- In order to stop criminals and terrorists who may be
plotting evil deeds using computers and the Internet, the FBI is developing
a tool that is more commonly associated with computer hackers.
-
- According to the FBI and other law enforcement agencies,
computer-savvy criminals are increasingly turning to encryption software
to protect their sensitive data from prying eyes. Programs such as Pretty
Good Privacy, or PGP, scramble computer files so well that it takes years
for even the most powerful supercomputer to crack them without the
appropriate
"key."
-
- But instead of trying to "pick" open any locked
files, the FBI hopes agents could one day just copy the criminals' keys
by using a program currently code-named "Magic Lantern."
-
- The FBI recently confirmed that the agency did indeed
have a computer project called "Magic Lantern" underway. But
since the project was still "under development," the bureau
declined
to reveal further details about its design or capabilities.
-
- Copying Keys by Logging Keystrokes
-
- But according to news reports, the program may be a
powerful
version of a hacking tool known as a key-logging program. Such a program,
when installed on a computer, monitors and stores copies of what is typed
by the user " say a password that starts an encryption program.
-
- The FBI had used such a key-logging program last year
in a criminal investigation against Nicodemo Scarfo Jr., son of a convicted
Philadelphia Mafia boss. FBI agents had broken into Scarfo's office in
New Jersey and installed a key-logging program to capture Scarfo's software
encryption key, which later revealed vital evidence against the alleaged
loan shark. (Scarfo's case is still being tried in federal court.)
-
- But more than just an electronic surveillance tool,
experts
believe Magic Lantern may also be able to secretly install itself on an
unsuspecting user's computer, much like a computer virus. The program could
be disguised as a harmless computer file " a so-called "Trojan
horse" program " and sent as an attachment to a benign computer
e-mail.
-
- Mark Rasche, a former prosecutor with the Justice
Department,
says that such a capability wouldn't be impossible. Such Trojan horse
attacks
have been used in recent computer attacks such as last month's Badtrans
worm. "We know that 19-year-old teens from the Phillippines can do
this," says Rasche, now a vice president of cyberlaw at Predictive
Systems in Reston, Va.
-
- Critics Already Crying Foul
-
- Whether or not the FBI's latest cybersnooping tool is
truly the ultimate cyberspy is still questionable. But one thing is for
sure: critics are already crying foul over the still-secret FBI program
and it's hypothetical potential.
-
- Although the FBI says that Magic Lantern would only be
used "pursuant to the appropriate legal process" " i.e.
under a court-approved search warrant " privacy and legal experts
worry that the program could violate citizens' civil right to be free from
unreasonable searches and seizures. Lawyers for Scarfo, for example, have
petitioned the courts to review the legality of the evidence gathered by
the FBI's previous key-logging program.
-
- What's more, security experts suggest that like other
Trojan horse viruses, the FBI's Magic Lantern may be discovered by
anti-virus
programs. And security software makers such as Symantec and Sophos have
already taken the position that they won't treat a Magic Lantern bug any
differently than any other computer virus.
-
- "Malicious code is malicious code," said Graham
Cluely, senior technology consultant for Sophos Anti-Virus, in a statement
last month. "If a customer suspects they may be under surveillance
and sends a Trojan horse to us, we're going to provide protection against
it."
|
