[DailyRotten] FBI requests worm-built password log
Steven M. Bellovin
smb at research.att.com
Mon Dec 17 18:31:16 EST 2001
In message <Pine.GSO.3.96.1011217132546.27456B-100000 at crypto>, "Jay D. Dyson" w
rites:
>On Mon, 17 Dec 2001, Will Rodger wrote:
>
>> > > But the interplay with MagicLantern and PatriotAct issues is
>> > > thought-provoking...
>> >
>> > Actually, this is nothing new. The boys at the Bureau have a long
>> > history of requesting data to which they have no genuine legal right
>> > of access. Their original requests -- with few exceptions -- bank on
>> > ignorance of due process.
>>
>> Why is anyone surprised law enforcement would want this data? In order
>> to investigate the crime in the first place, law enforcement needs to
>> know what the crackers stole.
>
> I guess you can consider me puzzled as to this claim. The FBI
>isn't interested in what was stolen. The forensic analyses of the worm's
>functions will tell you in a generic sense the answer to that question.
>What the boys at the Bureau want is the lump sum of victims' stolen
>information.
>
> To use an analogy[1], if a neighborhood burglar makes off with my
>videocamera, all the LEAs and their LEOs need to know is the description
>and serial number of the product so it can be identified as mine. They
>don't need to know the contents of the tape in the videocamera in order to
>demonstrate that criminal action occurred in the taking of said camera.
Well, recovered stolen property is generally considered evidence.
Looking at that file provides evidence that the worm *did* steal
passwords, and not just that it was capable of doing so according to
some complex analysis. (For many worms, there is often considerable
uncertainly about exactly what they can and cannot do. Besides, do you
want to try to explain "decompiling" to a jury?)
Perhaps more on target, possession of those passwords does *not*, as
far as I can tell, change the FBI's legal ability to, for example, read
someone's email. They'd still need a court order under your favorite
statute. At most, I suspect that they could use information in that
file as evidence of improper possession of a password by one of the
worm's victims. Not good if you're the improper possessor -- but also
not an extension of the FBI's abilities or authority.
The implication of the original claim was that the FBI wanted these
passwords so that they could surreptiously read email without bothering
with Magic Lantern or Carnivore. Maybe -- but doing so without
authorization is just as illegal with passwords as via a tailored
Trojan horse. (Well, maybe the latter would constitute a violation of
18 USC 1030, the Computer Fraud and Abuse Act. I think the former
would, too, plus it would violate 18 USC 1029: use of a counterfeit
access device.)
The only thing these passwords would do is make the entry easier.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list