A 'Magic Lantern' for the FBI

Posted on December 05, 2001

in Commentary & Society

by Erika Meyer (erika)

Rated 3.37 (Ratings: 15) (Add your rating)

Want more?

More articles in Commentary & Society
More articles by erika

Erika Meyer

Member info | Full bio

User since: April 06, 2000

Last login: January 05, 2009

Articles written: 9

According to several news sources, the US Federal Bureau of Investigation intends to use keystroke-logging-enabled Trojan horses for their terrorist spy-work.

An "anonymous source" interviewed for an MSNBC article, says the FBI's worm is "one of a series of enhancements currently being developed for the FBI's Carnivore project... under the umbrella project name of Cyber Knight."

While some U.S. anti-virus software makers have said they will cooperate with the FBI and avoid detecting Magic Lantern, Graham Cluley, senior technology consultant at Sophos, questioned the precedent such actions set, according to an article in The Register.

This bit of news should be of interest to anyone who sends email or publishes on the web. My question is, on what basis does the FBI decide to target an individual for computer espionage?

As someone who uses email frequently, including participating in publicly-archived mailing lists (such as evolt.org's), and as someone who occasionally writes opinion pieces which are published on the web, I find these moves, coupled with the "enhanced surveillance procedures" of October's Patriot Act, quite troubling. Even more troubling is that the word "terrorism" appears to have no generally agreed-upon definition (Wired, 3 December 01).

With so many uncertainties, I find myself wondering upon which grounds the FBI will choose to target an individual or group for computer espionage.

References and Further Reading:

News and Commentary:

Benner, Jeffrey. "Who EU Calling a Terrorist?"; Wired News, 3 December 2001.
Leyden, John. "AV vendors split over FBI Trojan snoops"; The Register, 27 November, 2001.
McCullagh, Declan. "'Lantern' Backdoor Flap Rages"; Wired News, 27 November 2001.
Sullivan, Bob. "FBI Software Cracks Encryption Wall"; MSNBC, 20 November 2001.
Vamosi, Robert. "Warning: We know what you're typing (and so does the FBI)"; ZDNet, 5 December 2001.

Slashdot:

timothy. "Symantec Will Not Detect Magic Lantern"; 28 November, 2001.
chrisd. "McAfee Will Ignore FBI Spyware" 24 November, 2001.

Carnivore FIOA Documents:

"Electronic Privacy Information Center (EPIC) Carnivore Freedom of Information Act (FIOA) Legislation"; Electronic Privacy Information Center, August 2000.

Erika lives in Portland, Oregon and has been building websites professionally since 1998.
www.seastorm.com

11 comments on this article. Log in to add your comment | Rate this article:

Privacy

Submitted by zincite on December 9, 2001 - 13:31.

With there being so much about privacy on the internet now all of the sudden the FBI is going to make the internet not so private.

Just doesn't make since to me?

good to know

Submitted by wolf on December 10, 2001 - 12:55.

thanks for posting! Now, what can one do about it?

Dvoraq Keyboards too?

Submitted by adolph on December 11, 2001 - 23:50.

Does a keylogger log the keys or what the keys really mean to the system? I guess Magic Lantern's mojo better be good enough for alternative keyboard layouts and alternative language keyboards.

Software Vendor's Responsibilies...

Submitted by gilprice on December 12, 2001 - 06:23.

Do the anti-virus like Symantec and McAfee really have the right to pick and choose which virus packages they detect and which one's they don't. Aren't they obligated to provide the highest levels of protection as expected by their customers; TOTAL protection against all enemies 'foreign and domestic'.

I personally as a law abiding citizen would consider the ignoring of any virus/trojan/worm/etc...as a breach of contract. I use anti-virus packages to protect my system from the effects of unwanted intruder's into my computer system. The lack of detection is not what I am paying for, besides, what is then to stop an experienced cyber-criminal from hijacking the FBI's trojan and then re-implementing it to their own uses with the unwitting cooperation of the anti-virus companies?

No, let law enforcement do what is their right to do, and let the citizens of the U.S. do what is their right to do, buy the best protection they can afford. I personally don't use the tools available from Symantec or McAfee, and I have not recommended against them in the past, but now I WILL.

Also, I guess it is time start reading the fine print of ALL liscense agreements to see if there is a "Carnivore" or "Cyber Knight" clause.

Nuf said'

Gil Price
Lexington, SC

Vendors' Responsibilities

Submitted by MartinB on December 12, 2001 - 09:16.

The responsibility will always be 'within the limit of applicable law', which means that you won't see any specific Carnivore/Magic Lantern terms in the EULA. It will be interesting if vendors don't produce a US-specific version as the reputational impact of allowing the US government to eavesdrop (say) German citizens could be fun and interesting.

Vendors say no backdoor?

Submitted by StOne on December 12, 2001 - 10:09.

Antivirus Firms Say They Won't Create FBI Loophole

Re: Vendors say no backdoor?

Submitted by mwarden on December 12, 2001 - 18:14.

StOne, excellent follow-up. Thank you!

FBI Confirms Project

Submitted by dmah on December 13, 2001 - 09:35.

The FBI has now confirmed the existance of the Magic Lantern project.

CNN finally covers it...

Submitted by aardvark on December 13, 2001 - 09:54.

CNN finally seems to have qualified this as a news-worthy story.

No loophole required..?

Submitted by MartinB on December 20, 2001 - 18:01.

... when your friendly neighbourhood virus will do all the naughty work for you. As the BadTrans.B worm logs all keystrokes and dumps them to a webserver, all the FBI has to do is subpoena the ISP to turn over the dump to them. The Register has all the gory stuff.

Submitted by erika on December 21, 2001 - 11:37.

I think it is worth noting that those most vulnerable are users of the Windows/Outlook combo.

I know a lot of us take this for granted. Most virus-related news stories simply assume use of the Windows OS.

But if I were a terrorist or other criminal (note: I'm neither), or if I were worried about the FBI, or if I simply didn't want the hassle of fending off nasty attachments, I'd think twice before using the Windows/Outlook combo.

This is not to say everyone else is "safe" but just to point out that when it comes to vulnerabilities, not all software is created equal.

Start of page header

Other Fine Evolt.org Sites

Navigation Starts

Submit

Article Categories

Highest rated articles

Recent comments

Main Page Content