Results 1 to 8 of 8
  1. #1
    Junior Member
    Join Date
    Jan 2008

    Government Trojan - Evidence of Magic Lantern?

    I think I may have a government-made trojan, but I don't have the expertise to make that determination. I'm hoping someone here does.

    Two years ago, I worked for a bank, and left after about a year. I've since been raising a family, and had no idea anything was out of the ordinary.

    Just recently, however, the feds revealed in court documents that I am the target of a federal investigation into alleged embezzlement at the bank. As part of that investigation, it appears that federal agents attempted to install a "Magic Lantern" type trojan on my computer via an email.

    What makes me suspicious?

    1. The email (which I believe actually came from the feds) supposedly came from a former colleague of mine at the bank at which I'm accused of the embezzlement. I hadn't had any contact with my former colleages for over a year.

    2. The day after I opened the email, out of the blue, federal agents conducted a raid on my property.

    3. When I was still employed by the bank - before any allegation of wrongdoing was made - the colleague sent me the same pictures. I compared the properties of the Before/After pictures. The original pictures are of a smaller file-size than those sent by the feds.

    I wanted to post the suspicious files here, but I ran into file-size limitations (568kb total). I'd like to have the files analyzed to determine whether they have any trojan-like capabilities. Is anyone here willing and capable of performing such an analysis?

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003

    What government are we talking about??

    What kinda pictures are those pictures.....like are they illegal pictures....in your country...my country..???

    Why is the government so interested in you?

    What did you do??

    Copy a music cd

    Last edited by morganlefay; January 1st, 2008 at 07:31 AM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Copy a music cd

    You must spread some Reputation around before giving it to morganlefay again.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Hi, a Happy New Year, and welcome to AO.

    Just recently, however, the feds revealed in court documents that I am the target of a federal investigation into alleged embezzlement at the bank.
    1. Is that you in the singular, or as part of the team or department/office where the fraud is alleged to have taken place?

    It is normal (and good) practice to investigate ALL personnel in cases such as this. Otherwise you give the defence attorneys a brilliant opportunity to introduce "reasonable doubt" that someone else did it and you are just the "fall guy" or "patsy" because the Feds are incompetent

    2. If it is just you, have any arraignment or charging procedures been instigated?

    3. If the answer to either #1 or #2 is "yes" I would strongly advise you to seek the advice of an attorney. Only do this if you are actually being accused, as opposed to investigated. Attorneys are expensive, but if you are in real danger you do not want to contaminate any possible evidence of misfeasance on the part of the authorities?

    As for this "Trojan", please don't do anything that would remove or damage it. Please use the PM (personal messaging) system on this site to contact me and I will give you an e-mail address to which you can send attachments of up to 10 megabytes per message.

    Now, what are the other possibilities? could it be that you have been sent this information (again!) in order to incriminate you? That would not be the Feds, that would be the true Perp(s)

    Do I know what I am talking about?........... well, there is always a first time isn't there?

    I won't disclose any more than that, although I have conducted numerous "rat hunts" the only one I ever did for a US financial institution was for W**** F****, so I do know how they operate.

    Incidentally, the "Trojan", if there is one, will be embedded in the body of the e-mail, not in the pictures. If there is anything in the pictures, it will be using "Steganography", but it is pretty clumsy and difficult to extract, reassemble and run an executable from that environment. That would be when I would suspect a "set-up".

    Good luck

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Wow, intense stuff. Post the pics
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Third planet from the Sun

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    I apologize...

    I appeared to use sarcasm in my response...

    I remember some conspiracy theroies how the government would release trojans to the public...to monitor activies.....

    or use existing infections to do so.

    Then there is the old NSA registry key which was supposed to reside in all windows OSes??

    So...bear with me...if I am alittle skeptical on these types of questions...

    although I dont trust the current US administration

    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Well there's plenty of keylogging and monitoring software packages out there. Beats me why the Feds would want one of their own, sort of like reinventing the wheel?

    I know that there were suggestions that it would be deliberately "ignored" by anti-malware packages............. well that I don't buy for one second.

    1. Anti-malware detects potential malware period.............or it tries to.
    2. A lot of those products are from companies that are not under US jurisdiction.
    3. If you leave a backdoor, how long before the bad guys find it, exploit it, and leave your security product with no street cred whatsoever?
    4. It is legally questionable, if only that if it allows remote access then that leaves the whole question of planted evidence wide open.

    Admissible computer forensic evidence needs to be collected in accordance with very strict rules, I doubt that this method would comply.

    Having said that, I could envisage something of this nature being used as a "fishing expedition"

Similar Threads

  1. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  2. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 08:37 PM
  3. Reverse-Engineering the First Pocket PC Trojan, Part 1
    By MrLinus in forum AntiVirus Discussions
    Replies: 1
    Last Post: October 12th, 2004, 05:26 AM
  4. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM
  5. A new Trojan for *Nix...
    By [WebCarnage] in forum Security Archives
    Replies: 0
    Last Post: January 10th, 2002, 08:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.