[DailyRotten] FBI requests worm-built password log

Steven M. Bellovin smb at research.att.com
Mon Dec 17 18:31:16 EST 2001 

In message <Pine.GSO.3.96.1011217132546.27456B-100000 at crypto>, "Jay D. Dyson" w
rites:
>On Mon, 17 Dec 2001, Will Rodger wrote:
>
>> > > But the interplay with MagicLantern and PatriotAct issues is
>> > > thought-provoking...
>> >
>> > Actually, this is nothing new.  The boys at the Bureau have a long
>> > history of requesting data to which they have no genuine legal right
>> > of access.  Their original requests -- with few exceptions -- bank on
>> > ignorance of due process.
>> 
>> Why is anyone surprised law enforcement would want this data? In order
>> to investigate the crime in the first place, law enforcement needs to
>> know what the crackers stole. 
>
>	I guess you can consider me puzzled as to this claim.  The FBI
>isn't interested in what was stolen.  The forensic analyses of the worm's
>functions will tell you in a generic sense the answer to that question. 
>What the boys at the Bureau want is the lump sum of victims' stolen
>information.
>
>	To use an analogy[1], if a neighborhood burglar makes off with my
>videocamera, all the LEAs and their LEOs need to know is the description
>and serial number of the product so it can be identified as mine.  They
>don't need to know the contents of the tape in the videocamera in order to
>demonstrate that criminal action occurred in the taking of said camera. 

Well, recovered stolen property is generally considered evidence.  
Looking at that file provides evidence that the worm *did* steal 
passwords, and not just that it was capable of doing so according to 
some complex analysis.  (For many worms, there is often considerable 
uncertainly about exactly what they can and cannot do.  Besides, do you 
want to try to explain "decompiling" to a jury?)

Perhaps more on target, possession of those passwords does *not*, as 
far as I can tell, change the FBI's legal ability to, for example, read 
someone's email.  They'd still need a court order under your favorite 
statute.  At most, I suspect that they could use information in that 
file as evidence of improper possession of a password by one of the 
worm's victims.  Not good if you're the improper possessor -- but also 
not an extension of the FBI's abilities or authority.  

The implication of the original claim was that the FBI wanted these 
passwords so that they could surreptiously read email without bothering 
with Magic Lantern or Carnivore.  Maybe -- but doing so without 
authorization is just as illegal with passwords as via a tailored 
Trojan horse.  (Well, maybe the latter would constitute a violation of 
18 USC 1030, the Computer Fraud and Abuse Act.  I think the former 
would, too, plus it would violate 18 USC 1029:  use of a counterfeit 
access device.)

The only thing these passwords would do is make the entry easier.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list