[DailyRotten] FBI requests worm-built password log

R. A. Hettinga rah at shipwright.com
Mon Dec 17 15:20:51 EST 2001

--- begin forwarded text

Status:  U
From: "Gordon Mohr" <gojomo at usa.net>
To: <fork at xent.com>
Subject: [DailyRotten] FBI requests worm-built password log
Date: Mon, 17 Dec 2001 12:06:29 -0800
Sender: fork-admin at xent.com
List-Id: Friends of Rohit Khare <fork.xent.com>


I can see legitimate reasons for wanting the log: tracing
the progression/origin of the worm, or notifying the victims.

But the interplay with MagicLantern and PatriotAct issues
is thought-provoking...

# December 17, 2001
# FBI wants access to worm's pilfered data
# The FBI is asking for access to a massive database that contains the
# private communications and passwords of the victims of the Badtrans
# Internet worm. Badtrans spreads through security flaws in Microsoft
# mail software and transmits everything the victim types. Since
# November 24, Badtrans has violated the privacy of millions of
# Internet users, and now the FBI wants to take part in the spying.
# Victims of Badtrans are infected when they receive an email
# containing the worm in an attachment and either run the program by
# clicking on it, or use an email reader like Microsoft Outlook which
# may automatically run it without user intervention. Once executed,
# the worm replicates by sending copies of itself to all other email
# addresses found on the host's machine, and installs a keystroke-
# logger capable of stealing passwords including those used for
# telnet, email, ftp, and the web. Also captured is anything else the
# user may be typing, including personal documents or private emails.
# Coincidentally, just four days before the breakout of Badtrans it
# was revealed that the FBI was developing their own keystroke-logging
# virus, called Magic Lantern. Made to complement the Carnivore spy
# system, Magic Lantern would allow them to obtain target's passwords
# as they type them. This is a significant improvement over Carnivore,
# which can only see data after it has been transmitted over the
# Internet, at which point the passwords may have been encrypted.
# After Badtrans pilfers keystrokes the data is sent back to one of
# twenty-two email addresses (this is according to the FBI-- leading
# anti-virus vendors have only reported seventeen email addresses).
# Among these are free email addresses at Excite, Yahoo, and
# IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains,
# a San Francisco based independent Internet Service Provider.
# In particular, suck_my_prick at ijustgotfired.com began receiving
# emails at 3:23 PM on November 24. Triggering software automatically
# disabled the account after it exceeded quotas, and began saving
# messages as they arrived. The following day, MonkeyBrains' mail
# server was sluggish. Upon examination of the mail server's logs, it
# quickly became apparent that 100 emails per minute to the
# "suck_my_prick" alias were the source of the problem. The mails
# delivered the logged keystrokes from over 100,000 compromised
# computers in the first day alone.
# Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker,
# Jr., and requested a cloned copy of the password database and
# keylogged data. The database includes only information stolen from
# the victims of the virus, not information about the perpetrator. The
# FBI wants indiscriminant access to the illegally extracted passwords
# and keystrokes of over two million people without so much as a
# warrant. Even with a warrant they would have to specify exactly what
# information they are after, on whom, and what they expect to find.
# Instead, they want it all and for no justifiable reason.
# One of the most basic tenets of an authoritarian state is one that
# claims rights for itself that it denies its citizens. Surveillance
# is perhaps one of the most glaring examples of this in our society.
# Accordingly, rather than hand over the entire database to the FBI,
# MonkeyBrains has decided to open the database to the public. Now
# everyone (including the FBI) will be able query which accounts have
# been compromised and search for their hostnames. Password and
# keylogged data will not be made available, for obvious legal
# reasons.
# The implications of complying with the FBI's request, absent any
# legal authority, are staggering. This is information that no one,
# not even the FBI, could legally gather themselves. The fact that
# they seek to take advantage of this worm and benefit from its
# illicit spoils, demonstrates the FBI's complete and utter contempt
# for constitutionally mandated due process and protection from
# unreasonable search and seizure. It defies reason that the FBI
# expects the American people to trust them to only look at certain
# permissible nuggets of data and ignore the rest of what they
# collect. One need only imagine what J. Edgar Hoover would do with
# today's expansive surveillance system, coupled with the new powers
# granted by the Patriot Act, to appreciate the Orwellian nightmare
# that the United States is becoming. The last thing the FBI should
# have is a spying Internet worm, and it looks like they've found one.
# Welcome to the Magic Lantern.
# --------------------------------------------------------------------
# ------------
# The database is available at http://badtrans.monkeybrains.net
# [Editor's note: Rudy Rucker, Jr. contributed to this story, he was
# also visited by the Secret Service last summer regarding his fan
# site of President Bush's daughters at TheFirstTwins.com.]


--- end forwarded text

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list