FBI-virus software cracks encryption wall
Jei
jei at alpha.hut.fi
Tue Nov 27 08:37:45 EST 2001
Does anyone know if this software sends the logged traffic in clear-text
or does it use encryption to protect it from being intercepted? (If not,
unauthorized persons and hackers can sniff it and abuse it.) What if the
security is weak and breakable? Has the software been validated to be
secure and work correctly under all circumstances?
Does the FBI-virus come with multi-language support, or does it just crash
the computers (like IE does for the Finnish version of Windows computers)
and make them inoperable? (Lots of Microsoft software does this if you
install the wrong language version and you have to reinstall everything.
-> Can be several days of work.)
Also, now that the FBI has assumed global jurisdiction (can legally hack
foreigners), do they cover damages if the software in question causes the
computers to malfunction, become inoperable, destroys data, leaks
confidential data to outsiders, compromises the security of computers or
by malfunction just causes people not being able to work? A lot of damage
and error issues are possible, especially in situations where computers
need to have all their software validated.
Does the FBI cover the costs of rebuilding the security infrastructure
for example a company who's employee's user passwords were logged?
What about the loss of face for a security company, if FBI-virus has
breached their security, and FBI publishes that someone in the company
was logged?
Notable is also what kind of copyright does the FBI acknowledge for
the captured keys-strokes? Can they publish the information somewhere?
I just think that these issues need to be covered and answered clearly
to the general public.
Thanks.
http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
At least one antivirus software company, McAfee Corp., contacted the
FBI on Wednesday to ensure its software wouldn't inadvertently detect
the bureau's snooping software and alert a criminal suspect.
>http://www.msnbc.com/news/660096.asp?cp1=1
>
>FBI software cracks encryption wall
>
>'Magic Lantern' part of
>new 'Enhanced Carnivore Project'
>
>By Bob Sullivan
>MSNBC
>
>Nov. 20 - The FBI is developing software capable of
>inserting a computer virus onto a suspect's machine and
>obtaining encryption keys, a source familiar with the
>project told MSNBC.com. The software, known as "Magic
>Lantern," enables agents to read data that had been
>scrambled, a tactic often employed by criminals to hide
>information and evade law enforcement. The best snooping
>technology that the FBI currently uses, the controversial
>software called Carnivore, has been useless against suspects
>clever enough to encrypt their files.
>
>MAGIC LANTERN installs so-called "keylogging"
>
>software on a suspect's machine that is capable of capturing
>keystrokes typed on a computer. By tracking exactly what a
>suspect types, critical encryption key information can be
>gathered, and then transmitted back to the FBI, according to
>the source, who requested anonymity.
>
>The virus can be sent to the suspect via e-mail - perhaps
>sent for the FBI by a trusted friend or relative. The FBI
>can also use common vulnerabilities to break into a
>suspect's computer and insert Magic Lantern, the source
>said.
>
>Magic Lantern is one of a series of enhancements currently
>being developed for the FBI's Carnivore project, the source
>said, under the umbrella project name of Cyber Knight.
>
....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list