Location: http://news.zdnet.co.uk/story/0,,t269-s2099692,00.html

FBI uses hacking technology for surveillance

Robert Lemos, CNET News.com

A new tool reportedly being developed by law enforcement agencies to
remotely install surveillance programs on a suspect's computer is little
more than three-year-old hacking technology, security experts said on
Wednesday.

On Tuesday, MSNBC reported that the FBI was working on a computer "virus"
to install key-logging programs and other surveillance software onto a
suspect's computer.

Yet if the details of the report are correct, the technique doesn't use a
virus, but a Trojan horse, a program that acts without the person's
knowledge.

"The technology has been around a bit," said Vincent Gullotto, director
of Network Associates' antivirus emergency response team. "It seems like
the FBI is just trying to see if they can come up with different options
and ways that electronic surveillance can be done."

Calling the technology "Magic Lantern," the report stated that the intent
of such software would be to remotely install a system that logs all
keystrokes sent to a PC to obtain data and passwords.

The idea is old hat, said Fred Cohen, a security practitioner in
residence for the University of New Haven. "It's not a very clever or
novel thing," he said.

FBI representatives could not be reached for comment.

Cohen has taught law enforcement and industry security professionals many
ways of collecting digital evidence. When such evidence is encrypted, the
officer needs to work around the crypto system, not try to break the keys
with computational muscle, he said.

"You want to go after the keystrokes," he said. By capturing the keys
typed by a person, then law enforcement can learn the password used to
unlock encrypted documents. If they tried to use computational firepower
instead, cracking the code could theoretically take years, if not
centuries.

For that reason, Cohen suggests that hacking tools be used. "In my class,
I teach how they could use a Trojan horse to go after the keystrokes," he
said.

Several hacking tools, the two most popular being Back Orifice and
SubSeven, allow full control over a remote PC infected by the program,
including keystroke logging and even recording a conversation if a
microphone is connected to the PC. Both programs have been incorporated
into Trojan horses and are several years old.

In fact, the FBI has already used similar, if more limited, surveillance
software in at least one high-profile case to obtain a secret code to
unlock encrypted files on the computer of Nicodemo S. Scarfo, a suspected
mobster in the Gambino crime family.

In details unveiled by an affidavit in the case, the FBI installed a
key-logging system on Scarfo's computer during a search of his office.

US Representative Richard Armey, a Texas Republican, sees such techniques
-- and their remote installation -- as a better deal for citizens than
Carnivore, the FBI's controversial email surveillance system.

"The way we look at it, this may be better than other available tools,"
said Armey spokesman Richard Diamond. Where the Carnivore system --
renamed the DCS 1000 -- has access to an entire data stream and could
potentially spy any traffic on that network, the so-called "Magic
Lantern" technology would only be installed on a single PC.

"If Magic Lantern is as described, then it is a rifle-shot attack on a
suspect," Diamond said, compared with Carnivore's shotgun blast.

One danger is that evidence-gathering tools such as Magic Lantern are not
well defined in law. The technique could lead to unsupervised
surveillance by law enforcement, because it's unclear whether any laws
requiring oversight apply to the situation, said David Sobel, general
counsel for the Electronic Privacy Information Center, a Washington D.C.
policy think tank.

"This is more problematic than a traditional wiretap, because suddenly
you are removing the communications provider from the equation," Sobel
said. A wiretap order has to be presented to the phone company to connect
to their network and snoop an individual's line. Even the Carnivore
system requires the help of the Internet service provider to install it.

While Armey successfully added an amendment to the USA Patriot Act -- a
far-reaching package of surveillance laws passed last month -- to provide
oversight of the use of Carnivore by the FBI, it would not apply to Magic
Lantern, Sobel warned.

"We don't know what this is capable of and whether it is being used
properly," he said. "There may be no way to stop this from being
installed on a computer."

Who's watching you? Get the latest on spy networks such as Echelon and
Carnivore, as well as privacy issues for companies and individuals alike,
at ZDNet UK's Surveillance News Section.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************