FBI Eavesdropping

TomPaine.com ^ | David Corn

[Gimlet]

I know David Corn is a left winger but he's not crazy. I have been looking for a conservative analysis of this attack on freedom. (Any leads for me out there?) I don't know about any of the rest of you but this stuff worries me.

[agitator]

While not impossible to detect, it's difficult - even for people that know what they're looking for. The device drivers, running processes, and potential information files techniques like these use or generate can be hidden from all but the most technically aware. People with "always-on" internet connections like DSL or cable modems are especially vulnerable because the information generated from operations like this will automatically be leaked out of their systems to the remote listener.

[DWSUWF]

How would they be able to infect your machine with their spyware if you use a firewall and maintain a policy against downloading all attachments to emails?

[klee]

How would they be able to infect your machine with their spyware if you use a firewall and maintain a policy against downloading all attachments to emails?.

Perhaps thats the idea. FBI spread it as an element of a worldwide virus (complete with statements from the FBI and other government agencies). We would be none the wiser.

Im not saying they would do it this way, but its possible.

[ASTM366]

Dear ECHELON AND FBI eavesdroppers - Please send me an email if you have picked up the transmission of these "key" words from my computer to FreeRepublic:

B61 Thermonuclear bomb

Pantex nuclear storage site

NSA, Fort Meade, Maryland

CIA, Langley, Virginia

NORAD

imminent attack

suitcase nuke

Waterford 3 nuclear power plant

South Texas Nuclear plant

[zeugma]

I too would appreciate some well thought out responses to these new technical advances the FBI is attempting to make use of. To those of us involved in securing internet-connected computers for a living, having the government spreading viri/trojans that monitor keyboard or other activity on a computer is truely frightening. This is especially true when one takes into account the waffeling of the major anti-virus companies on whether or not their software would be designed to detect these intrusions or not.

Fortunately for some of us, we don't use the predominant operating system out there and thus have a bit more control over what comes in or out of our systems. This is not a fool-proof method of evading Fedgov's huge appetite for data though, it just makes it a little harder for them as it's harder to infect a properly configured BSD, Linux, or other OS that has user and system space separated properly.

I can tell you for certain that once the signatures of these probes are identified, I'll have them incorporated into my IDS and set up to make a =really= large racket when Fedgov probes are underway against someone on my network segment. The DOS (Denial Of Service) possibilities that will be opened up once the systems where keyboard logging info is sent will be funny to watch to say the least. There are a number of us nerds out there who going to do our best to throw monkey-wrenches into Fedgov attempts to monitor any unplusdoublebadthought that might be out here.

That's not even taking into account the incredibly poor way that most Fedgov (and stategov) networks are secured. Just wait until either citizens or hostile powers decide that what is good for the goose is also good for the gander.

I'm disappointed, but not suprised at all that Fedgov has come to the conclusion that their ability to ferret out information whenevewr they deem it necessary trumps any right to privacy that we, as citizens otherwise would have.

[MadRobotArtist]

Next thing you know, they'll be having all e-mail going through government servers, then charging us for e-mail. It's coming, watch and wait and see.

[copycat]

I have always-on cable modem. I'm running ZoneAlarm, set to shut down after 5 minutes inactive, along with booting down whenever off for longer periods.

A couple weeks ago, I think my wife opened an e-mail attachment with a virus.

Now my ZoneAlarm never shuts down the net like it should, and every once in a while, I get a message...do you want to allow Windows Explorer to access the net?

Problem is, Wind Expl isn't even open.

Anyone have any ideas?

[davisfh]

Just about everyone has an older computer that's capable of doing word processing and even encryption.

I don't really have a need for encryption and ultra privacy but, if I did, I'd do all of my composition and encryption on an off-line computer, copy the results to a disk and transmit it over the internet as an e-mail attachment. The only keystrokes detected would be those required to construct a bare-bones letter of transmittal, attach the file and transmit.

FD

[copycat]

How would they be able to infect your machine with their spyware if you use a firewall and maintain a policy against downloading all attachments to emails?

Ever since my wife opened an e-mail attachment, something is holding my firewall open. Any ideas what it could be?

[DWSUWF]

"...Perhaps thats the idea. FBI spread it as an element of a worldwide virus (complete with statements from the FBI and other government agencies). We would be none the wiser.

Im not saying they would do it this way, but its possible..."

I don't understand what you're saying here.

[DWSUWF]

"...Ever since my wife opened an e-mail attachment, something is holding my firewall open. Any ideas what it could be?..."

Honestly, no. It sounds as though something is wrong though.

I'm just a user of this technology, not an authority on it. We have some very competent people in our midst at FR who might be of much more help to you than I can be.

As a 'Zonealarm' user myself, I'd be interested to hear an authoritative reply to your question.

[copycat]

I'll ping you if I learn anything.

[DWSUWF]

Thanks.

[klee]

I don't understand what you're saying here.

No worries. Essentially, I think it would be incredibly easy to get programs such as 'Magic Lantern' into computer operating systems.

Say... a new virus for example that spreads easily and quickly. Depends on how the program is written into the system, but we would never know its there.

[DWSUWF]

"...No worries. Essentially, I think it would be incredibly easy to get programs such as 'Magic Lantern' into computer operating systems..."

If the operating system software were intentionally compromised with spyware, 'right out of the box' it might well be possible to get quite a base established before the inevitable happened, and it was discovered.

Of course, when such a thing were discovered, it would be a marketplace body-blow (if not death sentence) to the company that produced and distributed it.

And it's possible that remote tampering can be done to those users who use software like 'Outlook', with know vulnerabilities in this area... That's what I hear, anyway. I don't use it, or know anybody who does, but presumably there are some people who do.

My guess is that, if the computer operator observes proper security measures (no opening of e-mail attachments or file downloads, combined with the use of a firewall) while using the net and email, and the FBI doesn't 'black-bag' him, (obtain physical access to the machine and install spyware directly on it) that the technology doesn't (at least currently) exist to install spyware remotely onto that machine.

If there are those who differ in opinion, I'd be interested in their take on the specific methods and vulnerabilities that could be exploited to accomplish this.

[klee]

Fair one.

Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.

[klee]

Fair one.

Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.

[klee]

Fair one.

Could you please ping me if someone comes up with the info? Id like to know the answers to your questions.

[DWSUWF]

"...Could you please ping me if someone comes up with the info? Id like to know the answers to your questions..."

No problem.

Actually, I'm surprised this thread isn't 60 posts long at this point, with solid information.