[TCLUG] FBI software cracks encryption wall

[Rick Engebretson]

Seems easy to evade. Just switch your computer (or hard drive) every month 
or so with a fresh install and say goodbye to snooping viruses. Any crook 
or terrorist who leaves email around for evidence would also leave 
fingerprints all over the crime scene. But the government has to catch 
stupid crooks, too.

The FBI should be more worried about crooks using such technology on the 
average user.


-----Original Message-----
From:	jon-david schlough [SMTP:jondavid at mn.rr.com]
Sent:	Wednesday, November 21, 2001 1:08 PM
To:	tclug-list at mn-linux.org
Subject:	Re: [TCLUG] FBI software cracks encryption wall



FBI software cracks encryption wall

'Magic Lantern' part of new 'Enhanced Carnivore Project'

By Bob Sullivan
MSNBC

Nov. 20 - The FBI is developing software capable of inserting a computer
virus onto a suspect's machine and obtaining encryption keys, a source
familiar with the project told MSNBC.com. The software, known as "Magic
Lantern," enables agents to read data that had been scrambled, a tactic
often employed by criminals to hide information and evade law enforcement.
The best snooping technology that the FBI currently uses, the controversial 
software called Carnivore, has been useless against suspects clever enough
to encrypt their files. MAGIC LANTERN installs so-called "keylogging"
software on a suspect's machine that is capable of capturing keystrokes
typed on a computer. By tracking exactly what a suspect types, critical
encryption key information can be gathered, and then transmitted back to 
the
FBI, according to the source, who requested anonymity.
       The virus can be sent to the suspect via e-mail - perhaps sent for
the FBI by a trusted friend or relative. The FBI can also use common
vulnerabilities to break into a suspect's computer and insert Magic 
Lantern,
the source said.
       Magic Lantern is one of a series of enhancements currently being
developed for the FBI's Carnivore project, the source said, under the
umbrella project name of Cyber Knight.

MENTIONED IN UNCLASSIFIED DOCUMENTS
Advertisement





         The FBI released a series of unclassified documents relating to
Carnivore last year in response to a Freedom of Information Act request
filed by the Electronic Privacy Information Center. The documentation was
heavily redacted - most information was blacked out. They included a
document describing the "Enhanced Carnivore Project Plan," which was almost 
completely redacted. According to the anonymous source, redacted portions 
of
that memo mention Cyber Knight, which he described as a database that sorts 
and matches data gathered using various Carnivore-like methods from e-mail, 
chat rooms, instant messages and Internet phone calls. It also matches the
files with the necessary encryption keys.

MSNBC.com repeatedly contacted the FBI to discuss this story. However, 
after
three business days the FBI was still requesting more time before
commenting. MSNBC.com has filed a Freedom of Information Act request with
the bureau.
       Word of the FBI's new software comes on the heels of a major victory 
for the use of Carnivore. The USA Patriot Act, passed last month, made it a 
little easier for the bureau to deploy the software. Now agents can install 
it simply by obtaining an order from a U.S. or state attorney general -
without going to a judge. After-the-fact judicial oversight is still
required.

FBI HAS ALREADY STOLEN KEYS



        If Magic Lantern is in fact used to steal encryption keys, it would 
not be the first time the FBI has employed such a tactic. Just last month,
in an affidavit filed by Deputy Assistant Director Randall Murch in U.S.
District Court, the bureau admitted using keylogging software to steal
encryption keys in a recent high-profile mob case. Nicodemo Scarfo was
arrested last year for loan sharking and running a gambling racket. During
their investigation, Murch wrote in his affidavit, FBI agents broke into
Scarfo's New Jersey office and installed encryption-key-stealing software 
on
the suspect's machine. The key was later used to decrypt critical evidence
in the case.


       Magic Lantern would take the method used in Scarfo one step further, 
allowing agents to "break in" to a suspect's office and install keylogging
software remotely. But in both cases, the software works the same way.
       It watches for a suspect to start a popular encryption program 
called
Pretty Good Privacy. It then logs the passphrase used to start the program, 
essentially given agents access to keys needed to decrypt files.
       Advertisement


Encryption keys are unbreakable by brute force, but the keys themselves are 
only protected by the passphrase used to start the Pretty Good Privacy
program, similar to a password used to log on to a network. If agents can
obtain that passphrase while typed into a computer by its owner, they can
obtain the suspect's encryption key - similar to obtaining a key to a lock
box which contains a piece of paper that includes the combination for a
safe.

BREAKING NEW GROUND



        David Sobel, attorney for the Electronic Privacy Information Center 
and outspoken critic of Carnivore, did not outright reject the notion of a
Magic-Lantern-style project, but raised several cautions.
       "This is breaking new ground for law enforcement, to be planting
viruses on target computers," Sobel said. "It raises a new set of issues
that neither Congress nor the courts have ever dealt with."
       Stealing encryption keys could be touchy ground for federal
investigators, who have always fretted openly about encryption's ability to 
help criminals and terrorists hide their work. During the Clinton
administration, the FBI found itself on the losing side of a lengthy public 
debate about the federal government's ability to circumvent encryption
tools. The most recently rejected involved so-called key escrow - all
encryption keys would have been stored by the government for emergency
recall.

LEVELS PLAYING FIELD WITH CRIMINALS
       A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic
Lantern, as described to him by MSNBC.com, was considerably more palatable
than key escrow.


  Tech Policy and Law

*  $100 million in fake software seized
*  Senate passes Net tax ban extension
*  FCC to scrap wireless spectrum cap
*  BROCK N. MEEKS
*  ONLINE PRIVACY
*  JUSTICE VS. MICROSOFT: FULL COVERAGE





       "Citizens should have ability to keep their files and e-mails safe
from bureaucratic prying eyes. But this would only be usable against a
limited set of people. It's not as troubling as saying the government 
should
have all the keys," said the Armey spokesperson. He also said Magic Lantern 
didn't raise the same Fourth Amendment concerns regarding search and 
seizure
as Carnivore, because Magic Lantern apparently targets one suspect at a
time. Armey, an outspoken Carnivore critic, has complained about the
potential for the FBI's Internet sniffing software to capture too much data 
as packets fly by headed for a suspect - known in the legal world as an
"overly broad" search.
       Sobel was concerned that the keylogging software itself could result 
in overly broad searches, since it would be possible to observe every
keystroke entered by a suspect, even if a court order specified a search
only for encryption keys. Developers in the Scarfo case went to some 
trouble
to limit the data stored by the keylogging software installed on Scarfo's
computer, shutting the system on and off in an attempt to comply with the
court order, according to Murch's affidavit. But given the confusion
surrounding keylogging and encryption, and the mystery surrounding projects 
like Carnivore, Sobel said he's worried about the bureau's use of software
that hasn't been clearly explained to the public or the Congress.
       "It is a matter of what protections are in place. At this point, the 
best documented case is Scarfo, and that raises concerns," he said. "The
federal magistrate who approved the technology in Scarfo had no
understanding of what this thing was. I hope there can be meaningful
oversight (for Magic Lantern)."

On Wednesday 21 November 2001 14:00, you wrote:
> I'm as confused as you.
>
> Mike
>
> > -----Original Message-----
> > From: tclug-list-admin at mn-linux.org
> > [mailto:tclug-list-admin at mn-linux.org]On Behalf Of Jay W. Anderson
> > Sent: Wednesday, November 21, 2001 7:41 AM
> > To: Bob Tanner; tclug-list at mn-linux.org
> > Subject: Re: [TCLUG] FBI software cracks encryption wall
> >
> >
> > Was there a link to something that I missed?
> >
> > Jay
> >
> > On 21 Nov 01, at 0:05, Bob Tanner wrote:
> >
> > Subject:        	[TCLUG] FBI software cracks encryption wall
> >
> > > How will this work under Linux?
> > >
> > > Is the FBI specifically targeting Windows?
> > >
> > > Nice to know terrorists will move to linux now. :-|
> >
> > _______________________________________________
> > Twin Cities Linux Users Group Mailing List - Minneapolis/St.
> > Paul, Minnesota
> > http://www.mn-linux.org
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul,
> Minnesota http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, 
Minnesota
http://www.mn-linux.org
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list