Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"

R. A. Hettinga rah at shipwright.com
Tue Nov 20 18:33:43 EST 2001 

Everyone remember First Virtual's Nat Borenstein's "major discovery" of the
keyboard logger?

Cheers,
RAH

-----



http://www.msnbc.com/news/660096.asp

FBI software cracks encryption wall

'Magic Lantern' part of new 'Enhanced Carnivore Project'

By Bob Sullivan
MSNBC

Nov. 20 - The FBI is developing software capable of inserting a computer
virus onto a suspect's machine and obtaining encryption keys, a source
familiar with the project told MSNBC.com. The software, known as "Magic
Lantern," enables agents to read data that had been scrambled, a tactic
often employed by criminals to hide information and evade law enforcement.
The best snooping technology that the FBI currently uses, the controversial
software called Carnivore, has been useless against suspects clever enough
to encrypt their files.


		       MAGIC LANTERN installs so-called "keylogging" software on
a suspect's machine that is capable of capturing keystrokes typed on a
computer. By tracking exactly what a suspect types, critical encryption key
information can be gathered, and then transmitted back to the FBI,
according to the source, who requested anonymity.
       The virus can be sent to the suspect via e-mail - perhaps sent for
the FBI by a trusted friend or relative. The FBI can also use common
vulnerabilities to break into a suspect's computer and insert Magic
Lantern, the source said.
       Magic Lantern is one of a series of enhancements currently being
developed for the FBI's Carnivore project, the source said, under the
umbrella project name of Cyber Knight.



		       The FBI released a series of unclassified documents
relating to Carnivore last year in response to a Freedom of Information Act
request filed by the Electronic Privacy Information Center. The
documentation was heavily redacted - most information was blacked out. They
included a document describing the "Enhanced Carnivore Project Plan," which
was almost completely redacted. According to the anonymous source, redacted
portions of that memo mention Cyber Knight, which he described as a
database that sorts and matches data gathered using various Carnivore-like
methods from e-mail, chat rooms, instant messages and Internet phone calls.
It also matches the files with the necessary encryption keys.



	       MSNBC.com repeatedly contacted the FBI to discuss this story.
However, after three business days the FBI was still requesting more time
before commenting. MSNBC.com has filed a Freedom of Information Act request
with the bureau.
       Word of the FBI's new software comes on the heels of a major victory
for the use of Carnivore. The USA Patriot Act, passed last month, made it a
little easier for the bureau to deploy the software. Now agents can install
it simply by obtaining an order from a U.S. or state attorney general -
without going to a judge. After-the-fact judicial oversight is still
required.
       
FBI HAS ALREADY STOLEN KEYS

		       If Magic Lantern is in fact used to steal encryption keys,
it would not be the first time the FBI has employed such a tactic. Just
last month, in an affidavit filed by Deputy Assistant Director Randall
Murch in U.S. District Court, the bureau admitted using keylogging software
to steal encryption keys in a recent high-profile mob case. Nicodemo Scarfo
was arrested last year for loan sharking and running a gambling racket.
During their investigation, Murch wrote in his affidavit, FBI agents broke
into Scarfo's New Jersey office and installed encryption-key-stealing
software on the suspect's machine. The key was later used to decrypt
critical evidence in the case.


       Magic Lantern would take the method used in Scarfo one step further,
allowing agents to "break in" to a suspect's office and install keylogging
software remotely. But in both cases, the software works the same way.
       It watches for a suspect to start a popular encryption program
called Pretty Good Privacy. It then logs the passphrase used to start the
program, essentially given agents access to keys needed to decrypt files.
       Encryption keys are unbreakable by brute force, but the keys
themselves are only protected by the passphrase used to start the Pretty
Good Privacy program, similar to a password used to log on to a network. If
agents can obtain that passphrase while typed into a computer by its owner,
they can obtain the suspect's encryption key - similar to obtaining a key
to a lock box which contains a piece of paper that includes the combination
for a safe.
       
BREAKING NEW GROUND

		       David Sobel, attorney for the Electronic Privacy
Information Center and outspoken critic of Carnivore, did not outright
reject the notion of a Magic-Lantern-style project, but raised several
cautions.
       "This is breaking new ground for law enforcement, to be planting
viruses on target computers," Sobel said. "It raises a new set of issues
that neither Congress nor the courts have ever dealt with."
       Stealing encryption keys could be touchy ground for federal
investigators, who have always fretted openly about encryption's ability to
help criminals and terrorists hide their work. During the Clinton
administration, the FBI found itself on the losing side of a lengthy public
debate about the federal government's ability to circumvent encryption
tools. The most recently rejected involved so-called key escrow - all
encryption keys would have been stored by the government for emergency
recall.
       
LEVELS PLAYING FIELD WITH CRIMINALS
       A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic
Lantern, as described to him by MSNBC.com, was considerably more palatable
than key escrow.


       "Citizens should have ability to keep their files and e-mails safe
from bureaucratic prying eyes. But this would only be usable against a
limited set of people. It's not as troubling as saying the government
should have all the keys," said the Armey spokesperson. He also said Magic
Lantern didn't raise the same Fourth Amendment concerns regarding search
and seizure as Carnivore, because Magic Lantern apparently targets one
suspect at a time. Armey, an outspoken Carnivore critic, has complained
about the potential for the FBI's Internet sniffing software to capture too
much data as packets fly by headed for a suspect - known in the legal world
as an "overly broad" search.
       Sobel was concerned that the keylogging software itself could result
in overly broad searches, since it would be possible to observe every
keystroke entered by a suspect, even if a court order specified a search
only for encryption keys. Developers in the Scarfo case went to some
trouble to limit the data stored by the keylogging software installed on
Scarfo's computer, shutting the system on and off in an attempt to comply
with the court order, according to Murch's affidavit. But given the
confusion surrounding keylogging and encryption, and the mystery
surrounding projects like Carnivore, Sobel said he's worried about the
bureau's use of software that hasn't been clearly explained to the public
or the Congress.
       "It is a matter of what protections are in place. At this point, the
best documented case is Scarfo, and that raises concerns," he said. "The
federal magistrate who approved the technology in Scarfo had no
understanding of what this thing was. I hope there can be meaningful
oversight (for Magic Lantern)."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list