Posted on 01/05/2002 11:15:47 AM PST by Gimlet
THE FBI'S BLACK MAGIC? Ashcroft's New Attack on Civil Liberties
Knock, knock. Who's there? The FBI. The FBI who? The FBI who is working on a way to gain remote access to all you type on your computer so we won't have to say "knock, knock" in the future.
In mid-December, the FBI made a startling announcement that received scant attention. A spokesman for the bureau acknowledged it was developing a controversial Internet spying software -- code-named Magic Lantern -- that supposedly can surreptitiously enter an individual's personal computer, record every keystroke, and zap all this data back to the G-men and G-women.
Presto, the data-snoops at the bureau would have the target's computer passwords, the texts and addresses of all the e-mails written by him or her (even those angry e-mails drafted but never sent), a record of all the Internet traveling he or she did, copies of snail-mail correspondence, the contents of any diary kept, to-do lists, on-line banking information, memos, you-name-it -- anything typed into the computer, even if it were immediately deleted or trashed.
For weeks, rumors of this computer-search software had been buzzing throughout tech circles. In November, MSNBC first reported the FBI was developing a computer "virus" that would install "keylogging software" on a suspect's machine. But the bureau would neither confirm nor deny. Several software companies were asked by reporters if they were cooperating with the FBI by rigging their anti-virus detection programs to ignore Magic Lantern. Some firms offered conflicting replies; eventually all said they were not in league with the government. Then finally a FBI official named Paul Bresson publicly confirmed Magic Lantern was no illusion. "It's a workbench project" that has not yet been used, he told Reuters. And that was all he would reveal.
Magic Lantern would not entail a dramatic technological advance. As zdnet.com notes, "several hacking tools, the two most popular being Back Orifice and SubSeven, allow full control over a remote PC infected by the program, including keystroke logging." Still, it is a momentous law enforcement advance.
The software was born out of FBI frustration. In recent years, the electronic eavesdroppers of the bureau have been bedeviled by widely-available encryption programs. If the FBI gets a warrant to intercept the Internet communications of a suspect, it is screwed if that data has been encrypted, for the bureau does not have the resources to crack these sort of codes. It would be much easier to obtain the passwords used by a target and with those in hand de-encrypt the information. In at least one known case, the Feds, using a search warrant, gained physical access to the computer of an alleged loan shark and gangster who had utilized encryption to scramble information on his hard drive. The bureau planted keystroke-detection technology on the computer, uncovered his password and collected evidence against him. (In court, the FBI adamantly refused to disclose the specifics of its keystroke-snatching technology.)
Magic Lantern would replace the need for a black-bag job. Instead of agents breaking into a home or office to attach a keystroke logger, the software would creep in, perhaps via an e-mail that seems to come from a friend, and silently penetrate the computer. With Magic Lantern, the FBI would move beyond its controversial carnivore system, which is installed at an Internet service provider, reviews the data stream, and picks out e-mail and Web visits of specific account holders. Carnivore is like a policeman at a speed trap watching for suspected speeders. Magic Lantern is a cop who sneaks into the backseat of the car of a suspect and, unbeknown to the driver, rides along.
So there's a problem with this? Possibly. Magic Lantern could too easily lead to overly broad searches. Though its grail may be encryption passwords, agents will be able to snag anything typed on a keyboard. (The FBI in the days of old used to love to obtain the discarded typewriter ribbons of suspected criminals or commies. With the ribbons in hand, the bureau could read whatever had been written on the suspect's typewriter.) Viewers of "The Sopranos" might recall the episodes in which FBI agents wiretapped Tony's home. As is often the case, they were not allowed to record everything that went on in the house. The FBI team could only roll tape when it was clear T. was talking about illicit enterprises. That is because wiretaps are supposed to be narrowly aimed, not used like a Hoover (pun intended). Magic Lantern could end up being much too powerful a snoop.
"Because the tool involves covert installation of software on someone's PC with no physical intervention, it could conceivably allow law enforcement to circumvent wiretapping restrictions," Alex Salkever writes on Business Week Online. David Sobel, general counsel for the Electronic Privacy Information Center complains, "We don't know what this is capable of." "Will this software be open-source?" asks Lee Tien, a senior attorney for the Electronic Frontier Foundation. If it is not, the public will not have a clear picture of its capabilites. (Don't bet on the FBI opening such a potent weapon to scrutiny.)
The public may not even know when Magic Lantern is up and running, assuming the bureau's high tech wizards succeed. Perhaps it already is. And here's a scary thought: what if Magic Lantern fell into the wrong hands? Or what if the FBI's development and use of a particular software helped or encouraged corporations, individuals, or other governments (say, Beijing) to produce and exploit similar software? Who knows who will be slipping in and out of your computer.
In the Ashcroft era, it is easy to lose sight of a fundamental principle: not every government invasion of privacy has to be accepted, even if the government claims each one is a necessary tool for fighting the "evil ones." But when a war is under way, civil liberties tend to be trumped by national security concerns, real or imagined. For those who fret about Magic Lantern, the trendline is not encouraging. The "USA Patriot Act," quickly passed by Congress in October, included a provision that made it easier for the FBI to unleash Carnivore. The legislation allows agents to install it without petitioning a judge for a warrant, as long as they get an okay from a U.S. or state attorney general.
In a 1967 decision, the Supreme Court observed that "by its very nature eavesdropping involves an intrusion on privacy that is broad in scope" and that "few threats to liberty exist which are greater than those posed by the use of eavesdropping devices." Which means it is a government power to be used sparingly, as a last resort, and with extensive oversight. If Magic Lantern does become operational, tough regulations ought to be imposed. Judges should be tightfisted in signing warrants allowing the FBI to dispatch the software. If a warrant is signed, the snoopers should have to report to the judge often and provide full updates on how Magic Lantern is being used and what it is collecting. The target ought to be notified his or her computer has been penetrated shortly after the investigation ends. But because government wiretapping is a subject shrouded in great secrecy, it is usually difficult for the public to tell whether or not the rules governing it are being followed assiduously.
When Attorney General John Ashcroft appeared at a December 6 hearing of the Senate Judiciary Committee, Senator Maria Cantwell, a Democrat from Washington state, raised the subject of Magic Lantern. She noted that under the "USA Patriot Act" it was indeed possible Magic Lantern-like software could be employed in too sweeping a manner. She asked if Ashcroft would agree to meet four times a year with legislators to discuss how the government was utilizing intercept technologies like Carnivore and Magic Lantern. Ashcroft offered a noncommittal reply: "I welcome the opportunity for the [Justice] Department to work with you toward these objectives." In other words, "yeah, right."
Lee Tien has a good idea along these lines. He suggests there be "some kind of powerful independent counsel (like a police Internal Affairs department) that watches all this surveillance." Magic Lantern, he says, "goes far beyond tapping a line. Those of us who use computers have a lot of our lives on them. You use your computer to read, to think with. It's our virtual home, very much an extension of self." The government should invade this turf only in the most dire circumstances.
In that 1967 Supreme Court decision, the justices said it is conceivable a surveillance technology could be so risky, from a constitutional perspective, that the Fourth Amendment would prohibit the government from taking advantage of it. That's never happened, but Magic Lantern is a close candidate. This software would give the government the power to enter your most private space and record everything you write. With a war on -- so to speak -- Magic Lantern is not shining brightly on many radar screens. But it is a step toward Big Brotherhood that warrants reflection and debate before this software magic becomes mundane.
Perhaps thats the idea. FBI spread it as an element of a worldwide virus (complete with statements from the FBI and other government agencies). We would be none the wiser.
Im not saying they would do it this way, but its possible.
B61 Thermonuclear bomb
Pantex nuclear storage site
NSA, Fort Meade, Maryland
CIA, Langley, Virginia
NORAD
imminent attack
suitcase nuke
Waterford 3 nuclear power plant
South Texas Nuclear plant
Fortunately for some of us, we don't use the predominant operating system out there and thus have a bit more control over what comes in or out of our systems. This is not a fool-proof method of evading Fedgov's huge appetite for data though, it just makes it a little harder for them as it's harder to infect a properly configured BSD, Linux, or other OS that has user and system space separated properly.
I can tell you for certain that once the signatures of these probes are identified, I'll have them incorporated into my IDS and set up to make a =really= large racket when Fedgov probes are underway against someone on my network segment. The DOS (Denial Of Service) possibilities that will be opened up once the systems where keyboard logging info is sent will be funny to watch to say the least. There are a number of us nerds out there who going to do our best to throw monkey-wrenches into Fedgov attempts to monitor any unplusdoublebadthought that might be out here.
That's not even taking into account the incredibly poor way that most Fedgov (and stategov) networks are secured. Just wait until either citizens or hostile powers decide that what is good for the goose is also good for the gander.
I'm disappointed, but not suprised at all that Fedgov has come to the conclusion that their ability to ferret out information whenevewr they deem it necessary trumps any right to privacy that we, as citizens otherwise would have.
A couple weeks ago, I think my wife opened an e-mail attachment with a virus.
Now my ZoneAlarm never shuts down the net like it should, and every once in a while, I get a message...do you want to allow Windows Explorer to access the net?
Problem is, Wind Expl isn't even open.
Anyone have any ideas?
I don't really have a need for encryption and ultra privacy but, if I did, I'd do all of my composition and encryption on an off-line computer, copy the results to a disk and transmit it over the internet as an e-mail attachment. The only keystrokes detected would be those required to construct a bare-bones letter of transmittal, attach the file and transmit.
FD
Ever since my wife opened an e-mail attachment, something is holding my firewall open. Any ideas what it could be?
Im not saying they would do it this way, but its possible..."
I don't understand what you're saying here.
Honestly, no. It sounds as though something is wrong though.
I'm just a user of this technology, not an authority on it. We have some very competent people in our midst at FR who might be of much more help to you than I can be.
As a 'Zonealarm' user myself, I'd be interested to hear an authoritative reply to your question.
No worries. Essentially, I think it would be incredibly easy to get programs such as 'Magic Lantern' into computer operating systems.
Say... a new virus for example that spreads easily and quickly. Depends on how the program is written into the system, but we would never know its there.
If the operating system software were intentionally compromised with spyware, 'right out of the box' it might well be possible to get quite a base established before the inevitable happened, and it was discovered.
Of course, when such a thing were discovered, it would be a marketplace body-blow (if not death sentence) to the company that produced and distributed it.
And it's possible that remote tampering can be done to those users who use software like 'Outlook', with know vulnerabilities in this area... That's what I hear, anyway. I don't use it, or know anybody who does, but presumably there are some people who do.
My guess is that, if the computer operator observes proper security measures (no opening of e-mail attachments or file downloads, combined with the use of a firewall) while using the net and email, and the FBI doesn't 'black-bag' him, (obtain physical access to the machine and install spyware directly on it) that the technology doesn't (at least currently) exist to install spyware remotely onto that machine.
If there are those who differ in opinion, I'd be interested in their take on the specific methods and vulnerabilities that could be exploited to accomplish this.
Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.
Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.
Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.
No problem.
Actually, I'm surprised this thread isn't 60 posts long at this point, with solid information.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.