[iwar] [fc:Warning:.We.know.what.you're.typing.(and.so.does.the.FBI)]

From: Fred Cohen (fc@all.net)
Date: 2001-12-06 16:47:52


Return-Path: <sentto-279987-4029-1007686064-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 06 Dec 2001 16:49:09 -0800 (PST)
Received: (qmail 15629 invoked by uid 510); 7 Dec 2001 00:48:09 -0000
Received: from n7.groups.yahoo.com (216.115.96.57) by all.net with SMTP; 7 Dec 2001 00:48:09 -0000
X-eGroups-Return: sentto-279987-4029-1007686064-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.165] by n7.groups.yahoo.com with NNFMP; 07 Dec 2001 00:47:43 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_2); 7 Dec 2001 00:47:44 -0000
Received: (qmail 68055 invoked from network); 7 Dec 2001 00:47:44 -0000
Received: from unknown (216.115.97.167) by m11.grp.snv.yahoo.com with QMQP; 7 Dec 2001 00:47:44 -0000
Received: from unknown (HELO red.all.net) (12.232.125.69) by mta1.grp.snv.yahoo.com with SMTP; 7 Dec 2001 00:47:43 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fB70lqt31970 for iwar@onelist.com; Thu, 6 Dec 2001 16:47:52 -0800
Message-Id: <200112070047.fB70lqt31970@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 6 Dec 2001 16:47:52 -0800 (PST)
Subject: [iwar] [fc:Warning:.We.know.what.you're.typing.(and.so.does.the.FBI)]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Warning: We know what you're typing (and so does the FBI) 
Robert Vamosi, ZDNet Reviews, 12/6/2001
<a href="http://www.zdnet.com/anchordesk/stories/story/0,10738,2829781,00.html">http://www.zdnet.com/anchordesk/stories/story/0,10738,2829781,00.html>

What if every keystroke you typed was recorded? Programs that do this
have existed for years, and are often traded on shadowy Web sites.
Alone, they are mere curiosities, but when coupled with Trojan horses
that send the data over the Internet, these so-called keystroke loggers
allow malicious users to steal your passwords and credit card numbers. 
Now the U.S. government wants to use similar keystroke-logging-enabled
Trojan horses in the war against terrorism, and two U.S. antivirus
companies have announced they'll look the other way. 
SIMPLY PUT, a keystroke logging program is a memory application that
records every keystroke a user makes on a given computer. Most keystroke
loggers record the application name, the time and date the application
was opened, and the keystrokes associated with that application. For
example, when you open Outlook and write an e-mail, the keystroke logger
would record your e-mail address, the subject line, and any body text
you type. 
Some keystroke loggers are advertised as child-protection programs, as
they allow parents to see which sites their children have visited, or
what their children typed during online chats. Keystroke loggers are
also advertised as a means for companies to "assess" their employees'
work habits. But this technology gets really pernicious when a malicious
user couples it with a Trojan horse, as was the case with the recent
Badtrans.B worm. 
Often, keystroke loggers track what you type in popular Web browsers.
Lately, though, new loggers record the passphrase you enter into
encryption programs such as PGP. The passphrase is a series of words
that access your encryption key. Once malicious users obtain your
passphrase, they can use your encryption key, and therefore decrypt any
information you have encrypted. 
THE U.S. GOVERNMENT wants to use these encryption-keystroke loggers to
find criminals and terrorists. In a recent and highly publicized loan
shark and racketeering case in New York, FBI agents obtained information
using an encryption-keystroke logger placed on computers in suspected
mobster Nicodemo Scarfo's New Jersey office. According to MSNBC, agents
did so by breaking into the Scarfo office and individually installing
the logger on each computer. (I'll leave the question of whether or not
the government should be able to "steal" encryption keys for another
column.) 
Code-named "Magic Lantern," the bureau's new project would essentially
create a government-sanctioned Internet worm that would self-install
encryption-keystroke loggers on chosen computers. Agents would still
need to obtain a court order before "infecting" someone, however the
U.S. Patriot Act passed in October requires authorization only from a
state or U.S. attorney general at first; a judge's order isn't needed
until later. One method of distributing the encryption-keystroke loggers
involves having a friend or relative of the person under investigation
send him or her an infected e-mail. Of course, this could only happen if
the suspect's antivirus program didn't first detect the FBI's Trojan
horse. 
SO FAR, Symantec and Network Associates have said their software will
not detect the presence of this FBI Trojan horse. It should be noted
that antivirus products already exclude some files from their scans,
though none are as powerful as Magic Lantern. No antivirus software
vendors outside the U.S have weighed in on this matter yet. 
Shane Coursen, a SecurityFocus columnist and CEO of WildList
Organization International, a group that tracks viruses in the wild,
predicts that any such collusion with the FBI might begin the downfall
of U.S. antivirus software maker's dominance worldwide. I think the real
danger lurks in the FBI borrowing a page from a malicious user's
notebook. Even if every antivirus vendor in the world agreed to exclude
the FBI's Trojan, the shadow Web sites already used by malicious users
would start hosting custom Magic Lantern detection programs. Once such a
tool is available, the FBI's magic would be useless. 
Should the FBI be allowed to use keystroke loggers to fight terrorism?
Should antivirus companies look the other way? TalkBack to me!

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Promise to Quit
Nicotrol will help
http://us.click.yahoo.com/5vN8tD/AqSDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST