[ISN] FBI software cracks encryption wall

From: InfoSec News (isnat_private)
Date: Wed Nov 21 2001 - 02:28:08 PST

  • Next message: InfoSec News: "[ISN] The Google attack engine"

    Forwarded by: Elyn Wollensky <elynat_private>
    By Bob Sullivan
    November 20, 2001
    The FBI is developing software capable of inserting a computer virus
    onto a suspects machine and obtaining encryption keys, a source
    familiar with the project told MSNBC.com. The software, known as Magic
    Lantern, enables agents to read data that had been scrambled, a tactic
    often employed by criminals to hide information and evade law
    enforcement. The best snooping technology that the FBI currently uses,
    the controversial software called Carnivore, has been useless against
    suspects clever enough to encrypt their files.
    MAGIC LANTERN installs so-called keylogging software on a suspects
    machine that is capable of capturing keystrokes typed on a computer.
    By tracking exactly what a suspect types, critical encryption key
    information can be gathered, and then transmitted back to the FBI,
    according to the source, who requested anonymity.
    The virus can be sent to the suspect via e-mail perhaps sent for the
    FBI by a trusted friend or relative. The FBI can also use common
    vulnerabilities to break into a suspects computer and insert Magic
    Lantern, the source said.
    Magic Lantern is one of a series of enhancements currently being
    developed for the FBIs Carnivore project, the source said, under the
    umbrella project name of Cyber Knight.
    The FBI released a series of unclassified documents relating to
    Carnivore last year in response to a Freedom of Information Act
    request filed by the Electronic Privacy Information Center. The
    documentation was heavily redacted most information was blacked out.
    They included a document describing the "Enhanced Carnivore Project
    Plan, which was almost completely redacted. According to the anonymous
    source, redacted portions of that memo mention Cyber Knight, which he
    described as a database that sorts and matches data gathered using
    various Carnivore-like methods from e-mail, chat rooms, instant
    messages and Internet phone calls. It also matches the files with the
    necessary encryption keys.
    MSNBC.com repeatedly contacted the FBI to discuss this story. However,
    after three business days the FBI was still requesting more time
    before commenting. MSNBC.com has filed a Freedom of Information Act
    request with the bureau.
    Word of the FBIs new software comes on the heels of a major victory
    for the use of Carnivore. The USA Patriot Act, passed last month, made
    it a little easier for the bureau to deploy the software. Now agents
    can install it simply by obtaining an order from a U.S. or state
    attorney general without going to a judge. After-the-fact judicial
    oversight is still required.
    If Magic Lantern is in fact used to steal encryption keys, it would
    not be the first time the FBI has employed such a tactic. Just last
    month, in an affidavit filed by Deputy Assistant Director Randall
    Murch in U.S. District Court, the bureau admitted using keylogging
    software to steal encryption keys in a recent high-profile mob case.
    Nicodemo Scarfo was arrested last year for loan sharking and running a
    gambling racket. During their investigation, Murch wrote in his
    affidavit, FBI agents broke into Scarfos New Jersey office and
    installed encryption-key-stealing software on the suspects machine.
    The key was later used to decrypt critical evidence in the case.
    Magic Lantern would take the method used in Scarfo one step further,
    allowing agents to break in to a suspects office and install
    keylogging software remotely. But in both cases, the software works
    the same way.
    It watches for a suspect to start a popular encryption program called
    Pretty Good Privacy. It then logs the passphrase used to start the
    program, essentially given agents access to keys needed to decrypt
    Encryption keys are unbreakable by brute force, but the keys
    themselves are only protected by the passphrase used to start the
    Pretty Good Privacy program, similar to a password used to log on to a
    network. If agents can obtain that passphrase while typed into a
    computer by its owner, they can obtain the suspects encryption key
    similar to obtaining a key to a lock box which contains a piece of
    paper that includes the combination for a safe.
    David Sobel, attorney for the Electronic Privacy Information Center
    and outspoken critic of Carnivore, did not outright reject the notion
    of a Magic-Lantern-style project, but raised several cautions.
    This is breaking new ground for law enforcement, to be planting
    viruses on target computers, Sobel said. It raises a new set of issues
    that neither Congress nor the courts have ever dealt with.
    Stealing encryption keys could be touchy ground for federal
    investigators, who have always fretted openly about encryptions
    ability to help criminals and terrorists hide their work. During the
    Clinton administration, the FBI found itself on the losing side of a
    lengthy public debate about the federal governments ability to
    circumvent encryption tools. The most recently rejected involved
    so-called key escrow all encryption keys would have been stored by the
    government for emergency recall.
    A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic
    Lantern, as described to him by MSNBC.com, was considerably more
    palatable than key escrow.
    Citizens should have ability to keep their files and e-mails safe from
    bureaucratic prying eyes. But this would only be usable against a
    limited set of people. Its not as troubling as saying the government
    should have all the keys, said the Armey spokesperson. He also said
    Magic Lantern didnt raise the same Fourth Amendment concerns regarding
    search and seizure as Carnivore, because Magic Lantern apparently
    targets one suspect at a time. Armey, an outspoken Carnivore critic,
    has complained about the potential for the FBIs Internet sniffing
    software to capture too much data as packets fly by headed for a
    suspect known in the legal world as an overly broad search.
    Sobel was concerned that the keylogging software itself could result
    in overly broad searches, since it would be possible to observe every
    keystroke entered by a suspect, even if a court order specified a
    search only for encryption keys. Developers in the Scarfo case went to
    some trouble to limit the data stored by the keylogging software
    installed on Scarfos computer, shutting the system on and off in an
    attempt to comply with the court order, according to Murchs affidavit.
    But given the confusion surrounding keylogging and encryption, and the
    mystery surrounding projects like Carnivore, Sobel said hes worried
    about the bureaus use of software that hasnt been clearly explained to
    the public or the Congress.
    It is a matter of what protections are in place. At this point, the
    best documented case is Scarfo, and that raises concerns, he said. The
    federal magistrate who approved the technology in Scarfo had no
    understanding of what this thing was. I hope there can be meaningful
    oversight (for Magic Lantern).
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 16:08:14 PST