Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] Magic Lantern reality check
From: InfoSec News (isnc4i.org)
Date: Tue Dec 04 2001 - 02:30:54 CST
FBI 'Magic Lantern' reality check
By Thomas C Greene in Washington
Posted: 03/12/2001 at 12:41 GMT
There's been a lot of noise since MSNBC's Bob Sullivan broke the story
of a new viral snoop tool called 'Magic Lantern' which the FBI is
purportedly developing to capture crypto passphrases so they can
decrypt files on suspects' computers
Of course this all comes from an anonymous source whose level of
access isn't even hinted at, so we remain unconvinced. The tool is
described, Sullivan implies, in the blacked-out sections of a series
of documents obtained by the Electronic Privacy Information Center
under an FIOA request
Next, ZD-Net's Robert Lemos grabbed it and affected to be skeptical,
calling it a Trojan. He said it was nothing new, but he didn't seem to
doubt it exists
Then the Associated Press' Ted Bridis grabbed it and added another
unsubstantiated embellishment, claiming that anti-virus outfit McAfee
had contacted the FBI offering to engineer its products to fail to
alert users when Magic Lantern heads their way
McAfee has flatly denied Bridis' claim. In reply, Bridis, like
Sullivan, appealed to an anonymous source.
So what we have here are three stories, none of which contains a
single verifiable fact substantiating the existence of an FBI 'virus'
or 'Trojan' or any conspiracy between the Feds and the AV industry to
ensure that it remains undetected.
Assuming Magic Lantern exists, we can be sure that it's not a virus
and that it's not Trojan according to Lemos' examples of BO2K and
SubSeven. The FBI simply is not going to root someone's box. That
would give them remote access, which means they would blow the bust
because they'd be open to reasonable doubt that they planted evidence.
The only thing it could reasonably be is a simple self-extracting
keylogger concealed as a friendly progie or upgrade, which is far from
ground-breaking news. Software keyloggers like Ghost have been
available for ages, and it's hardly surprising that the FBI might be
interested in them http://www.keylogger.net.
Getting the malware to the right person's machine will be a bit of a
trial. For this, perhaps the FBI can leverage the malware propagation
features cleverly coded into Microsoft Outlook and Outlook Express,
and e-mail malicious porn files and whack-a-mole games to drug lords
and international terrorists.
Once a victim is infected, there are quite a few countermeasures he
can employ. A proper firewall properly set up should inform a watchful
user of any attempts by malware to phone home. Preventing e-mail from
going out in secret is a bit more of a problem, but setting up a bogus
default account might give one an edge.
Now, Windows has a handy 'system restore' feature which works wonders.
Simply clean install the OS, load all your apps and progies and
drivers, and back up your system before you do anything else. Once the
backup is done, you can revert to the clean version periodically.
In Win 9x, go to C:\Windows\System\Msconfig.exe and start the program.
You'll find a button that says 'Create Backup'. That's how you take a
'snapshot' of your system. Whenever you get the urge, just bring up
the utility and hit the other button which says 'Restore Backup'.
Goodbye Magic Lantern (probably).
In Windows Me, 2K, XP, go to the Start menu, Programs, Accessories,
System Tools, System Restore.
You can also do this the hard way by following the twin-HDD routine
elaborated in this article. This method is more troublesome, but more
thorough if you prefer not to leave anything to chance
Search or wiretap?
Of course, even a simple keylogger is ripe for official abuse; and
ever since the September 11 disaster Mueller's FBI and Ashcroft's DoJ
have exhibited a most neurotic, Stasi-like compulsion to trample the
Bill of Rights for the public good. The technology itself may be
enormously duller than the press has been hoping, but it's perfectly
suited to dirty deeds.
The chief question is whether the Feds should be required to get a
wiretap warrant which demands a higher level of evidence rather than a
simple search warrant before they can use a keylogger.
To my mind, logging someone's keystrokes is a lot more like a wiretap
than it is like a search, and I personally believe that the conditions
for a wiretap warrant should have to be satisfied before it can be
The FBI will of course argue that if they have a search warrant to
examine the files on someone's computer, and logging keystrokes to
capture crypto passphrases is necessary for them to execute the search
fully, then the right to do so is implied in the warrant.
Another abuse that comes to mind is using any sort of data, including
key logs, which has been gathered improperly to extract a confession
during interrogations. If a suspect doesn't realize that the evidence
against him is useless in court, he may be frightened into accepting a
plea arrangement straight away.
But this is not a problem specific to Magic Lantern; it's a problem
specific to a frightened Bush Administration which has elected to take
as many pages as it can from the Stalinist playbook to keep us safe
from bad men who sneak about in the shadows and use violence,
deception and coercion against us.
I wouldn't worry too much about keyloggers. I'd worry a good deal more
about the sudden, dramatic erosion of laws protecting us from their
misuse by zealous, terrified Feds.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.