From owner-imap@chumbly.math.missouri.edu Sun Oct 6 10:30:12 2002
Date: Sat, 5 Oct 2002 06:10:23 -0500 (CDT)
From: Mark Graffis
<mgraffis@vitelcom.net>
Subject: Is Bugbear really Magic Lantern
?
Article: 145655
To: undisclosed-recipients:;
http://news.zdnet.co.uk/story/0,,t269-s2099692,00.html
FBI uses hacking technology for surveillance
By Robert Lemos, CNET News.com, Thursday 22 November 2001, 10:50
US law enforcement agencies are reportedly developing tools to install surveillance systems—based on technology commonly used by hackers
A new tool reportedly being developed by law enforcement
agencies to remotely install surveillance programs on a suspect's
computer is little more than three-year-old hacking technology,
security experts said on Wednesday. On Tuesday, MSNBC reported that
the FBI was working on a computer virus
to install key-logging
programs and other surveillance software onto a suspect's
computer. Yet if the details of the report are correct, the technique
doesn't use a virus, but a Trojan horse, a program that acts
without the person's knowledge.
The technology has been around a bit,
said Vincent Gullotto,
director of Network Associates' antivirus emergency response
team. It seems like the FBI is just trying to see if they can come
up with different options and ways that electronic surveillance can be
done.
Calling the technology Magic Lantern,
the report
stated that the intent of such software would be to remotely install a
system that logs all keystrokes sent to a PC to obtain data and
passwords. The idea is old hat, said Fred Cohen, a security
practitioner in residence for the University of New Haven. It's
not a very clever or novel thing,
he said.
FBI representatives could not be reached for comment. Cohen has taught
law enforcement and industry security professionals many ways of
collecting digital evidence. When such evidence is encrypted, the
officer needs to work around the crypto system, not try to break the
keys with computational muscle, he said. You want to go after the
keystrokes,
he said. By capturing the keys typed by a person, then
law enforcement can learn the password used to unlock encrypted
documents. If they tried to use computational firepower instead,
cracking the code could theoretically take years, if not
centuries. For that reason, Cohen suggests that hacking tools be
used. In my class, I teach how they could use a Trojan horse to go
after the keystrokes,
he said.
Several hacking tools, the two most popular being Back Orifice and SubSeven, allow full control over a remote PC infected by the program, including keystroke logging and even recording a conversation if a microphone is connected to the PC. Both programs have been incorporated into Trojan horses and are several years old. In fact, the FBI has already used similar, if more limited, surveillance software in at least one high-profile case to obtain a secret code to unlock encrypted files on the computer of Nicodemo S. Scarfo, a suspected mobster in the Gambino crime family. In details unveiled by an affidavit in the case, the FBI installed a key-logging system on Scarfo's computer during a search of his office.
US Representative Richard Armey, a Texas Republican, sees such
techniques—and their remote installation—as a better deal for
citizens than Carnivore, the FBI's controversial email
surveillance system. The way we look at it, this may be better than
other available tools,
said Armey spokesman Richard Diamond. Where
the Carnivore system—renamed the DCS 1000—has access to an
entire data stream and could potentially spy any traffic on that
network, the so-called Magic Lantern
technology would only be
installed on a single PC. If Magic Lantern is as described, then it
is a rifle-shot attack on a suspect,
Diamond said, compared with
Carnivore's shotgun blast.
One danger is that evidence-gathering tools such as Magic Lantern are
not well defined in law. The technique could lead to unsupervised
surveillance by law enforcement, because it's unclear whether any
laws requiring oversight apply to the situation, said David Sobel,
general counsel for the Electronic Privacy Information Center, a
Washington D.C. policy think tank. This is more problematic than a
traditional wiretap, because suddenly you are removing the
communications provider from the equation,
Sobel said. A wiretap
order has to be presented to the phone company to connect to their
network and snoop an individual's line. Even the Carnivore system
requires the help of the Internet service provider to install
it. While Armey successfully added an amendment to the USA Patriot
Act—a far-reaching package of surveillance laws passed last
month—to provide oversight of the use of Carnivore by the FBI,
it would not apply to Magic Lantern, Sobel warned. We don't
know what this is capable of and whether it is being used
properly,
he said. There may be no way to stop this from being
installed on a computer.
Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Surveillance News Section. Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum. Let the editors know what you think in the Mailroom. And read other letters.