Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

FBI software cracks encryption wall
MSNBC ^ | November 20, 2001 | Bob Sullivan

Posted on 11/20/2001 2:03:16 PM PST by testforecho

The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as “Magic Lantern,” enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files.

MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity.

The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.

Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight.

MENTIONED IN UNCLASSIFIED DOCUMENTS

The FBI released a series of unclassified documents relating to Carnivore last year in response to a Freedom of Information Act request filed by the Electronic Privacy Information Center. The documentation was heavily redacted — most information was blacked out. They included a document describing the "Enhanced Carnivore Project Plan,” which was almost completely redacted. According to the anonymous source, redacted portions of that memo mention Cyber Knight, which he described as a database that sorts and matches data gathered using various Carnivore-like methods from e-mail, chat rooms, instant messages and Internet phone calls. It also matches the files with the necessary encryption keys.

MSNBC.com repeatedly contacted the FBI to discuss this story. However, after three business days the FBI was still requesting more time before commenting. MSNBC.com has filed a Freedom of Information Act request with the bureau.

Word of the FBI’s new software comes on the heels of a major victory for the use of Carnivore. The USA Patriot Act, passed last month, made it a little easier for the bureau to deploy the software. Now agents can install it simply by obtaining an order from a U.S. or state attorney general — without going to a judge. After-the-fact judicial oversight is still required.

FBI HAS ALREADY STOLEN KEYS

If Magic Lantern is in fact used to steal encryption keys, it would not be the first time the FBI has employed such a tactic. Just last month, in an affidavit filed by Deputy Assistant Director Randall Murch in U.S. District Court, the bureau admitted using keylogging software to steal encryption keys in a recent high-profile mob case. Nicodemo Scarfo was arrested last year for loan sharking and running a gambling racket. During their investigation, Murch wrote in his affidavit, FBI agents broke into Scarfo’s New Jersey office and installed encryption-key-stealing software on the suspect’s machine. The key was later used to decrypt critical evidence in the case.

Magic Lantern would take the method used in Scarfo one step further, allowing agents to “break in” to a suspect’s office and install keylogging software remotely. But in both cases, the software works the same way.

It watches for a suspect to start a popular encryption program called Pretty Good Privacy. It then logs the passphrase used to start the program, essentially given agents access to keys needed to decrypt files.

Encryption keys are unbreakable by brute force, but the keys themselves are only protected by the passphrase used to start the Pretty Good Privacy program, similar to a password used to log on to a network. If agents can obtain that passphrase while typed into a computer by its owner, they can obtain the suspect’s encryption key — similar to obtaining a key to a lock box which contains a piece of paper that includes the combination for a safe.

BREAKING NEW GROUND

David Sobel, attorney for the Electronic Privacy Information Center and outspoken critic of Carnivore, did not outright reject the notion of a Magic-Lantern-style project, but raised several cautions.

“This is breaking new ground for law enforcement, to be planting viruses on target computers,” Sobel said. “It raises a new set of issues that neither Congress nor the courts have ever dealt with.”

Stealing encryption keys could be touchy ground for federal investigators, who have always fretted openly about encryption’s ability to help criminals and terrorists hide their work. During the Clinton administration, the FBI found itself on the losing side of a lengthy public debate about the federal government’s ability to circumvent encryption tools. The most recently rejected involved so-called key escrow — all encryption keys would have been stored by the government for emergency recall.

LEVELS PLAYING FIELD WITH CRIMINALS

A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic Lantern, as described to him by MSNBC.com, was considerably more palatable than key escrow.

“Citizens should have ability to keep their files and e-mails safe from bureaucratic prying eyes. But this would only be usable against a limited set of people. It’s not as troubling as saying the government should have all the keys,” said the Armey spokesperson. He also said Magic Lantern didn’t raise the same Fourth Amendment concerns regarding search and seizure as Carnivore, because Magic Lantern apparently targets one suspect at a time. Armey, an outspoken Carnivore critic, has complained about the potential for the FBI’s Internet sniffing software to capture too much data as packets fly by headed for a suspect — known in the legal world as an “overly broad” search.

Sobel was concerned that the keylogging software itself could result in overly broad searches, since it would be possible to observe every keystroke entered by a suspect, even if a court order specified a search only for encryption keys. Developers in the Scarfo case went to some trouble to limit the data stored by the keylogging software installed on Scarfo’s computer, shutting the system on and off in an attempt to comply with the court order, according to Murch’s affidavit. But given the confusion surrounding keylogging and encryption, and the mystery surrounding projects like Carnivore, Sobel said he’s worried about the bureau’s use of software that hasn’t been clearly explained to the public or the Congress.

“It is a matter of what protections are in place. At this point, the best documented case is Scarfo, and that raises concerns,” he said. “The federal magistrate who approved the technology in Scarfo had no understanding of what this thing was. I hope there can be meaningful oversight (for Magic Lantern).”


TOPICS: Crime/Corruption; Extended News; News/Current Events
KEYWORDS: microsoft; privacylist; techindex
Navigation: use the links below to view more comments.
first 1-2021-4041-6061 next last
Interesting concept. They use known Windows problems to get to your data.
1 posted on 11/20/2001 2:03:16 PM PST by testforecho
[ Post Reply | Private Reply | View Replies]

To: *Microsoft; *tech_index
indexing
2 posted on 11/20/2001 2:14:08 PM PST by testforecho
[ Post Reply | Private Reply | To 1 | View Replies]

To: testforecho
This is breaking new ground for law enforcement, to be planting viruses on target computers

I give this idiocy a lifetime of four and a half hours after the first antivirus package has caught the FBI with its pants down in a criminal act. I'd also guess that that same AV package (particularly non-Aamerican ones) will enjoy a boost in stock value. What the FBI will enjoy I shudder to even think about.

The "Magic Lantern" concept is so old hat it isn't even interesting - criminals have been trying to get some mileage from this since 1992. At least. And get smacked down every time :).

3 posted on 11/20/2001 2:15:33 PM PST by Cachelot
[ Post Reply | Private Reply | To 1 | View Replies]

To: testforecho
Laptop or second pc running Linux, and not connected to the internet, with the encryption software on it. Encrypt, then sneakernet to the internet connected computer for transmission. Duh.
4 posted on 11/20/2001 2:20:33 PM PST by tacticalogic
[ Post Reply | Private Reply | To 1 | View Replies]

To: testforecho
I'm not an expert, but I've read that a message encrypted on one machine, saved as a file on a floppy disk as a .doc or .txt file and then transferred for emailing or use to another machine defeats this form of surveillance.

There was something additional regarding the encryption key or decryption process. I can’t remember the details. (or the source) at this point.

5 posted on 11/20/2001 2:22:34 PM PST by DWSUWF
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cachelot
I give this idiocy a lifetime of four and a half hours after the first antivirus package has caught the FBI with its pants down in a criminal act.

Problem is that LEO's will never be able to hire the best and brightest, and even if they could, there is always a backdoor, what do they think we are anyway, accountants?

6 posted on 11/20/2001 2:24:48 PM PST by TightSqueeze
[ Post Reply | Private Reply | To 3 | View Replies]

To: testforecho
FBI discovers keyloggers?
7 posted on 11/20/2001 2:27:50 PM PST by milestogo
[ Post Reply | Private Reply | To 1 | View Replies]

To: testforecho
....“This is breaking new ground for law enforcement, to be planting viruses on target computers,”...

Wasn't this issue addressed with the new Patriot Act? As in life imprisonment? Perhaps the FBI should read the bill lest they be considered domestic terrorists. :-)

8 posted on 11/20/2001 2:34:01 PM PST by Protect the Bill of Rights
[ Post Reply | Private Reply | To 1 | View Replies]

To: testforecho
It is very easy to defeat the "keylogging" of passwords. Is called copy and paste (Ctrl C & Crtl V)!
9 posted on 11/20/2001 2:36:51 PM PST by webster
[ Post Reply | Private Reply | To 1 | View Replies]

To: tacticalogic
Laptop or second pc running Linux, and not connected to the internet, with the encryption software on it. Encrypt, then sneakernet to the internet connected computer for transmission. Duh.

What is sneakernet?

10 posted on 11/20/2001 2:44:31 PM PST by Nita Nupress
[ Post Reply | Private Reply | To 4 | View Replies]

To: webster
It is very easy to defeat the "keylogging" of passwords. Is called copy and paste (Ctrl C & Crtl V)!

I'm so proud of myself. Even a dumb blonde figured this one out before getting to the end of the article!

Surely they have a solution to the "cut & paste," ya think?!

11 posted on 11/20/2001 2:47:06 PM PST by Nita Nupress
[ Post Reply | Private Reply | To 9 | View Replies]

To: Nita Nupress
What is sneakernet?

Old term. Before we had networked PC's people would exchange files by copying them to a diskette and hand-carrying the diskette to another computer. Hence the name sneaker-net.

12 posted on 11/20/2001 2:48:11 PM PST by tacticalogic
[ Post Reply | Private Reply | To 10 | View Replies]

To: DistantVoice
fyi
13 posted on 11/20/2001 2:48:21 PM PST by Nita Nupress
[ Post Reply | Private Reply | To 1 | View Replies]

To: tacticalogic
Thanks.
14 posted on 11/20/2001 2:50:03 PM PST by Nita Nupress
[ Post Reply | Private Reply | To 12 | View Replies]

To: Nita Nupress
What is sneakernet?

It is a method of network communications invented by a guy known only as "Trannie" ;)

15 posted on 11/20/2001 2:50:14 PM PST by WhiteKnuckles
[ Post Reply | Private Reply | To 10 | View Replies]

To: Nita Nupress
"Sneakernet" means physically carrying copies of media with the information from computer to computer.

IMO, the use of key logging is legitimate if authorized by a specific warrant for the interception of a suspect's e-mail communitcations. The fact that the Feds have to install something on the target's machine (which takes manpower, and could get them caught red-handed if they do it illegally) serves as a check against the sort of secret blanket surveillance which is possible with systems of the Carnivore type.

16 posted on 11/20/2001 2:50:28 PM PST by steve-b
[ Post Reply | Private Reply | To 10 | View Replies]

To: testforecho
it won't work. within a week of the fbi virus's development there will be scanning software available to locate the fbi virus. you would scan your pc before you opened pgp...
17 posted on 11/20/2001 2:53:18 PM PST by go star go
[ Post Reply | Private Reply | To 1 | View Replies]

To: Nita Nupress
Actually, they do--because they don't count actual keystrokes, they parse the value entered into the user ID and password fields, regardless of source--just like Windows does.
18 posted on 11/20/2001 2:53:55 PM PST by Poohbah
[ Post Reply | Private Reply | To 11 | View Replies]

To: Protect the Bill of Rights
"Wasn't this issue addressed with the new Patriot Act? As in life imprisonment? Perhaps the FBI should read the bill lest they be considered domestic terrorists. :-)"

PBR, Nah. Not the FBI, or any other of godgov's favored alphabets. Only you and me. If "they're" acting "in good faith" {belief}, the criminal bill of the early '90s prohibits "their" prosecution. Or, EVEN being responsible at any level. Criminal Bill indeed. Peace and love, George.

19 posted on 11/20/2001 2:54:00 PM PST by George Frm Br00klyn Park
[ Post Reply | Private Reply | To 8 | View Replies]

To: WhiteKnuckles
Never heard of him. ;-)
20 posted on 11/20/2001 2:55:30 PM PST by Nita Nupress
[ Post Reply | Private Reply | To 15 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson