[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] FBI gibt Projet "Magic Lantern" zu

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] FBI gibt Projet "Magic Lantern" zu
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Wed, 05 Dec 2001 13:25:38 +0100
Organization: http://www.fogis.de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
SECURITY WIRE DIGEST, VOL. 3, NO. 91, DECEMBER 3, 2001

FBI ADMITS EXISTENCE OF "MAGIC LANTERN"

By Shawna McAlearney

The FBI last week admitted to developing "Magic Lantern," a worm/Trojan
combination capable of infecting a suspect's machine to obtain
encryption
keys.

"We're talking about something that is in the process of being developed
and we're really not too pleased that it got out to begin with," says
FBI
spokesman Paul Bresson. "We don't really want to talk too much about the
specifics. It is something we're developing, but it's never been used
before."

Though details of how the program will work aren't available, AV experts
speculate that it installs keylogging software on a suspect's machine
after infecting it with a worm. By capturing keystrokes, critical
encryption key information can be gathered and transmitted back to the
FBI.

The admission caused an uproar in the antivirus industry when several
companies said they wouldn't include detection capabilities for Magic
Lantern in their products.

"If it was under the control of the FBI, with appropriate technical
safeguards in place to prevent possible misuse, and nobody else used it,
we wouldn't detect it," Eric Chien, chief researcher at Symantec's
antivirus research lab, said in a published report. "However we would
detect modified versions that might be used by hackers."

An Associated Press report also indicated McAfee Corp. had contacted the
FBI to make sure that its software wouldn't detect the Trojan. However,
Network Associates, McAfee's parent company, contradicted the report,
saying that the discussion hadn't occurred.

Other vendors say it would depend upon safeguards. "If the authorities
would be able to closely contain and monitor the use of their special
tool--that it's not spreading like wildfire through the Internet and if
it's only available in a controlled fashion--it's much easier for
antivirus vendors to cooperate with the authorities and not detect the
tool as a damaging Trojan horse," says Ari Hypponen, CTO of F-Secure.
"The
key differentiator here is whether the tool would affect real-world
customers and their legitimate need for network security."

The AV industry is walking a tightrope on such covert government
actions.
Companies that insist on detecting the Trojan could be shielding
terrorists and criminals while vendors that concede to the FBI's wishes
will be accused of violating their customers' civil liberties and
providing a flawed product.

"Looking at this situation from an industry perspective, if an AV vendor
was going to put this into their software, it would be bad," Rob
Rosenberger, editor of VMyths.com, a computer virus myths Web site.
"There
are a lot of companies out there that want to know that their antivirus
software detects all malicious stuff--even if we're talking about the
FBI."

Some vendors reassured customers that they wouldn't modify their
products
to allow the FBI Trojan to slip past undetected.

"Malicious code is malicious code," said Graham Cluley, senior
technology
consultant, Sophos Anti-Virus. "There's no reason why organizations
targeted by Magic Lantern could not write a variant of the e-bug for
their
own use. Before we know it, we'll all be spied on by every Tom, Dick and
Harry--the FBI could even become a victim of its own code!"

Allowing "back doors" for U.S. law enforcement has additional
implications
for vendors that do business in other countries. Customers outside the
U.S. would expect protection against the Trojan, companies based in
other
nations may add it to their signatures and other nations might wish to
develop similar tools.

"Is the FBI going to trust Eastern European and Asian companies to do
the
honorable thing and not detect this Trojan," asks Cluley. "What if the
French intelligence service, or even the Greeks, created a Trojan horse
program for this purpose? Should we ignore those too?"

Some doubt that Magic Lantern could work as a successful way of
observing
suspected criminal and terrorist activity.

"Maybe we already detect Magic Lantern, but call it by a different name.
The FBI hasn't provided us with a sample--it could be one of the many
keylogging Trojans we've been sent in the past," says Cluley. "We have
no
way of knowing if it was written by the FBI and, even if we did, we
wouldn't know whether it was being used by the FBI or if it had been
commandeered by a third party wishing to spy on a customer--it's a
totally
unworkable situation."

The FBI recently acknowledged it used key-logging software in the
investigation of suspected mobster Nicodemo Scarfo; however, in that
case,
the FBI physically installed the program on his machine.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] MTV zieht in den Krieg
Next by Date: [infowar.de] Magic Lantern reality check
Previous by thread: [infowar.de] MTV zieht in den Krieg
Next by thread: [infowar.de] Magic Lantern reality check
Index(es):
- Date
- Thread