Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 11/20/2001 10:05:53 PM EDT
Woo hoo! You all is in trouble now! Read the entire article here: [url]www.msnbc.com/news/660096.asp?cp1=1[/url] ‘Magic Lantern’ part of new ‘Enhanced Carnivore Project’ By Bob Sullivan MSNBC Nov. 20 — The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as “Magic Lantern,” enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files. MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity. [b]The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.[/b] Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight. MENTIONED IN UNCLASSIFIED DOCUMENTS Advertisement The FBI released a series of unclassified documents relating to Carnivore last year in response to a Freedom of Information Act request filed by the Electronic Privacy Information Center. The documentation was heavily redacted — most information was blacked out. They included a document describing the "Enhanced Carnivore Project Plan,” which was almost completely redacted. According to the anonymous source, redacted portions of that memo mention Cyber Knight, which he described as a database that sorts and matches data gathered using various Carnivore-like methods from e-mail, chat rooms, instant messages and Internet phone calls. It also matches the files with the necessary encryption keys.
Link Posted: 11/20/2001 11:32:58 PM EDT
"keylogging software", how high-tech! I wrote keylogging software as far back as 1986, but for different reasons. Anyone with half a brain can disable it in 3 seconds.
Link Posted: 11/21/2001 2:27:28 AM EDT
Originally Posted By mattja: "keylogging software", how high-tech! I wrote keylogging software as far back as 1986, but for different reasons. Anyone with half a brain can disable it in 3 seconds.
View Quote
Ever seen a packet go from a very large fragmented TCP with a bad checksum - to a UDP with an external headder? Ever have a NIC spontaneously change MAC? Ever see a box ARP for no apparent reason? How about having a checkpoint box reboot and dump logs for no better reason than the phase of the moon? - Life is full of strange and wondrous things. NEVER assume
Link Posted: 11/21/2001 2:28:47 AM EDT
However, you can send inhalation Anthrax via the good Ole fashioned US Mail, and they don't have a clue where it came from...[IMG]http://www.freakygamers.com/smilies/s/contrib/aahmed/tongue.gif[/IMG] What's wrong with this picture?[IMG]http://www.freakygamers.com/smilies/s/contrib/aahmed/sad.gif[/IMG]
Link Posted: 11/21/2001 4:22:47 AM EDT
This probably just reflects a technology dump from intelligence to law enforcement. The problem is that any court case involving this technology is going to blow secrecy wide open. I can't see how the government could avoid disclosing sources and methods in a prosecution involving this technology.
Link Posted: 11/21/2001 4:50:31 AM EDT
What if I just wrote a script with my password in it and ran it when I wanted to encrypt something? Of course with their keylogging they would have already read whatever I wrote that was to be encrypted anyway I guess. Oh well, just a thought.
Link Posted: 11/21/2001 6:45:53 AM EDT
Couldn't you use a computer off-line to draft and encrypt your message, transfer the encrypted file to a floppy and then e-mail from an on-line computer as an attachment?
Link Posted: 11/21/2001 7:58:58 AM EDT
I think they're trying to catch the lazy criminals. Of course, if they're bothering to encrypt their messages, they aren't lazy, are they? Oh, well, nevermind that. We'll do it anyway and throw even more taxpayer money down the toilet! Woohoo! [whacko]
Link Posted: 11/21/2001 8:09:09 AM EDT
One more good reason to have good firewall software installed, anti-virus software running, and a Linux box! Or at least a secure Win 2000/XP machine (I know... I know...) Av.
Link Posted: 11/21/2001 8:10:36 AM EDT
[Last Edit: 11/21/2001 8:03:29 AM EDT by Avalon01]
Originally Posted By AR15Gator: This probably just reflects a technology dump from intelligence to law enforcement. The problem is that any court case involving this technology is going to blow secrecy wide open. I can't see how the government could avoid disclosing sources and methods in a prosecution involving this technology.
View Quote
Plea bargain. Make sure the case doesn't get to trial, and none of the secrets come out. Or claim "national security". Av.
Link Posted: 11/21/2001 8:43:02 AM EDT
This is why I run OpenBSD. I'd love to see a keylogger virus for any non-Windows/MacOS platform. Of course, there is that whole problem of physical access to your computer. Once they've got that, they can do whatever they want. Mount the drive and install keyloggers, backdoors, sniffers, etc. An encrypted filesystem helps, but isn't a guarantee against a physical attack if the keydisk is in the floppy drive. God Bless Texas
Link Posted: 11/21/2001 8:49:30 AM EDT
Having a username and password login to your machine will help some. They may have physical access to your machine, but they only have a limited time to install software. They can't TAKE the machine since it is supposed to be secret, and if you came home with a bunch of feds in your home I think that would be suspicious. Just have to slow them down enough. Av.
Link Posted: 11/21/2001 5:28:46 PM EDT
Avalon logon and password won't do much if they are monitoring your key strokes.
Link Posted: 11/21/2001 11:25:03 PM EDT
Originally Posted By Instant_Karma:
Originally Posted By mattja: "keylogging software", how high-tech! I wrote keylogging software as far back as 1986, but for different reasons. Anyone with half a brain can disable it in 3 seconds.
View Quote
Ever seen a packet go from a very large fragmented TCP with a bad checksum - to a UDP with an external headder? Ever have a NIC spontaneously change MAC? Ever see a box ARP for no apparent reason? How about having a checkpoint box reboot and dump logs for no better reason than the phase of the moon? - Life is full of strange and wondrous things. NEVER assume
View Quote
The issue was key logging. There are only a couple of ways to do this in Windows. I don't see how the issues you brought up relate to key logging.
Link Posted: 11/22/2001 8:23:52 AM EDT
[Last Edit: 11/22/2001 8:17:13 AM EDT by Avalon01]
Originally Posted By JIMBEAM: Avalon logon and password won't do much if they are monitoring your key strokes.
View Quote
If they can't get the keylogger onto your system, they don't know your username/password. Thats why I have a BIOS password on my computers, and another username/password to login to the machine. I also have firewall software installed on each PC (DSL at home), and a good anti-virus program that is updated weekly. Keyloggers and viruses don't work unless they get them onto your system. If they can't get access to your system, they can't install it, and if they can't install it, they can't monitor you. Av.
Link Posted: 11/22/2001 8:38:25 AM EDT
[Last Edit: 11/22/2001 8:34:11 AM EDT by ColonelKlink]
Link Posted: 11/22/2001 8:52:19 AM EDT
Link Posted: 11/22/2001 8:54:54 AM EDT
Actually you *can* keylog with OpenBSD, or any unix for that matter (I've seen it in my line of work). All you need to do is modify the shell binary file to do so. Anyone with a moderate level of coding experience can accomplish this with the readily available source code. Some sneaky spyware in use by private security firms (and probably government) will periodically pack up and scramble data into UDP/53 packets (or pad info into various IP packets) and send it off to a waiting collection computer. To your firewall and traffic logging software it just looks like a DNS request. Also, trojans/spybugs can be embedded into ANY exe file you download. All they have to do is install a specialized transparent HTTP proxy on your upstream internet connection. You'd never know it unless the EXE had a special checksum routine (most don't). Bios passwords aren't secure either, all they have to do is set the "reset bios" jumper on your motherboard, 3 minutes of work removing your computer's cover and viola!... they're in your system. Remember, if you think you're secure, then you're not.
Link Posted: 11/22/2001 8:55:47 AM EDT
Link Posted: 11/22/2001 8:58:10 AM EDT
Welp, I have no clue what you guys are talking about...I guess if the FBI wants some of my cpu info, then they will have it. I hate being computer illiterate.
Link Posted: 11/22/2001 8:58:37 AM EDT
Link Posted: 11/22/2001 9:00:12 AM EDT
I doubt that most people that the FBI are interested in are smart enough to install a filter packet, stateful and proxy firewalls with NAT andn run a proper secure key/certificate system or they'd be doing that for a living rather than whatever the FBI is hunting them for [:)].
View Quote
I guess that's why I do it for a living... [:D] I not worried about the FBI snooping in my system, nothing but games and network stuff. But if this software leaks out into the underground community, I can see problems. Somehow I don't think McAfee or Norton will detect this keylogging software (the FBI would make sure). Av.
Link Posted: 11/22/2001 9:54:08 AM EDT
Paul, I think you got that backwards. ARP seeks out the MAC address as the IP and nodename is already known. RARP is when the computer knows a MAC address and needs to associate an IP address for it. This is used for discless computers and DHCP. Most OS' keep an ARP cache. On NT/2000 computers, you can type 'arp -a' to display all of the cached ARP requests. This done to minimize broadcasts. If you are on a Cisco router, you would type 'show arp' correspondingly. ARPs are broadcasts which, under normal circumstances, are not forwarded outside of your local LAN (ie. doesn't pass through the router or gateway).
Link Posted: 11/22/2001 9:56:24 AM EDT
Originally Posted By JIMBEAM: Couldn't you use a computer off-line to draft and encrypt your message, transfer the encrypted file to a floppy and then e-mail from an on-line computer as an attachment?
View Quote
Yep - that's the ticket. The attached file could, be captured. But if it's encrypted, then the hacker is still left with the original problem. I've heard of a method of dynamic encryption-decryption. With this technique, the encrypted file is sent along with the corresponding key needed to unlock it. The encryption pattern & its key are unique for each transfer. Using this method, if 2 messages are sent to a receiver, but only one is sent with its key, there could no way to use that key to unlock both messages - only the one sent with its key. The other has different encryption, and so it requires a different key to unlock it. Anyone attempting to hack into a message sent this way would have had to intercept the message & its key simultaneously at the moment of transference.
Link Posted: 11/22/2001 10:15:47 AM EDT
I'm in my mid fifties, not puter literate at all. I have know idea what you people are talking about. At this age, I ain't about to do anything that would put me in the stir. If they viewed my puter files I wouldn't even know it. Just a few letters to my Congressman and Senators and booked marked gun and tool sites. If they use it Constitutionally, and only for sole purpose of getting bad guys, have at it. "The times they are a changing" I prefer my mushrooms on a dinner plate.
Link Posted: 11/22/2001 11:21:13 AM EDT
Man you guys really know alot about this computer stuff. Me, I just put a check by the password box on Winzip when I zip files to prevent unauthorized reading of my "sensitive" files. When I run Norton's Speed Disk, I check the box that causes it to write binary zeros on the hard disk once, now if I really had some really to hide, I would have the program write binary zeroes 3 times.
Link Posted: 11/23/2001 6:26:11 PM EDT
[Last Edit: 11/23/2001 6:19:01 PM EDT by mattja]
Actually, you could probably write a simple little program to check if someone installed a key logger in Windows. If they use the standard method, which consists of two forms of "Windows hooks", you can traverse the chain of hooks to indentify the processes that installed them. There are other way to key log in Windows, but hooks are the most common method used. Norton or McAfee AV could be updated to check for these kinds of key loggers very easily.
Link Posted: 11/23/2001 6:43:44 PM EDT
Originally Posted By AR15Gator: This probably just reflects a technology dump from intelligence to law enforcement. The problem is that any court case involving this technology is going to blow secrecy wide open. I can't see how the government could avoid disclosing sources and methods in a prosecution involving this technology.
View Quote
Can you say "Military Tribunals"?
Link Posted: 11/23/2001 6:54:17 PM EDT
I guess the bad guys will have to resort to using keyword phases to communicate. Example if I post that I have a pre-ban AR-15 for sale attack target "A". If I post a have a post-ban AR-15 for sale attack target "B". It makes it harder to communicate but they can still transmit simple instructions.
Link Posted: 11/23/2001 6:58:13 PM EDT
Originally Posted By Avalon01:
Originally Posted By JIMBEAM: Avalon logon and password won't do much if they are monitoring your key strokes.
View Quote
If they can't get the keylogger onto your system, they don't know your username/password. Thats why I have a BIOS password on my computers, and another username/password to login to the machine. I also have firewall software installed on each PC (DSL at home), and a good anti-virus program that is updated weekly. Keyloggers and viruses don't work unless they get them onto your system. If they can't get access to your system, they can't install it, and if they can't install it, they can't monitor you. Av.
View Quote
BIOS passwords don't mean jack squat unless it's a laptop or you have a PADLOCK on the case. EVERY desktop motherboard has a jumper on it to disable the BIOS password to go straight into BIOS when you power on, you then select "Clear CMOS PASSWORDS" turn off the machine, move the jumper back and then turn the machine on...voila no password. do it all the time at work when customer's bring their PCs in for service and forget to give us the passwords. Most laptops have to either be disasembled or have a "key plug" that you plug into the parallel port when you turn on the machine. I have one for Compaq notebooks that I got from Compaq when I got my certification with them. just FYI No_Expert
Link Posted: 11/23/2001 7:05:48 PM EDT
Link Posted: 11/23/2001 7:18:12 PM EDT
true about the battery...but, I have seen some GOOD motherboards where the password info is written to NVRAM.... NON-VOLATILE (sp?) RAM that pulling the battery won't clear, gotta do the jumper thing. those are rare in most retail PCs... those are usually in servers and other high end units that come with the panel intrusion alarms. Course, not many people run those at home. No_Expert
Top Top