DOCSLIB.ORG

The FBI's “Magic Lantern” Shines Bright

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The FBI's “Magic Lantern” Shines Bright The FBI’s “Magic Lantern” Shines Bright Submitted by: Marylebone Media Relations Tuesday, 11 December 2001 The FBI’s latest cloak-and-dagger tool has attracted the attention of virus writers Cambridge UK, 11th December 2001 – The rumours surrounding the US Federal Bureau of Investigation’s developing of its own Trojan program, Magic Lantern, has drawn interest from the computer underground. On December 10, it was discovered that a seventeen-year-old Argentinean hacker, going by the pseudonym of “Agentlinux,” has developed a Trojan that poses as the widely advertised Magic Lantern. We remind readers that in mid-November, MSNBC reported that the FBI has begun developing its latest spy program that will allow the Bureau to discover and crack PGP encoded messages sent by suspects under investigation. Magic Lantern is a classic keystroke-tracking bug that FBI authorities, by logging a suspect’s keystrokes and transmitting them to a secret file, could use to decipher encoded files and messages containing supposed evidence. The FBI has yet to comment about the Magic Lantern program, but, according to ZDNet, two US-based anti-virus developers, McAfee and Symantec, have already decided not to include detection procedures for Magic Lantern in their databases, causing varying reactions amongst users. As previously mentioned, December 10 witnessed the appearance of a Trojan program that masks itself as Magic Lantern. “Malantern” (the Trojan’s given name) is a very simplistic malicious program written in Visual Basic. Upon start up, Malantern deletes files in the Windows temporary directory (C:WINDOWSTEMP) and all .SYS files in the Windows system drivers directory (C:WINDOWSSYSTEMDRIVERS). “So far, we haven’t registered any reports of incidents caused by Malantern. However, it isn’t important that the program isn’t spreading. What is necessary to realise is that with the appearance of the official ‘Lantern,’ virus writers won’t wait long to release numerous clones,” commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. “In addition, the possibility that the original Trojan version could end up in the hands of hackers cannot be excluded. In this case, hackers could use Magic Lantern as a means to their own ends.” For this reason, the refusal of anti-virus developers to include detection procedures for Magic Lantern could cause a large epidemic leading to unpredictable consequences. At this time, Kaspersky Lab has not received any confirmation about Magic Lantern’s existence or the FBI’s intention to develop such a program. In this case, we view these rumours as they are – just rumours without any basis in fact. Defence procedures thwarting Malantern have already been added to the Kaspersky Anti-Virus database. A more detailed description of this malicious program can be found in the Kaspersky Virus Encyclopaedia. Page 1 About Kaspersky Lab Kaspersky Lab Int. is a fast growing privately owned data-security software development company with offices in Moscow (Russia), Cambridge (United Kingdom) and Pleasanton (United States). Founded in 1997, the company concentrates its efforts on the development of world-leading data-security technologies and software. The company's flagship software product is Kaspersky Anti-Virus that provides comprehensive virus protection for a wide spectrum of customers from home users to enterprise-wide networks (Windows, Linux, Unix, Novell NetWare, OS/2, MS Exchange Server, Lotus Notes/Domino, Sendmail, Qmail, Postfix, Exim, CVP-compatible firewalls, Web-servers). Kaspersky Labs markets, distributes and supports its software and services in more than 50 countries worldwide. Media Contacts Denis Zenkin Kaspersky Lab Phone: +7 (095) 797 87 00 E-mail: [email protected] WWW: http://www.kaspersky.com Media Contact for Kaspersky Lab Sara Claridge Marylebone Media Relations Tel: 01344 876558 Email: [email protected] Web Site: http://www.marylebone.co.uk Page 2 Distributed via Press Release Wire (https://pressreleases.responsesource.com/) on behalf of Marylebone Media Relations Copyright © 1999-2021 ResponseSource, The Johnson Building, 79 Hatton Garden, London, EC1N 8AW, UK e: [email protected] t: 020 3426 4051 f: 0345 370 7776 w: https://www.responsesource.com.
Load more

Recommended publications
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    JUNE 2011 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT 2128 ADDRESSES Education, education, education ‘Under IPv6, spammers could send out one piece of spam per IPv6 address, discard it and then move on to the next address for the next 10,000 years and 3 NEWS never need to re-use a previous address.’ Terry Zink explains why mail providers are not thrilled about Standalone comparatives using IPv6 to handle email. Apple adds daily defi nition checks page 4 Mobile insecurity CLASSES OF BROWSER MALWARE Aditya Sood and Richard Enbody propose a 3 VIRUS PREVALENCE TABLE taxonomy of browser malware with the aim to provide a better insight into the techniques and tactics used. FEATURES page 8 4 Digging through the problem of IPv6 and email 20 YEARS OF EICAR 8 A browser malware taxonomy Eddy Willems reports 13 New targeted attack via Google Images on some of the topics, debates and research presented 16 CONFERENCE REPORT at the EICAR 2011 conference. EICAR 2011: A 20th anniversary in Austria page 16 18 END NOTES & NEWS ISSN 1749-7027 COMMENT ‘In the fi ght While the perpetual debate about the effi cacy of user education runs on, a clear IT security policy in the against cybercrime workplace, along with guidance on how to adhere to knowledge can be such a policy, is surely one of the most basic steps an a very powerful organization can take to help safeguard its systems. Ensuring that employees understand their responsibilities weapon.’ – and that they are fully aware of the ramifi cations for any breaches of the policy – are also important factors.
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    APRIL 2007 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT FUTURE TESTING Magical lights shine on you What lies ahead for anti-virus testing programmes with the introduction of new protection schemes that move away from scanner-based detection? 3 NEWS Richard Ford and Attila Ondi look to the future of VB2007 programme revealed AV testing. Third round for US anti-spyware bill page 6 ESTABLISHED RESPONSIBILITIES 3 VIRUS PREVALENCE TABLE Who is responsible when a person uses a computer that is infected with malicious software? Can the user be liable even when unaware of the infestation? 4 VIRUS ANALYSIS Can the user be liable even if they do not own or Wormhole attacks Solaris station control the computer? Patrick Knight considers what is needed to achieve justice in the digital age. page 9 FEATURES 6 Testing times ahead? VB100 ON LINUX 9 (In)justice in the digital age In this month’s VB100 test John Hawes April 2007 put 16 AV products through their paces on SUSE Linux. Find out how each of 11 COMPARATIVE REVIEW them fared. Novell SUSE Linux Enterprise Server 10 page 11 22 END NOTES & NEWS This month: anti-spam news & events, and Martin Overton catalogues some of the changes that have been seen in the 419 scam over the last few years. ISSN 1749-7027 COMMENT ‘The anti-malware is unwanted), thus revealing the presence of the trojan to the user. This would put the evidence gathering at risk: a industry has the criminal who detects a surveillance trojan on his habit of developing system would likely then delete all the evidence before the investigators have obtained it.
    [Show full text]
  • Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy?
    Federal Communications Law Journal Volume 55 Issue 2 Article 7 3-2003 Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy? Matthew Parker Voors Indiana University School of Law Follow this and additional works at: https://www.repository.law.indiana.edu/fclj Part of the Administrative Law Commons, Communications Law Commons, Internet Law Commons, and the Law and Economics Commons Recommended Citation Voors, Matthew Parker (2003) "Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy?," Federal Communications Law Journal: Vol. 55 : Iss. 2 , Article 7. Available at: https://www.repository.law.indiana.edu/fclj/vol55/iss2/7 This Note is brought to you for free and open access by the Law School Journals at Digital Repository @ Maurer Law. It has been accepted for inclusion in Federal Communications Law Journal by an authorized editor of Digital Repository @ Maurer Law. For more information, please contact [email protected]. VOORS FINAL 3/6/2003 11:20 AM NOTE Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy? Matthew Parker Voors* I. INTRODUCTION ............................................................................ 332 II. HISTORY OF ENCRYPTION............................................................ 335 A. What Is Encryption? ............................................................. 335 B. Background on Encryption................................................... 337 C. Recent Encryption Advancements ........................................ 338 D. Use of Encryption by Business and the Service Industry ..... 339 E. Use of Encryption by Terrorist Organizations ..................... 340 III. ENCRYPTION REGULATION OVER THE LAST DECADE ................. 343 A. The Struggle Between National Security and an Evolving Global Economy ..................................................................
    [Show full text]
  • A Brief History of Law Enforcement Hacking in the United States
    SAYAKO QUINLAN AND ANDI WILSON A BRIEF HISTORY OF LAW ENFORCEMENT HACKING IN THE UNITED STATES SEPTEMBER 2016 About the Authors About the Cybersecurity Initiative The Internet has connected us. Yet the policies and Sayako Quinlan is a former intern at New America's debates that surround the security of our networks are Cybersecurity Initiative, where she researched incidents too often disconnected, disjointed, and stuck in an around government hacking and the landscape for unsuccessful status quo. This is what New America’s cyber capacity building. She is a junior at Georgetown Cybersecurity Initiative is designed to address. Working University's School of Foreign Service, majoring in Science, across our International Security program and the Open Technology, and International Affairs with a concentration Technology Institute, we believe that it takes a wider in Business Growth and Development. She is pursuing a network to face the multitude of diverse security issues. career in cybersecurity. We engage across organizations, issue areas, professional fields, and business sectors. And through events, writing Andi Wilson is a policy analyst at New America’s Open and research, our aim is to help improve cybersecurity in Technology Institute, where she researches and writes ways that work—for the countries, for companies and for about the relationship between technology and policy. individuals. With a specific focus on cybersecurity, Andi is currently working on issues including encryption, vulnerabilities Our work is made possible through the generous support equities, surveillance, and internet freedom. of the William and Flora Hewlett Foundation, the Arizona State University, Microsoft Corporation, Symantec Inc., The Acknowledgments Home Depot, Endgame Inc., and Facebook.
    [Show full text]
  • TROJAN & CO. Surveillance Technologies and Export Controls
    TROJAN & CO. Surveillance technologies and export controls CILD - ITALIAN COALITION FOR CIVIL LIBERTIES AND RIGHTS via Monti di Pietralata, 16 – 00157 ROME - cild.eu - [email protected] Surveillance technologies and export controls Index 3 The scenario: instruments which have long been invisible 7 Italy, a country of surveillance 9 The European panorama 12 Focus: Italian exports 14 Towards a new European regulatory framework? CILD - ITALIAN COALITION FOR CIVIL LIBERTIES AND RIGHTS via Monti di Pietralata, 16 – 00157 ROME - cild.eu - [email protected] Surveillance technologies and export controls rojans – otherwise known as spyware – are powerful and invasive instruments that have been secretly used for years by many governments T for the purpose of surveillance. In addition to these instruments, which hack individual devices to control their communications, the mass surveillance of digital activities is carried out by systems that monitor Internet traffic or through electronic devices like IMSI-catchers, which are used to track mobile telephones in a particular area. And if the risk of abuse is extreme in non-democratic countries, in democratic countries the status and use of similar technologies remains ambiguous. Italy and the European Union, however, are now finally trying to regulate some of these instruments. Considered the potential for regulations within the computer and telecommunications network security context to have negative consequences upon individuals and IT security research, regulatory measures that achieve the right balance can be particularly challenging. “Tracking and controlling exports is crucial for accountability and minimisation of the threats of uncontrolled trade in advanced surveillance capabilities used for security, law enforcement, and espionage.
    [Show full text]
  • Computer Security for the Average Activist
    Computer security isnt a compli- COMPUTER SECURITY cated concept... its really just a mat- ter of simple procedures you can FOR THE AVERAGE ACTIVIST follow to guard your personal data. Use the following tips to keep your files safe! Keep your passwords secure! Beware of your e-mail! Look > NEVER give your passwords before you open... out to anyone, un- > AVOID opening files that come attached to less you are giving it to an authentic your e-mail, unless you absolutely know what that tech support per- file contains, who it is from, and if it can be shown son or network ad- to not contain any virus or trojan horse pro- ministrator, and grams. Use a virus scanner when possible to ONLY if they have scan any attachments before opening them. a legitimate rea- son--always be skeptical when > BEWARE of suspicious looking messages. If you people ask for your receive a message from someone you dont rec- password. ognize, avoid opening it, especially if it has a ques- tionable subject line. Many new worms (a type >DONT use simple passwords. Avoid easy to guess pass- words like the names of friends, family, pets, or birth- of computer virus) can unleash themselves on your days. Also avoid using common words for passwords. The system just by reading an e-mail... you dont even best passwords combine numbers, letters, and assorted have to open an attachment. The risks other characters (like the following: @!$%*&, etc.) when of this can be avoided by turning possible. The best passwords are random combinations off any scripting features in your of these things and are at the very least 8 characters long.
    [Show full text]
  • Are Corporate Information Assets, in the Midst of Dynamic Technological and Infrastructural Advances, Best Secured by Legal Or Self-Help Remedies?
    SCHWARTZ - PUBLISH EIC FINAL EDIT WITH AUTHOR CHANGES.DOC 12/30/2003 1:38 PM ARE CORPORATE INFORMATION ASSETS, IN THE MIDST OF DYNAMIC TECHNOLOGICAL AND INFRASTRUCTURAL ADVANCES, BEST SECURED BY LEGAL OR SELF-HELP REMEDIES? I.INTRODUCTION........................................................................ 165 II.MODERN INCARNATIONS OF TRADE SECRET THEFT .............. 166 A. Federal Surveillance and Disclosure Generally ....... 167 1. Is Computer Surveillance Subject to the Electronic Communications Privacy Act of 1986? .................................................................... 168 2. Key Logger Systems and Similar Technologies... 171 3. National Security and Intellectual Property ....... 173 4. The Electronic Communications Protection Act.. 173 5. The Homeland Security Act................................. 175 B. Private Surveillance and Trade Secret Theft ........... 175 C. Losing Trade Secrets Via the Internet ...................... 176 1. Documents on the Internet and the Prior Restraint Doctrine................................................ 176 2. Court Documents Containing Trade Secrets....... 178 D. United States Trade Secret Provisions ..................... 180 1. Common Law Trade Secret and The Uniform Trade Secrets Act ................................................. 180 2. The Economic Espionage Act............................... 181 E. International Trade Secret Provisions ..................... 183 1. World Intellectual Property Organization and the Paris Convention...........................................
    [Show full text]
  • The “Magic Lantern” Revealed: a Report of the FBI's
    The John Marshall Journal of Information Technology & Privacy Law Volume 20 Issue 2 Journal of Computer & Information Law Article 4 - Winter 2002 Winter 2002 The “Magic Lantern” Revealed: A Report of the FBI’s New “Key Logging” Trojan and Analysis of Its Possible Treatment in a Dynamic Legal Landscape, 20 J. Marshall J. Computer & Info. L. 287 (2002) Neal Hartzog Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Neal Hartzog, The “Magic Lantern” Revealed: A Report of the FBI’s New “Key Logging” Trojan and Analysis of Its Possible Treatment in a Dynamic Legal Landscape, 20 J. Marshall J. Computer & Info. L. 287 (2002) https://repository.law.uic.edu/jitpl/vol20/iss2/4 This Comments is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. THE "MAGIC LANTERN" REVEALED: A REPORT OF THE FBI'S NEW "KEY LOGGING" TROJAN AND ANALYSIS OF ITS POSSIBLE TREATMENT IN A DYNAMIC LEGAL LANDSCAPE "You already have zero privacy anyway. Get over it."' Although this quip from Sun Microsystems CEO Scott McNealy seems extreme, it strongly illustrates the current tension between the power of technology and an individual's expectation of privacy.2 This tension creates an in- cessant struggle, because for power of surveillance technology to in- crease, privacy must decrease, and vice versa.
    [Show full text]
  • Anglo-American Privacy and Surveillance
    Georgetown University Law Center Scholarship @ GEORGETOWN LAW 2006 Anglo-American Privacy and Surveillance Laura K. Donohue Georgetown University Law Center, [email protected] Georgetown Public Law and Legal Theory Research Paper No. 12-030 © 2006 by Northwestern University School of Law This paper can be downloaded free of charge from: https://scholarship.law.georgetown.edu/facpub/790 http://ssrn.com/abstract=2020411 96 J. of Crim. L. & Criminology 1059-1208 (2006) This open-access article is brought to you by the Georgetown Law Library. Posted with permission of the author. Follow this and additional works at: https://scholarship.law.georgetown.edu/facpub Part of the Comparative and Foreign Law Commons, Military, War, and Peace Commons, and the National Security Law Commons 0091-4169/06/9603-1059 THE JOURNAL OF CRIMINAL LAw &CRIMINOLOGY Vol. 96. No. 3 Copyright 0 2006 by Northwestern University. School of Law Printed in U.S.A. CRIMINAL LAW ANGLO-AMERICAN PRIVACY AND SURVEILLANCE LAURA K. DONOHUE· TABLE OF CONTENTS INTRODUCTION ................ ....... ................ ..................... .......................... 1061 . .. I. SURVEILLANCE AND THE LAW IN THE UNITED STATES .......... ...... 1064 A. REASONABLE EXPECTATION OF PRIVACY ............................ 1 065 B. NATIONAL SECURITY AND SURVEILLANCE .......................... 1072 1. TheRed Scare ......... .. ...... ...... ............ ........ .... .. _ . ...................... 1073 2. Title III. ........... ....... ............... ......... ... .... ... ............
    [Show full text]
  • Examining the Encryption Threat Jason Siegfried Christine Siedsma Bobbie-Jo Countryman Chester D
    International Journal of Digital Evidence Winter 2004, Volume 2, Issue 3 Examining the Encryption Threat Jason Siegfried Christine Siedsma Bobbie-Jo Countryman Chester D. Hosmer Computer Forensic Research and Development Center Abstract This paper is the result of an intensive six-month investigation into encryption technologies conducted at the Computer Forensic Research & Development Center (CFRDC) at Utica College. A significant number of encryption applications were collected and cataloged. A roadmap for the identification of the unique characteristics of encrypted file formats was created. A number of avenues were explored and the results documented. The actual process is not outlined comprehensively due to proprietary needs; however, the following briefly details the process and the significance of our findings. Introduction In 2001, a firestorm of controversy erupted in the case of United States V. Nicodemo Scarfo Jr. At issue was the use of Carnivore, a covert key-logging tool that had been the subject of much scrutiny, and its sophisticated successor, Magic Lantern. Because the suspect used advanced encryption technology, law enforcement had to use a sniffing keystroke logging tool. The legal and covert deployment of carnivore and magic Lantern caused many law-abiding citizens to feel that the time of the Orwellian coined term, “Big Brother” had arrived. However, it became evident that law enforcement was unable to decrypt and access encrypted data. The Scarfo case concerning law enforcement’s need for such tactics as Carnivore or Magic Lantern produced fear in law abiding citizens and demonstrated that law enforcement did not have, nor currently has, a better option. Law enforcement is currently at the mercy of criminal or terrorist entities that employ sophisticated encryption applications.
    [Show full text]
  • The Spider's Parlor: Government Malware on the Dark
    AUCOIN (FINAL) (DO NOT DELETE) 6/3/2018 1:31 PM The Spider’s Parlor: Government Malware on the Dark Web KALEIGH E. AUCOIN* The United States government’s use of what it refers to as “Network Investigative Tools,” presents several constitutional and privacy-related issues. Revelations stemming from the use of these NITsa form of malwarewarrant a difficult discussion on the conflict between public transparency and the level of secrecy required to maintain effective law enforcement. It is especially difficult to focus upon this concern in the context of investigations tackling child pornography, given the unforgiveable nature of crimes against children, and the dire need to apprehend predators. However, the real unease is regarding how online surveillance is conducted, rather than that it is conducted at all. The problem is that unlike certain other forms of technology (for example, phones), there is currently no statutory framework in place to guide law enforcement, the courts, or the public for government hacking. This Note seeks to convey the importance of remaining unblinded by the ends and careful with the means so as not to conflate the significance of the need to capture serious offenders with the justification of ignoring civil liberties. * J.D., University of California, Hastings College of the Law, 2018. I must direct a thousand “thank you”s to Professor Ahmed Ghappour for his indispensable assistance in the creation of this Note, and express endless gratitude to Professor Stefano Moscato for his unparalleled mentorship and guidance throughout my law school career. I also want to thank my teammates on the Hastings Law Journal for all their hard work in bringing this Note to print.
    [Show full text]
  • Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy?
    VOORS FINAL 3/6/2003 11:20 AM NOTE Encryption Regulation in the Wake of September 11, 2001: Must We Protect National Security at the Expense of the Economy? Matthew Parker Voors* I. INTRODUCTION ............................................................................ 332 II. HISTORY OF ENCRYPTION............................................................ 335 A. What Is Encryption? ............................................................. 335 B. Background on Encryption................................................... 337 C. Recent Encryption Advancements ........................................ 338 D. Use of Encryption by Business and the Service Industry ..... 339 E. Use of Encryption by Terrorist Organizations ..................... 340 III. ENCRYPTION REGULATION OVER THE LAST DECADE ................. 343 A. The Struggle Between National Security and an Evolving Global Economy ................................................................... 344 B. Regulation of Encryption Through Export Restrictions ....... 344 C. Attempts to Regulate Encryption Domestically .................... 345 * J.D. candidate, 2003, Indiana University School of Law—Bloomington. I would like to thank my family and friends for their love and support. Special thanks to Teresa Melton, without whom this Note would not have been possible. I would also like to dedicate this Note to my father, who recently passed away. Although he is no longer with me, his words of strength and encouragement always will be. 331 VOORS FINAL 3/6/2003 11:20 AM 332 FEDERAL COMMUNICATIONS LAW JOURNAL [Vol. 55 IV. THE EFFECT OF ENCRYPTION REGULATIONS: WOULD REGULATIONS STOP TERRORISM OR HURT THE ECONOMY?....... 346 V. LEADING THE WAY WITH ITS MAGIC LANTERN: DOES NEW TECHNOLOGY DEVELOPED BY THE FEDERAL BUREAU OF INVESTIGATION SOLVE THE ENCRYPTION PROBLEM?................. 348 A. What Is Magic Lantern and How Does It Work? ................. 349 B. Magic Lantern Works: Case in Point................................... 350 C. What Are the Implications of Magic Lantern? ..................... 350 D.
    [Show full text]