Return-Path: <sentto-279987-4085-1008655994-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 17 Dec 2001 22:15:08 -0800 (PST) Received: (qmail 21465 invoked by uid 510); 18 Dec 2001 06:13:22 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 18 Dec 2001 06:13:22 -0000 X-eGroups-Return: sentto-279987-4085-1008655994-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.190] by n22.groups.yahoo.com with NNFMP; 18 Dec 2001 06:13:14 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 18 Dec 2001 06:13:14 -0000 Received: (qmail 59496 invoked from network); 18 Dec 2001 06:13:14 -0000 Received: from unknown (216.115.97.172) by m4.grp.snv.yahoo.com with QMQP; 18 Dec 2001 06:13:14 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta2.grp.snv.yahoo.com with SMTP; 18 Dec 2001 06:13:13 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBI6EH906241 for iwar@onelist.com; Mon, 17 Dec 2001 22:14:17 -0800 Message-Id: <200112180614.fBI6EH906241@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 17 Dec 2001 22:14:17 -0800 (PST) Subject: [iwar] [fc:FBI.wants.access.to.worm's.pilfered.data] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit December 17, 2001 FBI wants access to worm's pilfered data A ROTTEN.COM EXCLUSIVE <a href="http://www.dailyrotten.com/articles/archive/189387.html">http://www.dailyrotten.com/articles/archive/189387.html> The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. Since November 24, Badtrans has violated the privacy of millions of Internet users, and now the FBI wants to take part in the spying. Victims of Badtrans are infected when they receive an email containing the worm in an attachment and either run the program by clicking on it, or use an email reader like Microsoft Outlook which may automatically run it without user intervention. Once executed, the worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords including those used for telnet, email, ftp, and the web. Also captured is anything else the user may be typing, including personal documents or private emails. Coincidentally, just four days before the breakout of Badtrans it was revealed that the FBI was developing their own keystroke-logging virus, called Magic Lantern. Made to complement the Carnivore spy system, Magic Lantern would allow them to obtain target's passwords as they type them. This is a significant improvement over Carnivore, which can only see data after it has been transmitted over the Internet, at which point the passwords may have been encrypted. After Badtrans pilfers keystrokes the data is sent back to one of twenty-two email addresses (this is according to the FBI-- leading anti-virus vendors have only reported seventeen email addresses). Among these are free email addresses at Excite, Yahoo, and IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains, a San Francisco based independent Internet Service Provider. In particular, <a href="mailto:suck_my_prick@ijustgotfired.com?Subject=Re:%20(ai)%20Interesting.....FBI%20wants%20access%20to%20worm's%20pilfered%20data%2526In-Reply-To=%2526lt;B843C1BC.1FCFD%25rforno@infowarrior.org">suck_my_prick@ijustgotfired.com</a> began receiving emails at 3:23 PM on November 24. Triggering software automatically disabled the account after it exceeded quotas, and began saving messages as they arrived. The following day, MonkeyBrains' mail server was sluggish. Upon examination of the mail server's logs, it quickly became apparent that 100 emails per minute to the "suck_my_prick" alias were the source of the problem. The mails delivered the logged keystrokes from over 100,000 compromised computers in the first day alone. Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker, Jr., and requested a cloned copy of the password database and keylogged data. The database includes only information stolen from the victims of the virus, not information about the perpetrator. The FBI wants indiscriminant access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant. Even with a warrant they would have to specify exactly what information they are after, on whom, and what they expect to find. Instead, they want it all and for no justifiable reason. One of the most basic tenets of an authoritarian state is one that claims rights for itself that it denies its citizens. Surveillance is perhaps one of the most glaring examples of this in our society. Accordingly, rather than hand over the entire database to the FBI, MonkeyBrains has decided to open the database to the public. Now everyone (including the FBI) will be able query which accounts have been compromised and search for their hostnames. Password and keylogged data will not be made available, for obvious legal reasons. The implications of complying with the FBI's request, absent any legal authority, are staggering. This is information that no one, not even the FBI, could legally gather themselves. The fact that they seek to take advantage of this worm and benefit from its illicit spoils, demonstrates the FBI's complete and utter contempt for constitutionally mandated due process and protection from unreasonable search and seizure. It defies reason that the FBI expects the American people to trust them to only look at certain permissible nuggets of data and ignore the rest of what they collect. One need only imagine what J. Edgar Hoover would do with today's expansive surveillance system, coupled with the new powers granted by the Patriot Act, to appreciate the Orwellian nightmare that the United States is becoming. The last thing the FBI should have is a spying Internet worm, and it looks like they've found one. Welcome to the Magic Lantern. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Unlimited calling with 3-way conferencing. Only $1/Mo. with CrystalVoice! FREE trial. Click Here. http://us.click.yahoo.com/Hb1xVB/HxbDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST