FBI Confirms Magic Lantern Existence

The_THOMAS (and many others) writes: "A day after major anti-virus firms waffle on their support for 'Magic Lantern', and nine days after Thomas C Greene of The Register tried to throw cold water on it's existence, the FBI Confirms the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"

They can get us Linux users too

[dfeldman]

As an administrator of several Linux boxes at work and at home, I was wondering whether or not I could be affected by the "Magic Lantern" program. The results came in, and quite frankly, I am frightented.

To start, I talked with my colleague's brother, "Joe," who is a criminal defense attorney. Joe told me that he has been following the Magic Lantern debate very closely, because his sources indicate that the FBI will be using it in many, many cases to prevent the possibility of seizing equipment with undecryptable data on it. In fact, it has been rumored that the proposed new FBI policy regarding searches of premises requires agents to attempt to use Magic Lantern (which technically counts as a consensual search) prior to even obtaining a warrant, if the warrant is to seize computer hardware.

Joe is not very familiar with computer technology, but he did say that a large part of the Magic Lantern program involves contacting ISPs to allow the FBI to alter network data destined for the suspect's computer. I will take that at face value because they seem to have no problem pulling rank on ISPs. I suspect that their "do it or we'll arrest you" attitude plays a big part in this.

With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box, and a stock Red Hat 7.2 box. Both used the installation CDs produced at least a few months ago, so they were both vulnerable to the wu-ftpd exploit and would need to be upgraded for production use.

My goal was simple: I needed to play the part of the FBI, and trick my machines into accepting a trojaned version of the new wu-ftpd package.

First, I set up a transparent proxy on my gateway box, which is used to split my cable modem connection amongst my home machines and those of several neighbors. I used a program called "squirm" to rewrite URLs ending in .deb or .rpm so that they would be redirected to my local web server, from which the trojanned .deb and .rpm files would be served.

Second, I produced trojaned .deb and .rpm files. The .deb file was trivial to modify, as only a checksum stood between me and a valid hacked version. The .rpm was a bit more difficult, because RedHat signs their packages with a PGP key. However, once I rebuilt the package and did not sign it with PGP, I had a fixed package.

Third, I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.

Fourth, I went to the Redhat box and did an 'rpm -U' pointed at the updates.redhat.com server. I got my trojanned RPM back, with no warnings or prompts to tell me it hasn't been signed. And I had an ftp server with a new backdoor up in a matter of minutes.

So, to summarize: the FBI can easily set up a transparent proxy between you and the Internet, and trick your OS into installing malware. You're damned if you do and you're damned if you don't, because you need to download the wuftpd-of-the-week sometime.

As a matter of comparison, my Windows 2000 box has no such vulnerability. The first time I went to Windows Update, I checked the box that said "always trust content from Microsoft Corporation." Therefore, only Microsoft's real certificate will be accepted by my machine. Even if the FBI forces Verisign to issue an impostor certificate, it will be detected and thwarted.

Linux distributions need to band together and find a trusted individual who will be responsible for signing all packages and verifying that they do not contain backdoors. That is the only way to solve this issue. Personally, I nominate Eric Raymond, because of his widespread respect from the community and business leaders alike. Additionally, he is a staunch libertarian and would not cave to government pressure to insert backdoors into something that he has signed. I believe that by charging the distribution vendors a small fee per package, ESR can again achieve financial success for himself and his family.

This is a serious issue for Linux users and I believe it should have been addressed years ago. That said, now is not too late and definitely not too early. I look forward to seeing this feature in all future releases of the major Linux distributions.

df

Anti-virus software

[Ryu2]

Major anti-virus vendors this week said they would not voluntarily cooperate with the FBI and said their products would continue to be updated to detect and prevent viruses, regardless of their origin, unless there was a legal order otherwise.

I thought that the antivirus companies had AGREED to NOT make their programs detect "Magic Latern"???

Congratulations.

This is a very nice new troll. Well done, and I hope it serves you well in your quest for angry replies.

Let me start the ball rolling by saying

"You fucking ignoramous!!!!"

:-) Again, congrats...you obviously put plenty of work into this.

Hackers Beware

[NatePWIII]

I'm not one for violating our freedoms however something like this may help in scaring would be virus creators, hackers and others problematic computer uses (ie. DDOS attackers). If it will help eliminate problems like that I'm all for it, even if my overall freedoms are curbed a little.

Why do people get riddled with fear?

[GeorgieBoy]

People fear things like this, yet they really don't have reason to unless they've been doing something worth investigating which is most likely some illegal activity. The FBI doesn't care to read your email or get access to your pr0n, their goal is to deal with threats to security and other illegal activity. The average citizen or even seasoned geek doesn't have much to worry about.

Unacceptable.

[Millennium]

Look, guys. It's simple.

Get a warrant. I'll show you anything you want to see, but show me your goddamn warrant first. Until you have it, you have no right whatsoever to search my, or anyone else's computer. I don't care what your reason is. This is not acceptable.

Re:"Magic Lantern" Defense?

[Ieshan]

Why would some guy at the FBI want to DO this?

How many geeks would it take them to monitor before they catalog a pattern: Either a) posting to /., or b) watching porn videos.

It just seems like a ridiculous counterpoint to say that "The FBI could watch you, any time they wanted!". Why would they WANT to watch you? Unless you were doing thing blantantly illegal, there isn't going to be some Massive FBI server that sorts through all the keystrokes of every windows98 user to find illegal, "hax0r" activity.

Yeesh.

Two things.

[ImaLamer]

First - I don't think this is going to be used to catch one 'terrorist'. Not saying that it's going to be a complete failure... but that they are more using this to go after those 'Drink or Die' types. [makes sense, we are getting ready for DRM right?]

Second - Get out your history books and find the word communist. Scratch out all references, and put the word terrorist over it. Read that. That is what is going to start.

Everyone applauded Bush after the attacks on Afghanistan and we love it when he makes those jokes, but I don't think he's the right person to be in that position. Boundries will be overstepped. John Ashcroft... what a joke, should be be John Stalin.

Also, I think I may have this 'virus' because everytime I try to download something from alt.binaries.pictures.centerfolds.playboy my USB cable modem goes off. Something doesn't seem right here.
\
\
\ ... \\\