Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Magic Lantern is Wakeup Call

By nirv in Internet
Thu Dec 20, 2001 at 12:27:41 PM EST
Tags: Security (all tags)
Security

FBI has reluctantly admitted it is developing "Magic Lantern" as part of a series of enhancements to the Cyber Knight project. The software is capable of gaining access to your encryption keys by stealing passwords used to secure them. It is a trojan horse that once inserted into an internet connected computer logs your keystrokes and relays your data to FBI. FBI hopes that users who are smart enough to use encryption for their communication will fall a pray to Magic Lantern by overlooking their personal system's security.

So how is it a wakeup call you ask? Just a minute.


Trojan horses and keystroke logging viruses are nothing new. They have been in active use for years, even before the wide adoption of Internet as a communication medium. FBI is finally catching up to the "Black Hat Hacker" community and attempts to tackle the "encryption problem" with new tools. Don't count on the anti-virus firms to save your day, Symantec is on the record saying they would cooperate with the FBI. McAfee's position depends on which report you read.

FBI is going to wish they have never leaked the information. Now that "Magic Lantern" and the Enhanced Carnivore Project have made the headlines, security companies are going to bow to public pressure and make enhancements to their software that not only defeat Magic Lantern, but also take care of the key logging vulnerability that has been known for years. The most proactive companies have new software updates already on the market. One such example is CryptoHeaven where they have recently added a virtual keyboard for pass-phrase entry. Another is e-gold. More are sure to follow.

People need to be very careful and realize that they even the best encryption software can be compromised if you have people looking over your shoulder. There is no substitute for ignorance. Education is of paramount importance.

In the coming months we are going to have new technologies developed to combat key loggers and other "Carnivore Enhancements." In the mean time, may I suggest using common sense on daily basis.

Relevant Links

'Magic Lantern' Rubs the Wrong Way
CryptoHeaven
E-gold

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Symantec
o 'Magic Lantern' Rubs the Wrong Way
o CryptoHeav en
o E-gold
o Also by nirv


Display: Sort:
Magic Lantern is Wakeup Call | 18 comments (15 topical, 3 editorial, 0 hidden)
Who likes Magic Lantern the most? (4.66 / 6) (#2)
by Anonymous 242 on Thu Dec 20, 2001 at 01:35:42 AM EST

Trojan, worm, and virus writers.

Because the big anti-viral software manufacturers will probably "not detect" Magic Lantern, it is only a matter of time before new nasties use the same signature as Magic Lantern.

As Bruce Schneier stated in the most recent Cryptogram:

The scariest bit of news revolves around whether anti-virus companies will detect Magic Lantern or ignore it. I don't think that the anti-virus companies should be making decisions about which viruses and Trojans it detects and which it doesn't. Aside from the obvious problems of betraying the trust of the user, there's the additional complexity of a mechanism for detecting malware and then not doing anything about it. Any hacker who reverse engineers the anti-virus product can design a Trojan that looks like the FBI's Magic Lantern and escapes detection.
If nothing else, this will be interesting to watch as it pans out.

Regards,

Lee Irenæus Malatesta

Cryptographic signature (4.00 / 1) (#5)
by Secret Coward on Thu Dec 20, 2001 at 02:44:05 AM EST

If the FBI has any smarts about them, they will sign Magic Lantern with a cryptographic signature. To slip past anti-virus software, a black-hatter would have to discover the FBI's private key. So while the hole still exists, the challenge is far more daunting than Mr. Schneier leads on.

[ Parent ]
Maybe (4.50 / 2) (#6)
by Anonymous 242 on Thu Dec 20, 2001 at 02:48:24 AM EST

If the FBI has any smarts about them, they will sign Magic Lantern with a cryptographic signature.
Using a cryptographic key may or may not be smart.
To slip past anti-virus software, a black-hatter would have to discover the FBI's private key.
Assuming that the implementation of all anti-viral software is secure and can not be easily broken.
So while the hole still exists, the challenge is far more daunting than Mr. Schneier leads on.
Change 'is far more' to 'may be far more' and I'll happily agree with you.

It is too soon to tell. As I said before, it will interesting to see how this pans out.

[ Parent ]

What are you talking about? (5.00 / 1) (#9)
by CmdrTroll on Thu Dec 20, 2001 at 11:37:24 AM EST

Virus scanners simply search executables for a (relatively) unique pattern of bytes (in other words, a little substring). Unless this "new virus" was an identical copy of Magic Lantern, it will be trivial to add an identifying pattern that matches the virus and doesn't match Magic Lantern. Ignoring Magic Lantern requires Symantic to do ... nothing at all!

That's why it was easy for Norton to screw up and misidentify a copy of pkzip as a virus, and conversely it is difficult to pattern-match most polymorphic virii.

-CT

[ Parent ]

What's the big deal about Magic Lantern? (4.50 / 2) (#3)
by khym on Thu Dec 20, 2001 at 02:23:37 AM EST

I fail to see what the big deal about Magic Lantern is. With Carnivore, there's the worry that the FBI could easily snoop packets they have no warrant for, because it's a piece of software or hardware doing who-knows-what under the hood at the ISP level. With the case of Magic Lantern, it's not a virus or worm, as it doesn't reproduce; the FBI only send it to someone they have a warrant on, so it can only work on one person at a time. Of course, there's nothing preventing them from sending it people who they don't have a warrant on, but there's also nothing stopping them from breaking into your house and putting in bugs or installing other sort of pre-existing snoop-ware on your computer. Magic Lantern is just the computer equivalent of a covert listening device.

And while actively ignoring Magic Lantern (as opposed to simply refraining from adding it's fingerprint to their files*) would create a security whole, I don't think it's otherwise a problem. If the FBI, with a warrant in hand, gets your landlord to let you into your apartment/house, or gets your phone company to install a old-fashioned wire tap, they are acting against the interests of you, their paying customer. However, this is the way things are supposed to work: the FBI comes to XYZ, and XYZ sneakily acts behind your back (the bastards). Unless you're opposed to warrants which don't immediately alert their targets (a type of warrants that have been issued for decades), then anti-virus companies ignoring Magic Lantern isn't any problem (except for the security hole it creates).

--------------

*: If a fingerprint for the original Magic Lantern (ML) weren't put in, then any knock offs of ML that might be made could have separate fingerprints put in that specifically identify them, while not identifying ML; that would be passively ignoring them. But in that case, ML might set off anti-virus alarms because of the weird stuff that it does, so anti-virus makers would have to add a fingerprint for ML, and then write special case code which says "If a program matches this fingerprint, turn a blind eye". Something like that would open up a big security hole.



--
Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.
Differences (3.50 / 2) (#10)
by Ken Arromdee on Thu Dec 20, 2001 at 11:44:52 AM EST

If the FBI, with a warrant in hand, gets your landlord to let you (sic) into your apartment/house, or gets your phone company to install a old-fashioned wire tap, they are acting against the interests of you, their paying customer.

If the FBI gets your landlord to let an agent in your house, the FBI had to get the warrant *first*, before talking to your landlord. A virus scanner containing a loophole has been created ahead of time, and makes any future computer searches easier whether they have warrants or not.

It's as if the FBI told your landlord to give its agents a key to your apartment right now, but promised that they'd only use the key if they ever got a warrant in the future.

[ Parent ]

Isn't Magic Lantern a keystroke logger? (4.00 / 1) (#11)
by John Thompson on Thu Dec 20, 2001 at 11:55:06 AM EST

Your comment seems to imply that Magic Lantern is a packet sniffer. My understanding is that it is a keystroke logger that looks for passphrases it can send back to the FBI to assist them in decrypting files that would otherwise require a tiresome brute-force approach.

Either way, it seems to rely on Microsoft Windows vulnerabilities that would not work under other operating systems.

[ Parent ]
The paranoia runs rampant... but why? (2.75 / 4) (#7)
by CmdrTroll on Thu Dec 20, 2001 at 03:02:01 AM EST

Judging from the information released by the FBI and from speculation posted all over the internet, it is obvious that Magic Lantern will not be a threat to any clueful computer users. Magic Lantern was designed to spy on silly Windows users who open executable attachments - and that is all. It is, at worst, a distraction for those of us who are security-conscious enough to run OpenBSD or a similarly well-audited system.

The rules really have not changed at all here: if you are too lazy to run secure software and learn how to protect your secrets, somebody will be able to steal them from you. Windows lusers and people who fail to take the necessary precautions do not deserve privacy, just as an untrained skydiver does not deserve to survive his first fall. Security ignoramii should not expect their data to remain safe, just because they have been lucky thus far. Stupidity always catches up with you.

-CT

I'm wondering about the legal stuff... (3.00 / 1) (#12)
by karjala on Thu Dec 20, 2001 at 03:41:54 PM EST

I was wondering as to whether the distributors of McAffee and Norton outside the US would be exposed to criminal lawsuits, should they voluntarilly allow Magic Lantern to pass through.

I think of the similarity between this and, say, hiring guards for your house who would knowingly let foreign policemen to enter without a warrant.

Surely a court cannot allow that without some sort of special law, can it?

I mean... (none / 0) (#13)
by karjala on Thu Dec 20, 2001 at 03:48:35 PM EST

I mean, when you're hired to prevent a crime and don't do your job on purpose, you're considered as one of the criminals in the crime, isn't that how it works?

[ Parent ]
Details... (none / 0) (#14)
by shimon on Sun Dec 23, 2001 at 03:08:57 PM EST

The FBI would be entirely out of its jurisdiction attempting to surveil foreigners. It is only allowed to investigate Americans.

With that in mind, if the FBI did somehow violate US law and attack foreigners with their trojan horse, I don't imagine McAfee/Symantec/whoever could be held liable. I haven't purchased any of their software, so I haven't read the license, but I'm sure it disclaims any notions of obligatory protection. It probably also cites specifically compliance with US laws, and if you use the software you accept those terms. Software contracts (licenses) should be carefully reviewed.

[ Parent ]

Will I need a memory upgrade? (5.00 / 1) (#15)
by threaded on Tue Dec 25, 2001 at 11:06:15 AM EST

Yeah, so some FBI / salaried civil servant is going to try and write a key stroke logger... Good joke, but save them for April 1st please. April 1st 2010...

/*Good, Quick, Cheap: Choose two!*/
FBI (none / 0) (#18)
by connyandersen on Mon Mar 18, 2002 at 05:23:11 AM EST

but save them for April 1st please. April 1st 2010... what about this year?

[ Parent ]
Hypocritical Bullsh*t (none / 0) (#16)
by r00t on Sun Jan 06, 2002 at 12:06:51 PM EST

Why can big bro write virus's, inflitrate our computers, and monitor everything we do, AND ITS PERFECTLY OK. But god forbid, we do it to their computers, and its against the law, we're portrayed as "evil hackers" by the media, and thrown into jail and/or fined by the authorities. Thats a load of shit in my opinion.


-It's not so much what you have to learn if you accept weird theories, it's what you have to unlearn. - Isaac Asimov

Because... (none / 0) (#17)
by n0mj121 on Sun Jan 06, 2002 at 04:04:31 PM EST

We voted for them, therefore everything they do to us must be right... oh God, no. It would be amazing if someone revealed some highly illegal 'project' that our governments were involved in. There must be some of them around here somewhere...

[ Parent ]
Magic Lantern is Wakeup Call | 18 comments (15 topical, 3 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!