Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: FBI Virus Cracks Encryption

  1. #1

    Thumbs down FBI Virus Cracks Encryption

    The FBI is developing new surveillance software that would allow agents to decode the hard-to-break encrypted data of criminal suspects, MSNBC reported Wednesday.


    Many tech-savvy criminals encrypt their electronic communications to evade law enforcement. Known as "Magic Lantern," the FBI's new software is designed to eliminate this digital loophole.


    Magic Lantern works by infecting a suspect's computer with a virus that installs "keylogging" software -- a program that can capture the keystrokes typed into a computer. If agents can track what a suspect types, they could obtain information that would let them access the key a suspect uses to encrypt and decrypt data.


    That's because encryption keys are protected only by the pass phrase used to start the Pretty Good Privacy program, similar to the passwords used to control access to a network. If agents can decipher a suspect's pass phrase by examining what he types into his computer, they can gain access to his encryption keys. The keys can then be used to unscramble the suspect's encrypted messages.

    ADVERTISEMENT



    To infect a suspect's computers with the keylogging virus, the FBI could enlist a suspect's friends or relatives to email the virus inside an attachment, a source told MSNBC. The FBI could also infect a target computer by exploiting known security vulnerabilities, the source said.


    According to MSNBC's source, Magic Lantern is one of a series of enhancements the FBI is currently making to its Carnivore project, the name given to the agency's email-spying tool.

    -------------------------------------------------------------------------
    I got really really upset when I read this. Its bad enough I've got to keep an eye on script kiddies. Now the Gov;t has gone so far as to invade my space...... Its almost enough for me just to go out and Doss Those *******s!!!!!.......................

    With the respect to you american people. I have no respect to your Goverment!!!!! There just turned in to terrorists!!!

    Today is a sad day!!!!
    -=SolarisMKA=-

  2. #2

    Angry Re: FBI Virus Cracks Encryption

    Originally posted by -=solarismka=-

    With the respect to you american people. I have no respect to your Goverment!!!!! There just turned in to terrorists!!!
    I have to agree......



    Could you give me the link to the site that you got this information from?

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    For that to work, they would need the co-operation of the anti-virus companies out there. After all these types of viruses/worms are hardly new are they? Even if they somehow managed to persuade the anti-virus companies (which is highly unlikely), then I'm sure it wouldn't be long before details were posted on various sites.
    Perhaps they assume that there are people who know about email encryption, but not about the dangers of running email attachments without scanning them first.
    As an aside, the only viruses I have ever received were from friends, who did not realise they had (a) got the virus, or (b) were transmitting it

  4. #4

    Red face This is not new at all...

    This is a good topic to be discussing. The only thing I want to know is why is everyone thinking that this is something new? The feds are always trying to keep a step ahead of so-called hackers which in reality they are the hackers/crackers. I have no beef with the way that the feds are doing things but just come out from the dark and reveal to people that you can never be invisible online. They are just doing this to have the lead-way to just go into someones computer. Trust me...someone will be capalizing off of this little game. That is the his-story of the good ole United States. "Lets make the net safe for everyone but in reality they are the main ones that infest the net with all of the exploits. Trust me this is not new at all and to close this out...PGP is not "pretty good at all" because if you knew the sequence/formula then you would know that it is a weak program to begin with! It is stictly logical...anything that can be ciphered can be deciphered!

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    Originally posted by darkes
    For that to work, they would need the co-operation of the anti-virus companies out there. After all these types of viruses/worms are hardly new are they? Even if they somehow managed to persuade the anti-virus companies (which is highly unlikely), then I'm sure it wouldn't be long before details were posted on various sites.
    <snip>
    No they don't.
    This is paranoid & hypothetical
    What if the US gov had taken Billy Gates to one side and said something along the lines of... "let us plant trojans in your windows update site and well let you off your world domination / monopoly shite"
    Billy bows down and hey presto kids, the next time you update the latest gaping micro$oft hole you get a free keyboard logger hidden by a micro$hite signing cert. The Anti-virus companies are non the wiser and your in the hands of the feds before you know it.
    I'm not saying this has happened but it makes you wonder, it is possible.
    and... as XP has an auto update feature, this could happen begind your back without you even choosing to update / patch your box.

    Food for thought!

    J.

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    First off, I'd like to say that I've got nothing against the american government..

    every government of the world tries somethign at one stage or another that is really unlikely to work, and would cause a lot of privacy problems if they implemented it... thats called an attempt to gain power...

    but by doing this.. if they are developing a virus to do this thing.. then what is to stop it infecting other computers... ****, I've seen a small virus that was made by a friend take down his whole network.. this thing was simple as.. didn't have a complex replication method, just exploited FPS..

    And aside from the whole minimum control on this situation.. installing a keylogger.. why don't they just hire script kiddies... they could do exactly the same recording... at least in this fashion they would have more control over what is happening...

    #DISCLAIMER#
    I've been drinking for a long time.. feel free to ignore me...
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    In reply to jcdux:
    ==============================================
    This is paranoid & hypothetical
    What if the US gov had taken Billy Gates to one side and said something along the lines of... "let us plant trojans in your windows update site and well let you off your world domination / monopoly shite"
    Billy bows down and hey presto kids, the next time you update the latest gaping micro$oft hole you get a free keyboard logger hidden by a micro$hite signing cert. The Anti-virus companies are non the wiser and your in the hands of the feds before you know it.
    I'm not saying this has happened but it makes you wonder, it is possible.
    and... as XP has an auto update feature, this could happen begind your back without you even choosing to update / patch your box.
    ==============================================
    From a practical point of view, I can't really see that happening.
    Apart from anything else, that would cost MS loads of $$, if it could be proved (loss of customers, potential law suits etc.)
    I very much doubt that the security loopholes that exist in MS software are created deliberately by MS - its more a case that because it is the most widely used OS in the world, it is more vulnerable to attack.

    Oh, and in reply to mr_unforgiven, PGP is pretty good (difficult/ impossible to crack by sheer brute force), but like any other system, it is totally worthless if the key(s) are known.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Agreed.
    I don't think it's right that any government monitor the internet generically, they may target specific people they are looking for info on, though... if they suspect someone to be involved in crimes over the net, then by all means let them log everything they do... but what I don't want is people reading all my personal e-mail, and knowing everything I type into my computer!

    Somehow, untrustworthy as MS are, I don't think they'd run the risk of losing their reputation by letting the FBI put a keylogger in Windows Update... paranoid may have been a slight understatement?
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    I think it would be useful to take a long-term view of this. On one hand, as computers become more and more complex, less and less of the operation will be understandable by Mr. Does-not-devote-his-life-to-machine-code. Programs are essentially pre-packaged knowledge, the hardest part of programming is finding out how to make the computer do what you want from a few hundred tiny building blocks.

    Hueristic scanning is what's going to become the rage, I think. That is, scanning to determine unfavorable code by trying to figure out what it DOES and then determine if you want it, as opposed to checking it against a known list of viruses... The problem is that you have to be smart enough to code a hueristic algorithm that detects code that other people want to be secretive.

    What if you got a nice big supercomputer... had it emulate a few hundred slower computers... Whenever one of the emulated sub-systems fails... it gets wiped out and replaced with a random system that is still responding. Have some near-totally-random polymorphic code (in other words, let it be able to try to randomize it's own randomization routine, the very part of any polymorphic code that is usually never altered)...

    This AV routine should be allowed to move around some dummy files (whether these still exist is part of the determination of whether a sub-system is 'failed'), but only so that it keeps a certain maximum-limited area on the disk for itself to move around in...

    Then, you get programmers feeding known viruses to this little bugger.

    Although it is entirely possible that you won't have the kind of evolutionary curve that would make this feasible (it might take a year before you get a version that survives it's first virus in any way but dumb luck), it would certainly be interesting.

    After all, this has a parallel in nature. The most sucessful viruses are the ones which don't kill the host. You're breeding an immune system which continuously changes, and if it fails, it gets zapped and replaced with a random version of itself.

    I wen't WAAAY off topic now, I guess... but as for 'Magic Lantern', Maybe some hueristic scanning... If these FBI people had been REALLY smart, they wouldn't have it as a program that is sent to the bad-guy/oppressed-guy by his relatives... Instead, they'd patch up Carnivore/DCS1000 so that the next executable file he downloads of about the right size contains the program instead. On-the-fly data replacement. Yummy.
    [HvC]Terr: L33T Technical Proficiency

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Re: This is not new at all...

    Originally posted by -=solarismka=-
    If agents can decipher a suspect's pass phrase by examining what he types into his computer
    Using "decipher" here is an abuse of language (although I'm sure everyone knows) since you don't decipher the passphrase, you merely save it…


    Originally posted by mr_unforgiven
    PGP is not "pretty good at all" because if you knew the sequence/formula then you would know that it is a weak program to begin with!
    What do you mean by "sequence/formula"???


    Ammo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •