Slashdot Mirror
Symantec Will Not Detect Magic Lantern
An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
It would be nice if they included some sort of guarantee that the FBI would need to get a warrant to prevent their product from detecting it. Maybe some sort of encryption scheme where the FBI would need to provide Symantec with a warrant to get the key to get around their product.
So how long before we see antivirus software that doesn't obey the rules of the FBI?
How about adding our own definitions to the popular antivirus software?
Norton and McAffee aren't the only games in town, and anyone who the FBI will be spying on will know better than to not rely on those two options.
By the way: I thought that the FBI wasn't allowed to spy on American people?
How's OpenAntiVirus doing? How does it compare to the Big Two? - If it can't hold up, do "we" have any other viable options outside of McAfee and Symantec?
Send your friends messages of love at fuck-you.org
ahh .. and this idea brought to your buy the same people whom wanted the "Clipper Chip".
... Would a software program whos only goal is to find and exterminate this FBI, big brother, "virus" be considered illegal and be regarded as destruction of FBI property?
But one would have to wonder
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
Eventually, I'm gonna need a scorecard to keep all this striaght.
"Prepare for the worst - hope for the best."
C'mon, think about it! Remember the story about the NSA keys built into NT? ALL major proprietary systems have back doors for "national security" purposes!
Yeah, right. Who determines what's secure? As soon as the FBI tells them it's secure, and that detecting it would threaten nation security they'll roll right over. I love the fact that the US .gov can HACK/CRACK all it wants, mean while it's citizens can't even watch an F'in DVD on their non-commercial OS because of reverse-engineering laws (DMCA).
-- mikeDOTd
I've yet to see the the "Is my phone tapped service(tm)" on ordinary phone lines. So why would any company trying to stay on the right side of the government be producing tools to aid potential criminals?
The other assumption people seem to be making is that the people who are being tapped in this way, will understand that they have been infected by a virus and then sending it off to the anti-virus companies or someone else clued up for analysis.
- It would be a very stupid idea for the FBI to use it to spy on hackers..
Jason
Well, if the antivirus vendors are going to include a sufficiently detailed signature in their products for the FBI's virii, that should help anyone trying to build a detector.
I'm sure somebody will try to build malware that impersonates this so-called "Magic Lantern" - I hope they call it "Magic Latrine" :^).
But wouldn't it be nice to see a GPL'd program to detect the FBI's virus? Then, if I found it on my machine, I could stop the goverment-sponsored theft of my CPU cycles. Of course, I'd then call the FBI and offer to let them reinstall it given adequate monetary compensation - but that's just me, you might take some other action.
--Charlie
If government seeks to use clandestine and furtive methods to monitor citizen actions, it can ill afford to complain should the citizen insist on a method to effect his right to know he is under such surveillance.
Judge Joseph Ryan, Superior Court, District of Columbia
Granted, its only a district court, however it is a compelling opinion, and a brilliant interpretation of the Fourth Amendment. IR detection/imaging and monitoring utility bills have been tossed out on similar grounds. I wonder what AVP is going to choose... Perhaps this is a great opportunity for Free Software, I just wonder how a free software anti-virus lab would work. Anyway, end of my rant.
cat
Does anyone know the stance of non-US companies of anti-virus software on Magic Lantern? If a foreign product detects an FBI trojan horse will it then become illegal under some US law?
This will only catch the dumb or the pedophiles.
Are they writing this "virus" for BeOS? how about OS/2?
What about a linux box running as only old a.out?
I can think of at least 70 ways to make their "virus" not work on my machine. (I highly doubt that this "virus" will run on my Linux development box that uses a Hitachi SH4 processor)
all this hubub about company X or software Z will or will not detect this virus app is pure marketing and hype. Noone who is really threatened by this could care as it is easily defeated from ever infecting the system by simply changing the archetecture...... Hey FBI, not everyone runs windows on Intel hardware.
Do not look at laser with remaining good eye.
I`d expect them to give me a crafty phone call, yes. Wouldnt you? What are you paying them for? To keep most people out of your house?
Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.
There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Will copies being sold in Europe contain this "feature" too? I'm European and I don't trust US goverment at all.
Whould you complain if they didn't protect your system from government hackers in China? In France? Working for the UN? These are government agents and if you're systems weren't protected from them from security that you bought then you'd be really pissed. You pay for security companies to protect you. Your analogy of the security gaurd is flawed. A security guard will stop a Federal agent and verify his search warrent and then see to it that the warrent is not executed incorrectly. He's there to protect your stuff and your rights. He'll also notify you the police were there, why they were there and what occured. Electronic security companies are breaking the trust of the person who bought the software. One would expect that the software prevents all intrusions. If it does not then the software is flawed. Allowing back doors is considered bad software design, I don't see how this situation changes the rules of software design.
Government agencies have no reason to "crack" a system, if they're really interested they can get a search warrent and examine the system. The search and ceasure laws were designed to put all government investigative action in public view. Secret searches cannot be justified. If there is no good way to get the passwords for the keys, then the government is SOL. So they don't have one piece of evidence, I hope that the evidence that they do have would be more than just bits on a hard drive.
Lets see, I am betting within days, this Virus (that's what it is, the FBI can say what they want) ends up on say computers in Canada. What I want to know is what they well do to prevent non us computers from being infected. From what I have been reading, they are not doing a thing meaning even tho I am not in the US, they can still see what I am doing.
.exe on e mails, my friends never send me exe on e mail because they do the same thing I do, del it
Now her is how you prevent yourself from getting the virus.
1 don't open he
2 Use a firewall. Got a fire wall/dhcp running on a p120 Linux system. This means they would literally have to hack the firewall to get to my systems. Do they really have the time to hack my system that is non US
3 Just don't run windows (or at least on the computers you ar doing bad things on).
My 2 cents plus 2 more
Its never about if your wrong or right, its about political views. Many people in the US seem to be blind to the reasons justice organizations go on holy crusades. Its either political or religious. Right or wrong is decided by the group that better lawyers.
Your free to live in the USA as long as you have the same morals, if you don't its off to prison with you. Over a million people are in prison in the US for minor drug related charges, Over 2 million are on parole for minor drug offenses as "Position of marijuana"
The moral majority in the US has passed laws to keep freedoms from you. They empower the jacked boot thugs to take everything you own, lock you away, and forget about your speedy trial. They can ruin your life, walk away and say "All in a days work, protecting the innocent..."
Crime is murder, rape, arson, robbery, identify theft, violence and abuse...
NOT backing up software, fair use, recording a tv show, downloading an mp3, having sex, smoking, erotica, fiction writing, speaking against the government, abortion and sexual orientation...
At least they cant put me in prison for detecting a trojan, right?
-
The law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread. - Anatole France (1844 - 1924)
As soon as someone does get infected, someone will detect it. It has to send it somewhere, probably a simple IP. How long before someone hacks the crap out of that box(s). Or figures out how magic latern sends info back and starts just flooding it with, "hey FBI, you are a bunch of f***ing idiots.". Really this magic latern news is getting old, it is just a matter of time before the FBI realizes that this approach will not work. They are better off doing it a more legal way, case by case. If you first suspect someone, get a warrent, then you sniff their packets. If it's encrypted then you go the next route. But one at a time. Pay proffesional crackers, don't waste money on a cookie cutter solution that won't work three days after it is invented. I think most people don't need to worry unless they are doing illegal things in insecure ways, in and out of the internet.
Why is this thing a Trojan?
There would be no issue at all here if this program was something that had to be manually installed. If the FBI got a warrant to enter a suspect's home, install a 'tap' on his PC, and then retrieve the data, there would be no issue.
Any criminal savvy enough to detect that sort of intrusion is also savvy enough to detect and subvert Magic Lantern. Hell, if I had something to hide, I'd keep it away from the networks, on an encrypted drive, wired to destroy the data if I failed to log in correctly - and I am NOT a criminal mastermind.
All ML does, by being a Trojan, is get non-criminal technologists pissed off over civil rights and such.
Sure, it may make the 'tap' easier to set up remotely (does it really? only with very ignorant criminals I think) and to pull data off as it's being generated, so that a logfile can't be easily found (but anyone with something to hide is likely to be sniffing their own packets anyway, no?).
There's something else going on here. It could be about testing the waters for industry compliance to Federal backdoors (PGP anyone?). It could be to increase the anxiety level of technologically inept/newbie potential terrorists.
The publicity level of this strikes me as a diversionary tactic, because the technological aspects of ML are surely defeatable (we can look at our own packets down to the bit after all) and the audacity of it (Big Brother factor) is sure to kill it.. The next step is to have each cell phone sold with a listening device that the FBI could turn on remotely. Even the technologically ignorant would not stand up for that, or for this.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Do Home Security firms get in trouble when their devices tip a criminal to police presence on their property? I doubt it. How would this be different?
Yes, but no. If the security firm notified the suspect that they were being surveilled by authorities they may be interfering with a criminal investigation. However, if I was running a large crime empire and I hired someone to find out if I was under surveillance and they found out that I was, I would not let those surveilling me know I was aware of them. Knowing if and how you're under surveillance would be a great benefit, allowing you to lay down a false scent and better hide your activities. So the first order of business would be to hide the knowledge.
Furthermore if such a company finds something but they are not sure what it is, they can rightfully tell the client that "SOMEONE" is listening. I think they would have a major problem only if they knowingly interfered with a police investigation.
I know several linesmen working for Verizon in the NYC area and they described how a wiretap is generaly obfuscated (by setting up weird routes for the lines, etc) and they all get to hear the same story when they first start. The story goes that a linesmen found a wiretap on some big shots line while troubleshooting, figuring he would collect a "finders fee" and maybe be owed a little favor he decided to inform the customer. Only problem is that he wasn't too bright and decided to call the customer on the line that was tapped, thus letting the FBI and whoever else listening know that he was blowing the whistle. He supposedly was prosecuted and relieved of his job.
-- Button up, your ignorance is showing
The cake is a pie
Ok, correct me if i'm wrong here... I live in Canada, if I buy software that claims to detect viruses and trojans but in fact it deliberately allows trojans from a foreign nation's secret service is that not some kind of fraud?
Seriously, would this even be legal outside the USA?
I wonder if the expressed policy on their antivirus products (if it's FBI, it's OK) is extensible to other even more sensible products...
That is, should I trust NAI and their PGP product? What's the difference between not detecting an FBI-designed virus and having a backdoor on PGP only known to the FBI (or any other 3-letter agency by that matter)?
Does Symantec's firewall turn into a highway when it is the FBI that is trying to 'access' the network?
I consider this issue quite pathetic, security is build on trust and I don't see how can I trust these companies anymore after they publicly recognize their collaboration with third parties.
Partly, I am already using open source and non-US products but I will do it even more from now on and I encourage you all to do the same.