Posted on 12/05/2001 12:19:03 PM PST by MeekOneGOP
Wednesday December 05 09:14 AM EST
What if every keystroke you typed was recorded? Programs that do this have existed for years, and are often traded on shadowy Web sites. Alone, they are mere curiosities, but when coupled with Trojan horses that send the data over the Internet, these so-called keystroke loggers allow malicious users to steal your passwords and credit card numbers.
|
||||||||||||||||||||||||||
SIMPLY PUT, a keystroke logging program is a memory application that records every keystroke a user makes on a given computer. Most keystroke loggers record the application name, the time and date the application was opened, and the keystrokes associated with that application. For example, when you open Outlook and write an e-mail, the keystroke logger would record your e-mail address, the subject line, and any body text you type.
Some keystroke loggers are advertised as child-protection programs, as they allow parents to see which sites their children have visited, or what their children typed during online chats. Keystroke loggers are also advertised as a means for companies to "assess" their employees' work habits. But this technology gets really pernicious when a malicious user couples it with a Trojan horse, as was the case with the recent Badtrans.B worm.
Often, keystroke loggers track what you type in popular Web browsers. Lately, though, new loggers record the passphrase you enter into encryption programs such as PGP. The passphrase is a series of words that access your encryption key. Once malicious users obtain your passphrase, they can use your encryption key, and therefore decrypt any information you have encrypted.
THE U.S. GOVERNMENT wants to use these encryption-keystroke loggers to find criminals and terrorists. In a recent and highly publicized loan shark and racketeering case in New York, FBI (news - web sites) agents obtained information using an encryption-keystroke logger placed on computers in suspected mobster Nicodemo Scarfo's New Jersey office. According to MSNBC, agents did so by breaking into the Scarfo office and individually installing the logger on each computer. (I'll leave the question of whether or not the government should be able to "steal" encryption keys for another column.)
Code-named "Magic Lantern," the bureau's new project would essentially create a government-sanctioned Internet worm that would self-install encryption-keystroke loggers on chosen computers. Agents would still need to obtain a court order before "infecting" someone, however the U.S. Patriot Act passed in October requires authorization only from a state or U.S. attorney general at first; a judge's order isn't needed until later. One method of distributing the encryption-keystroke loggers involves having a friend or relative of the person under investigation send him or her an infected e-mail. Of course, this could only happen if the suspect's antivirus program didn't first detect the FBI's Trojan horse.
SO FAR, Symantec and Network Associates have said their software will not detect the presence of this FBI Trojan horse. It should be noted that antivirus products already exclude some files from their scans, though none are as powerful as Magic Lantern. No antivirus software vendors outside the U.S have weighed in on this matter yet.
Shane Coursen, a SecurityFocus columnist and CEO of WildList Organization International, a group that tracks viruses in the wild, predicts that any such collusion with the FBI might begin the downfall of U.S. antivirus software maker's dominance worldwide. I think the real danger lurks in the FBI borrowing a page from a malicious user's notebook. Even if every antivirus vendor in the world agreed to exclude the FBI's Trojan, the shadow Web sites already used by malicious users would start hosting custom Magic Lantern detection programs. Once such a tool is available, the FBI's magic would be useless.
Should the FBI be allowed to use keystroke loggers to fight terrorism? Should antivirus companies look the other way? TalkBack to me!
In short, this will quickly be a waste of government our money.
Paranoia strikes deep.........!
I don't want to downplay the danger that this may pose, but my experience as an employee of a Federal agency is that the computer people at our agency have major amounts of trouble recovering what we WANT them to recover (i.e, lost work).
Even if all our keystrokes were logged by the FBI, there is no way they can read even a micro-fraction of it all. I mean, I would have trouble just reading and filing all the things that I write each day! The FBI would probably need to employ 25,000,000 agents if they wanted to read everything that was being typed on computers. And this is probably a conservative estimate. Assuming a $50,000 salary (including fringe) per agent, that would create an astonishing payroll of $1,250,000,000,000. That's 1.25 quadrillion dollars for the zero-impaired. Not to mention all the office space and equipment they would need, which would easily triple the surveillance budget to nearly 4 quadrillion dollars per year.
Well, good! Now WE know that YOU know how WE feel about YOU! @!$#&%$#*%#$!!!!
LOL! I made mine contribution yestidey. That's funny, Tex! Thanks.
"Pssst! Hey, Lewie. . .didja git all that, now??"
;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.