RE: virus: I take a stand...about the middle east

From: Blunderov (squooker@mweb.co.za)
Date: Sat Mar 16 2002 - 04:36:15 MST


[Violet wrote]
> That, and if they'd give me a gun to use on the Chimp and Big Daddy
> Cheney...

[puppetz [puppetz@excite.com]
Say it louder. I don't think that carnivore can hear you. Now this is really
a stupid remark. Last summer a dumbass on a bbs I read made similar comments
about Bush and received a visit from the Secret Service. Good luck.

[Blunderov]

With regard to “Carnivore” http://www.msnbc.com/news/660096.asp (accessed
16/03/2002) is worth perusing.

Additionally .Net Magazine (South African edition) had the following article
this month.

[Quote]
The Trojan truth is out there.
It’s been proven time and again that the Internet is the best place to
spread rumours and conspiracy theories and the FBI’s Magic Lantern project
is a fine example of this. With only the faintest whiff of evidence, it’s
been all over the IT press that a Trojan Horse – codenamed Magic Lantern –
is being developed by the FBI to plant keystroke-logging software on to
suspect criminals’ computers to get hold of their passwords to encrypted
material. The story was first broken on the MSNBC ( www.msnbc.com
<http://www.msnbc.com/> ) site in December last year and although the Feds
admitted there is a Magic Lantern project, they haven’t commented on what it
is all about. \.net\ contacted FBI spokesman Paul Bresson but he would only
give us this rather enigmatic comment: \We are not at liberty to talk about
the system and how it works. At this point, it’s a development project.
There have been news reports that have attempted to describe what it is, and
some of those press reports have been inaccurate. I’m not able to get into
what is and what isn’t. Because it’s a system which is under development, we
’re not prepared to discuss it publicly. In our opinion it is kind of
unfortunate that it got out there, and we don’t feel at all comfortable
talking about something we are developing.\

Hush, hush
So the FBI is working on something that it doesn’t want to talk about, which
isn’t surprising to hear from a law enforcement agency, although it has
admitted to using key logging software to get passwords for encrypted emails
in criminal investigations. The difference here is the idea that it’s
developing a Trojan Horse that it can email out to surreptitiously install
such software remotely. Technically it is perfectly plausible – indeed
Trojans already exist, such as BackOrifice, which could be used for this
very task.

Delving deeper into the world of conjecture, further unsubstantiated media
reports have suggested that the FBI has asked anti-virus firms not to
include detection procedures for Magic Lantern in their databases.

Given that there doesn’t seem to be any factual basis to the story, what are
the chances of the Feds coming up with such a plan? Denis Zenkin, head of
corporate communications at anti-virus firm Kaspersky labs, doesn’t think it
’s likely: \I don’t think the FBI is so stupid to make such a thing. They
should know that this Trojan can be obtained by hackers, this Trojan will be
included in anti-virus databases and anti-virus software, and I’m pretty
sure that even the worst terrorists use anti-virus software, so it is not an
effective way to track them.\

Malicious clones

There are a lot of problems with the Magic Lantern idea. First, if the FBI
does want anti-virus companies to disregard it’s Trojan, it will have to
give them the code. Once the code’s out in the open, it’s security will be
compromised and it will be a tough job to keep a handle on who’s got it.

We can also expect some malicious clones that masquerade as Magic Lantern.
We’ve already seen one – the Visual Basic Malantern Trojan that deletes
files in the Windows system directory. Next the whole idea has the potential
to initiate a major diplomatic spat. Other governments are unlikely to be
happy at the thought that the US could be spying on them, and there is every
chance that other countries will want to have their own Trojan keyloggers,
too.

For this reason, both Kaspersky Labs and security experts Sophos have said
they would not overlook Magic Lantern Software if it was developed.
According to Sophos’ Natasha Staley \Quite apart from the practical issues
there are also the ethical considerations. If a customer came to us asking
for protection we would provide it.\

Whether the FBI is developing this Trojan or not, there are so many problems
that it seems unlikely to get off the ground. Unless the US government
finds a way to force the anti-virus firms to co-operate, the Feds will have
to write some very clever code to prevent the whole project being condemned
to failure
[/quote]

[/Me] Blunderov is not so sanguine. Clever code can be written, especially
by an entity possessing great resources and considerable motivation to do
so. Also who, willingly, permits a bug to be placed in their environment?
Spooks are experts at using social, or whatever , engineering to place
surveillance devices of many sorts.

(I think that, given a sample of a given keyboard, it might even be possible
to determine keystrokes acoustically; ever notice how the space bar sounds
different to the others?)

To conclude: Dear Violet, do not be intimidated into moderating your
rhetoric. The administration that you are criticising demonstrates no such
restraint (\War on terror\, \axis of evil\, \you are with us or against us\
and ad nauseum) so why should you?

Fond regards

Blunderov



This archive was generated by hypermail 2.1.5 : Wed Sep 25 2002 - 13:28:45 MDT