Feeds

FBI ‘Magic Lantern’ reality check

It's not Echelon

  • alert
  • submit to reddit

Seven Steps to Software Security

There's been a lot of noise since MSNBC's Bob Sullivan broke the story of a new viral snoop tool called 'Magic Lantern' which the FBI is purportedly developing to capture crypto passphrases so they can decrypt files on suspects' computers.

Of course this all comes from an anonymous source whose level of access isn't even hinted at, so we remain unconvinced. The tool is described, Sullivan implies, in the blacked-out sections of a series of documents obtained by the Electronic Privacy Information Center under an FIOA request. Right.

Next, ZD-Net's Robert Lemos grabbed it and affected to be skeptical, calling it a Trojan. He said it was nothing new, but he didn't seem to doubt it exists.

Then the Associated Press' Ted Bridis grabbed it and added another unsubstantiated embellishment, claiming that anti-virus outfit McAfee had contacted the FBI offering to engineer its products to fail to alert users when Magic Lantern heads their way.

McAfee has flatly denied Bridis' claim. In reply, Bridis, like Sullivan, appealed to an anonymous source.

So what we have here are three stories, none of which contains a single verifiable fact substantiating the existence of an FBI 'virus' or 'Trojan' or any conspiracy between the Feds and the AV industry to ensure that it remains undetected.

Some truth

Assuming Magic Lantern exists, we can be sure that it's not a virus and that it's not Trojan according to Lemos' examples of BO2K and SubSeven. The FBI simply is not going to root someone's box. That would give them remote access, which means they would blow the bust because they'd be open to reasonable doubt that they planted evidence.

The only thing it could reasonably be is a simple self-extracting keylogger concealed as a friendly progie or upgrade, which is far from ground-breaking news. Software keyloggers like Ghost have been available for ages, and it's hardly surprising that the FBI might be interested in them.

Technical challenges

Getting the malware to the right person's machine will be a bit of a trial. For this, perhaps the FBI can leverage the malware propagation features cleverly coded into Microsoft Outlook and Outlook Express, and e-mail malicious porn files and whack-a-mole games to drug lords and international terrorists.

Once a victim is infected, there are quite a few countermeasures he can employ. A proper firewall properly set up should inform a watchful user of any attempts by malware to phone home. Preventing e-mail from going out in secret is a bit more of a problem, but setting up a bogus default account might give one an edge.

Now, Windows has a handy 'system restore' feature which works wonders. Simply clean install the OS, load all your apps and progies and drivers, and back up your system before you do anything else. Once the backup is done, you can revert to the clean version periodically.

In Win 9x, go to C:\Windows\System\Msconfig.exe and start the program. You'll find a button that says 'Create Backup'. That's how you take a 'snapshot' of your system. Whenever you get the urge, just bring up the utility and hit the other button which says 'Restore Backup'. Goodbye Magic Lantern (probably).

In Windows Me, 2K, XP, go to the Start menu, Programs, Accessories, System Tools, System Restore.

You can also do this the hard way by following the twin-HDD routine elaborated in this article. This method is more troublesome, but more thorough if you prefer not to leave anything to chance.

Search or wiretap?
Of course, even a simple keylogger is ripe for official abuse; and ever since the September 11 disaster Mueller's FBI and Ashcroft's DoJ have exhibited a most neurotic, Stasi-like compulsion to trample the Bill of Rights for the public good. The technology itself may be enormously duller than the press has been hoping, but it's perfectly suited to dirty deeds.

The chief question is whether the Feds should be required to get a wiretap warrant which demands a higher level of evidence rather than a simple search warrant before they can use a keylogger.

To my mind, logging someone's keystrokes is a lot more like a wiretap than it is like a search, and I personally believe that the conditions for a wiretap warrant should have to be satisfied before it can be authorized.

The FBI will of course argue that if they have a search warrant to examine the files on someone's computer, and logging keystrokes to capture crypto passphrases is necessary for them to execute the search fully, then the right to do so is implied in the warrant.

Another abuse that comes to mind is using any sort of data, including key logs, which has been gathered improperly to extract a confession during interrogations. If a suspect doesn't realize that the evidence against him is useless in court, he may be frightened into accepting a plea arrangement straight away.

But this is not a problem specific to Magic Lantern; it's a problem specific to a frightened Bush Administration which has elected to take as many pages as it can from the Stalinist playbook to keep us safe from bad men who sneak about in the shadows and use violence, deception and coercion against us.

I wouldn't worry too much about keyloggers. I'd worry a good deal more about the sudden, dramatic erosion of laws protecting us from their misuse by zealous, terrified Feds. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.