FBI 'Fesses Up to Net Spy App

Reuters

4:16 p.m. Dec. 12, 2001 PST

SAN FRANCISCO -- An FBI spokesman confirmed Wednesday that the U.S. government is working on a controversial Internet spying technology, code-named "Magic Lantern," which could be used to eavesdrop on computer communications by suspected criminals.

"It is a workbench project" that has not yet been deployed, said FBI spokesman Paul Bresson. "We can't discuss it because it's under development."

The FBI has already acknowledged that it uses software that records keystrokes typed into a computer to obtain passwords that can be used to read encrypted e-mail and other documents as part of criminal investigations.

Magic Lantern reportedly would allow the agency to plant a Trojan horse keystroke logger on a target's PC by sending a computer virus over the Internet, rather than require physical access to the computer as is now the case.

Malicious hackers have been known to use e-mail or other remote methods for installing spying technology, security experts said.

When word of Magic Lantern leaked out in published reports in November, civil libertarians said the program could easily be abused by overzealous law enforcement agencies.

When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."

Major anti-virus vendors this week said they would not voluntarily cooperate with the FBI and said their products would continue to be updated to detect and prevent viruses, regardless of their origin, unless there was a legal order otherwise.

Doing so would anger customers and alienate non-U.S. customers and governments, they said, adding that there had been no requests by the FBI to ignore any viruses.

The FBI set a precedent in a similar case by asking Internet service providers to install technology in their networks that allows officials to secretly read e-mails of criminal investigation targets.

While the FBI requires a court order to install its technology, formerly called "Carnivore," some service providers reportedly comply voluntarily, while court orders are relatively easy to get, civil libertarians argue.

Given the hijacking attacks of Sept. 11, it is also conceivable that the U.S. government would enlist the aid of private companies to combat terrorism and help its war effort, said Michael Erbschloe, vice president of research at Computer Economics, which analyzes the impact of viruses.

"In previous wars, including World War II, the government had the power to call on companies to help; to commandeer the technology," said Erbschloe, author of Information Warfare: How to Survive Cyber Attacks.

"If we were at war the government would be able to require technology companies to cooperate, I believe, in a number of ways, including getting back door access to information and computer systems."

******************************************************************************
AV vendors split over FBI Trojan snoopsBy John LeydenPosted: 27/11/2001 at 18:34 GMT

Antivirus vendors are at loggerheads over whether they should include in their software packages detection for a Trojan horse program reportedly under development by the FBI.

A keystroke logging Trojan, called Magic Lantern, will enable investigators to discover break PGP encoded messages sent by suspects under investigation, MSNBC reports. By logging what a suspect types, and transmitting this back to investigators, the FBI could use Magic Lantern to work out a suspect's passphrase. Getting a target's private PGP keyring is easy in comparison, and with the two any message can be broken.

MSNBC quotes unnamed sources who says that Magic Lantern could be sent to a target by email or planted on a suspect's PC by exploiting common operating system vulnerabilities.

Although unconfirmed, the reports are been taken seriously in the security community, and are consistent with the admitted use of key-logging software in the investigation of suspected mobster Nicodemo Scarfo. In that case, FBI agents obtained a warrant to enter Scarfo's office and install keystroke logging software on his machine.

Magic Lantern, which would be an extension of the Carnivore Internet surveillance program, takes the idea one step further by enabling agents to place a Trojan on a target's computer without having to gain physical access.

The suggested technique creates a clutch of legal, ethical and technical issues. Greater powers in the Patriot Act, which Congress is considering, may allow the tool to be used. But what if it was modified for use by hackers?

And antivirus vendors are mulling over the rights and wrongs of putting Magic Lantern on their virus definition list.

Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."

Graham Cluley, senior technology consultant at Sophos, disagrees. He says it it wrong to deliberately refrain from detecting the virus, because its customers outside the US would expect protection against the Trojan. Such a move also creates an awkward precedent.

Cluley adds: "What if the French intelligence service, or even the Greeks, created a Trojan horse program for this purpose? Should we ignore those too?" Â®

********************************************************************************

Mafia trial to test FBI spying tacticsBy: John LeydenPosted: 06/12/2000 at 12:53 GMT

A trial of an alleged mafia boss will test whether the FBI surveillance teams are entitled to plant keystroke-logging devices on the computers of suspects.

Nicodemo S. Scarfo Jr., 35, the son of the jailed former boss of the Philadelphia mob, faces charges of masterminding a mob-linked bookmaking and loansharking operation.

A key aspect of prosecution evidence was obtained by FBI agents who rigged his computer in order to be able to monitor every keystroke. This was necessary because conventional surveillance on Scarfo, who used to work for a Florida software firm and is considered something of a geek, was frustrated by his use of the encryption program PGP (Pretty Good Privacy).

According to US reports, Scarfo's lawyers will challenge the admissibility of this evidence in a move that will make him the first defendant to challenge covert computer surveillance by the FBI. In a pre-trial motion defence lawyers for Scarfo argued that federal investigators misused a search warrant to install a bugging device on Scarfo's business PC.

Monitoring the keystrokes entered into the machine allowed investigators to find out the password Scarfo used to access an encrypted program which, it was suspected, he was using to store gambling and loan-sharking records.

Civil liberties activists argue that the widespread use of the techniques used against Scarfo extend current wiretap laws and would be open to abuses that violate privacy.

"Anything he typed on that keyboard - a letter to his lawyer, personal or medical records, legitimate business records - they got it all," said Donald Manno, Scarfo's lawyer told The Philadelphia Inquirer.

"That's scary. It's dangerous," he said.

The use of keystroke-logging devices in the Scarfo case was revealed by The Philadelphia Inquirer. However it is not known whether software loaded onto a computer, an attachment linked to the keyboard part of a PC or a 'bug' inside the keyboard was used in the case. The most sophisticated, and least likely to be discovered, of these techniques is the bug.

The case throws up the issue of whether technology is evolving faster than laws regulating the privacy and individuals. It also highlights potential gaps in the capability of the Federal government's controversial Carnivore e-mail monitoring techniques to effectively obtain information from the very types of people it is designed to monitor.

Scarfo faces trial early next year on charges he ran an illegal gambling business that took in more than $2000 a day and that he used extortion to collect loans. ®

********************************************************************************

FBI chief Mueller lied to Senate about key-logging By Thomas C Greene in WashingtonPosted: 08/08/2001 at 18:59 GMT

New FBI chief Robert Mueller's testimony before the US Senate during his confirmation hearing last week, to the effect that he had no understanding of key-logging technology, sounded very wrong to us.

We were hoping that he was just exhibiting naivetÃ© when, under questioning from US Senator Maria Cantwell (Democrat, Washington State) about the FBI's prosecution of mobster Nicodemo Scarfo, Jr. by means of a black-bag job involving a key logger, Mueller claimed that he's "not familiar with that new technology, and [had] not had occasion to use it in [his] district."

We figured that little gem had to be either a bald-faced lie, or evidence of his technical incompetence and consequent unfitness to lead the FBI in the 21st Century.

Naturally, we all prefer honest incompetence to active deceit, and we were hoping that the second explanation would prove right; but we're sorry to report that we've got evidence that Mueller actually knows a great deal about key-logging technology.

If we consult the following advisory from the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University, we find that Mueller contributed to a report on the legalities of installing key-logging technology on a network.

The bulletin advises systems administrators that because key logging could be controversial (as the courts had yet to rule on its legality), it would be best to put a prominent banner warning users and intruders alike that their comings and goings will be monitored.

The bulletin is dated December 1992, revised September 1997. Clearly, Mueller has been well acquainted with the technology he told Congress he knows nothing about.

Obviously, in order to offer legal advice about key logging he would have to understand the technology quite well.

And even if he was splitting hairs during his confirmation, i.e., speaking of a very specific implementation of key-logging technology which he himself hasn't yet played with, he's still deceitful.

He might have been a man about it, and declined to answer on grounds that the technology in question is currently being tested in the courts -- that is, in the Scarfo case. At least he would have shown some spine. But by fobbing off the question with a lie, or with a split-hair statement calculated to mislead the Senate, he demonstrated that he's afraid of tough questions, and eager to take the coward's path out.

It's a sad symbol of his brand-new tenure, and a most horrible way to start it. ®

********************************************************************************