[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] FBI software cracks encryption wall
From:       InfoSec News <isn () c4i ! org>
Date:       2001-11-21 10:28:08
[Download RAW message or body]

Forwarded by: Elyn Wollensky <elyn@consect.com>

By Bob Sullivan
MSNBC
November 20, 2001

The FBI is developing software capable of inserting a computer virus
onto a suspects machine and obtaining encryption keys, a source
familiar with the project told MSNBC.com. The software, known as Magic
Lantern, enables agents to read data that had been scrambled, a tactic
often employed by criminals to hide information and evade law
enforcement. The best snooping technology that the FBI currently uses,
the controversial software called Carnivore, has been useless against
suspects clever enough to encrypt their files.

MAGIC LANTERN installs so-called keylogging software on a suspects
machine that is capable of capturing keystrokes typed on a computer.
By tracking exactly what a suspect types, critical encryption key
information can be gathered, and then transmitted back to the FBI,
according to the source, who requested anonymity.
       
The virus can be sent to the suspect via e-mail perhaps sent for the
FBI by a trusted friend or relative. The FBI can also use common
vulnerabilities to break into a suspects computer and insert Magic
Lantern, the source said.
       
Magic Lantern is one of a series of enhancements currently being
developed for the FBIs Carnivore project, the source said, under the
umbrella project name of Cyber Knight.

MENTIONED IN UNCLASSIFIED DOCUMENTS

The FBI released a series of unclassified documents relating to
Carnivore last year in response to a Freedom of Information Act
request filed by the Electronic Privacy Information Center. The
documentation was heavily redacted most information was blacked out.
They included a document describing the "Enhanced Carnivore Project
Plan, which was almost completely redacted. According to the anonymous
source, redacted portions of that memo mention Cyber Knight, which he
described as a database that sorts and matches data gathered using
various Carnivore-like methods from e-mail, chat rooms, instant
messages and Internet phone calls. It also matches the files with the
necessary encryption keys.

MSNBC.com repeatedly contacted the FBI to discuss this story. However,
after three business days the FBI was still requesting more time
before commenting. MSNBC.com has filed a Freedom of Information Act
request with the bureau.
       
Word of the FBIs new software comes on the heels of a major victory
for the use of Carnivore. The USA Patriot Act, passed last month, made
it a little easier for the bureau to deploy the software. Now agents
can install it simply by obtaining an order from a U.S. or state
attorney general without going to a judge. After-the-fact judicial
oversight is still required.

FBI HAS ALREADY STOLEN KEYS

If Magic Lantern is in fact used to steal encryption keys, it would
not be the first time the FBI has employed such a tactic. Just last
month, in an affidavit filed by Deputy Assistant Director Randall
Murch in U.S. District Court, the bureau admitted using keylogging
software to steal encryption keys in a recent high-profile mob case.
Nicodemo Scarfo was arrested last year for loan sharking and running a
gambling racket. During their investigation, Murch wrote in his
affidavit, FBI agents broke into Scarfos New Jersey office and
installed encryption-key-stealing software on the suspects machine.
The key was later used to decrypt critical evidence in the case.

Magic Lantern would take the method used in Scarfo one step further,
allowing agents to break in to a suspects office and install
keylogging software remotely. But in both cases, the software works
the same way.
       
It watches for a suspect to start a popular encryption program called
Pretty Good Privacy. It then logs the passphrase used to start the
program, essentially given agents access to keys needed to decrypt
files.

Encryption keys are unbreakable by brute force, but the keys
themselves are only protected by the passphrase used to start the
Pretty Good Privacy program, similar to a password used to log on to a
network. If agents can obtain that passphrase while typed into a
computer by its owner, they can obtain the suspects encryption key
similar to obtaining a key to a lock box which contains a piece of
paper that includes the combination for a safe.

BREAKING NEW GROUND

David Sobel, attorney for the Electronic Privacy Information Center
and outspoken critic of Carnivore, did not outright reject the notion
of a Magic-Lantern-style project, but raised several cautions.
       
This is breaking new ground for law enforcement, to be planting
viruses on target computers, Sobel said. It raises a new set of issues
that neither Congress nor the courts have ever dealt with.
       
Stealing encryption keys could be touchy ground for federal
investigators, who have always fretted openly about encryptions
ability to help criminals and terrorists hide their work. During the
Clinton administration, the FBI found itself on the losing side of a
lengthy public debate about the federal governments ability to
circumvent encryption tools. The most recently rejected involved
so-called key escrow all encryption keys would have been stored by the
government for emergency recall.
       
LEVELS PLAYING FIELD WITH CRIMINALS
       
A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic
Lantern, as described to him by MSNBC.com, was considerably more
palatable than key escrow.

Citizens should have ability to keep their files and e-mails safe from
bureaucratic prying eyes. But this would only be usable against a
limited set of people. Its not as troubling as saying the government
should have all the keys, said the Armey spokesperson. He also said
Magic Lantern didnt raise the same Fourth Amendment concerns regarding
search and seizure as Carnivore, because Magic Lantern apparently
targets one suspect at a time. Armey, an outspoken Carnivore critic,
has complained about the potential for the FBIs Internet sniffing
software to capture too much data as packets fly by headed for a
suspect known in the legal world as an overly broad search.
       
Sobel was concerned that the keylogging software itself could result
in overly broad searches, since it would be possible to observe every
keystroke entered by a suspect, even if a court order specified a
search only for encryption keys. Developers in the Scarfo case went to
some trouble to limit the data stored by the keylogging software
installed on Scarfos computer, shutting the system on and off in an
attempt to comply with the court order, according to Murchs affidavit.
But given the confusion surrounding keylogging and encryption, and the
mystery surrounding projects like Carnivore, Sobel said hes worried
about the bureaus use of software that hasnt been clearly explained to
the public or the Congress.
       
It is a matter of what protections are in place. At this point, the
best documented case is Scarfo, and that raises concerns, he said. The
federal magistrate who approved the technology in Scarfo had no
understanding of what this thing was. I hope there can be meaningful
oversight (for Magic Lantern).



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.

[prev in list] [next in list] [prev in thread] [next in thread]