends and common people in doing so (provided they accept to shed off their laziness).

    Windows is the lazy choice. Due to their laziness, people willingly "bend over." Microsoft does not need to "bend over:" they are slowly fusing with the US government, who will find it (already finds it?) extremely useful to keep an eye on lazy corporations and people.

    The process will be very quiet.

  • by Katravax (21568) on Thursday December 13, 2001 @03:46AM (#2697946)
    This post will probably never be seen since I'm a latecomer to the conversation, but I knew a fellow a few years back that would never be affected by a keylogger. His method would work for bypassing any keylogger, but would probably be most useful to touch-typists as a way to not use the keyboard for entering passwords.

    He claimed he was a terrible typist. I couldn't tell though, because he didn't touch the keyboard. He would literally copy and paste every character he entered. While this would be tedious for all typing, it strikes me that would be a good way to enter passwords if you're concerned about a keylogger.

    That generally wouldn't work for whole-system logins, but it would work for encrypted files and other "lesser" logins. Copy a letter from this page, a letter from that, paste it in your password box, and I doubt seriously even a macro recorder could follow what you're doing.
  • by Overfiend (35917) on Thursday December 13, 2001 @05:41AM (#2698033) Homepage

    With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.

    Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.

    I never have quite figured that one out.

    Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?

    The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.

    Is anyone interested in this stuff?

  • by Bert Peers (120166) on Thursday December 13, 2001 @05:49AM (#2698046) Homepage
    It seems to me that keeping Magic Lantern from working should be fairly easy for any terrorist who knows that much about it. [...] Once the (let's say) email is written and encrypted he puts it on a disk goes over to another computer hooked up to the web and sends it off.[...]


    This would work. In fact, this is exactly the method used by amazon.com in their (very) early days to "secure" their database of credit card information. Credit card info was stored on a separate, non-networked computer. Every morning, the names of customers who had placed an order since the previous day, would be saved to a floppy disk which was then physically "carried" to the database PC to be matched up against their credit card info. That PC then generated a list (on paper) of billing requests to be sent off to Visa etc. The only way to modify the database (to add a new customer or update a credit number) was to actually call Amazon.com, and get someone on the phone to walk over to the database machine and enter some SQL woopla.

  • by Skinny Rav (181822) on Thursday December 13, 2001 @06:09AM (#2698075)
    Hmm... Good point, but not perfect. If you look around you'll notice that most people don't care about such things. As long as they get their soap operas, their cornflakes and their supermarkets they're as happy as people in "Brave New World".

    And who protests? Geeks, living partialy in some abstract cyberspace, and various idealists like libertarians or people who still believe in American Democracy as some ideal being which exists and now is threatened by evil FBI, NSA or whatever. All these are also kind of outsiders.

    So, I would say, we're somewhere in between: nobody's gonna use rats if you say that the goverment is evil, and most of the people are happy with their freedom shrinking, but still, it's just _most_ of the people, not everyone.

    Rav
  • by ymgve (457563) on Thursday December 13, 2001 @08:55AM (#2698287) Homepage
    I don't really see the problem with the AV vendors overlooking ML. No, I'm not mad - bear with me for a moment:

    First - think about how AV software works. It usually scans a file when it's accesed for certain known patterns - the virus signatures. Every virus/trojan/worm have their more or less unique signature which is used to identify it. So, when AV vendors say they won't detect it they software is not deliberately letting ML through - the software just will not have a signature for ML, and therefore it won't be recognized as a trojan.

    This is not a hole.

    It's just how antivirus software works - looking for known malware patterns.
    Now, if I were to make my own personal Magic Lantern, I could theoretically modify FBIs software, or write my own. They will both be equally undetectable. Now, when certain AV vendors say the won't look for ML it is in fact good - because they are open about it. You KNOW their software won't detect it, and if you feel threatened by it you are free to change vendor and add in additional layers of paranoia (Firewalls, IDS, tripwire).
    If we are going to hate AV vendors for something, we could just as well blame them for not including anti-spyware in their signature files. They have overlooked this specific kind of malware for years, and not many have raised their voices about it.

    I'm more scared of the methods they intend to infect their targets - pushing ISPs into modifying data as it arrives at the victim's computer is just plain scary.

    Then again, it's FBI we're talking about. For the most part they play by the rules. And if you're really so scared about Magic Lantern, you should be scared about phone wiretaps and Tempest too. They are all equally privacy-invading technologies, but very few of us encrypt our telephone calls or install lead-walls to protect our privacy.

    I'm not saying that Magic Lantern is a good thing (it's not), but the AV vendors are not trying to make a gaping hole in you computer, and shouldn't be accused of such things.
  • by HuskyDog (143220) on Thursday December 13, 2001 @09:20AM (#2698337) Homepage
    If I download and install the NSA's Security-Enhanced Linux [nsa.gov] (having checked the source carefully for back doors) am I then safe from Magic Lantern?

    It seems to me that sooner or later these two government projects are going to come into conflict and it will be very interesting to see who comes out on top.

  • by Catiline (186878) <akrumbach@gmail.com> on Thursday December 13, 2001 @10:10AM (#2698486) Homepage Journal
    Here's the one counterargument for what you said:

    Power corrupts. Absolute power corrupts absolutly.

    And now let me expound upon that.

    I have a friend-of-a-friend story: a friend of mine is a lawer who defended a client accused of a computer crime- namely, running p0rn and selling 'services' on the 'net. When the police (Atlanta, GA- local mind you) raided his house, they took everything. Incuding, for no reason whatsoever, his pickup truck. And then auctioned said truck off. Before he was proven guilty in a court of law- before, even, he went to court. In total defiance of the constitutional protections against unreasonable search and seizure. And this was doubly unreasonable as a) they had no reason to sieze his vehicle and b) the had no right to sell it before his guilt was determined.

    So if you want to say something sensible and levelheaded like "ensure that adequate oversight exists", keep in mind that the overseer needs to know about the issures involved. And when they don't, any amount of oversight won't do anything to stem corruption. Because I'm sure as sure can be that the goverment has sharp oversight over the local police departments, but yet that didn't stop this from happening. I don't even want to think about what the police really do in cases of phone tapping.
  • by bowronch (56911) <slashdot@bowron.us> on Thursday December 13, 2001 @11:35AM (#2698943) Homepage Journal
    Interested parties should read this article... Ken Thompson created one of the coolest back doors ever... Compile the compiler to introduce code that creates a login backdoor every time login is compiled, and code so that everytime the compiler itself is compiled, the hack goes into the binary... after one compile, the hack isnt in the source... "Reflections on Trusting Trust" [acm.org]
  • by olla podriga (523728) on Thursday December 13, 2001 @01:06PM (#2699406)

    It will not work.

    Guess why they want to make it a virus. Once it managed to get into one of your computers, it will find a way to infect anything you have contact with. Perhaps it puts a boot-sector virus on any disc you copy, inserts itself as macrovirus in the mail you just copied. Even your Laptop might need a software update some time and then you can't be sure the update is "clean".

    For the way out: It could copy the data it collected or integrate it into its virus code, so that it can send your keys whenever it gets a internet (or whatever) connection from another system.

    It generally sounds like a good idea, but can you be sure that your disconnected system is "clean" in the first place? Can you be sure that there will never be any possibilty for unwanted data to leak in or out your system? Normally you can't. You'll try very hard to do so, but all it takes is one little glitch (or someone else using your disconnected system) and "they" got you.



    There is no defence against a sufficiently funded and determined attacker

  • Timing (Score:2, Interesting)

    by ruck (156392) on Thursday December 13, 2001 @02:03PM (#2699735)
    Does anyone else find it interesting that this was announced at the same time the Bin Ladin tape was released? I just visited CNN, and off to the side of the big story, I saw little links telling me that the U.S. has just pulled out of the ABM treaty, the army has admitted to producing anthrax in Utah, and that the FBI has confirmed the existence of Magic Lantern... unbelievable.

Pause for storage relocation.

Working...