Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Security Firms Detect Police Spyware?

Posted by kdawson on from the who-do-you-trust dept.

cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."

34 of 269 comments (clear)

  1. Would you TRUST their answers if they said "no"? by khasim · · Score: 4, Insightful

    I don't trust any of them NOT to do whatever the cops/government want(s).

    Open Source all the way.

  2. New solution by Anonymous Coward · · Score: 4, Funny

    I am going to send all my private messages by owl from now on.

  3. note to self by timmarhy · · Score: 4, Informative
    "Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

    never buy anything from check point.

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:note to self by ArcherB · · Score: 3, Insightful

      "Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

      never buy anything from check point.

      So I presume you are against the police using spyware as a tool in all circumstances?
      Would your opinion change if the Police had a warrant? What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?

      Is this just limited to adware? If you daughter were kidnapped, would you protest them using her cel phone to track her?

      I know it's cool to be against the 5-0, but I feel you opinion may change once you need the police to protect you or give you justice when a crime has been committed against you.

      --
      There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    2. Re:note to self by evanbd · · Score: 5, Insightful

      Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.

    3. Re:note to self by Copid · · Score: 5, Insightful

      I don't totally disagree in theory, but as I see it,the problem with this is similar to the problem with encryption key escrow: If there's a hole in the security for the "good guys" the "bad guys" will figure out how to exploit it. If the government has a way to get your encryption keys, even assuming that they're always on their best behavior, you can bet that a smart kid somewhere will figure out how to get your keys as well, and you can't assume that he'll be on his best behavior. Likewise, if you program a blind spot into a virus / malware scanner, I don't think it's unreasonable to bet that the same kid will figure out a way to make his malware look benign enough to slip through the same hole.

      It's a simple rule of security: If there's a low security path, the bad guys will take it. That's how they win. Assuming otherwise is silly.

      --
      An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
    4. Re:note to self by Danse · · Score: 4, Insightful

      If they have a court order (with proper oversight), I don't see a problem with this Read a newspaper in the last few years? Oversight is pretty much non-existent anymore.
      --
      It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
    5. Re:note to self by statusbar · · Score: 4, Interesting

      All that needs to be done is for a hacker to find out what specific software is used by the police, and subvert it so that the hacker can use it to attack people while the spyware detector software purposely ignores it, thinking that it is from the police.

      --jeffk++

      --
      ipv6 is my vpn
    6. Re:note to self by misleb · · Score: 3, Insightful

      So I presume you are against the police using spyware as a tool in all circumstances?


      This isn't about how and when police should use wiretaps. It is about companies ignoring their ethical obligation to detect any and all "spyware." Hence the note to self: "Never by anything from Checkpoint" They either can't be trusted to do the job you pay them to do.

      For an example of why this whitelisting is a problem regardless of whether or not individual wiretapping cases are legit: What if a criminal decides to utilize the police spyware? How hard can it be to take a machine has been "bugged" by the police, find the binary, and copy it for your own use... and do your dirty work undetected? All it takes is one clever hacker to dissect the police keylogger and distribute it amongst his friends....

      -matthew
      --
      "THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
    7. Re:note to self by HiThere · · Score: 4, Interesting

      You *have* noticed what kind of oversight is being provided these days? When ANY is provided...

      Oversight essentially means they run back to the office and time-stamp a preprinted form. There's a little more involved than that, but not much. They get to choose the most pliable judge available...and there are some who are pretty pliable.

      The bizarre thing is that even THAT much oversight is seen as too much by those in charge of the snooping agencies. And it's not usually because of urgency. (As I recall they can get special exemptions for planting a bug on a target of opportunity...retroactive permission.)

      The current moral corruption of the police appears to extend all the way from the local level to the federal. (I hope your local police are still honest. If so, count yourself lucky...or uninformed.)

      This current level of corruption probably reaches back to Nixon's Imperial Presidency, and before him to FDR's centralization of the government. And before him, also. (Notice that it's not specific to any one party. What one party does, the other party rarely repeals.) With the removal of habeas corpus it's barely disguised any more. This *IS* a police state. So far it's a more humane one than most of it's predecessors, but it has the diagnostic features. Britain is, or appears to be headed, the same way.

      Probably this is because of two basic features:
      1) Population density makes it more difficult to control people, and
      2) The removal of a frontier means that if the powers that be get mad at you, there's no place to escape to.
      Ostensibly these two factors pull in opposite directions, but actually the freedom of the frontier had a back-transference that lead to greater liberty in the sessile population.

      What can be done? Solutions seem either difficult or undesirable. Either drastically decrease the population (H5N1 may attempt this solution), or create a new frontier (which must be reachable at least by the middle class, if not by the impoverished). Space travel appears too expensive for the foreseeable future. Ditto for under-sea colonies. And it has to be a meat-space frontier. Virtual realities don't have the same "getting out from under the thumb of an oppressive government" effect (except in fantasy...which isn't sufficient).

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    8. Re:note to self by HiThere · · Score: 3, Insightful

      Besides, if they'll whitelist the police, they'll whitelist Sony...as many did.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    9. Re:note to self by mcpkaaos · · Score: 3, Insightful

      So I presume you are against the police using spyware as a tool in all circumstances?

      Yes, unless they have a proper warrant, legally issued by an actual judge. Refer to the 4th amendment.

      Would your opinion change if the Police had a warrant?

      A warrant means oversight. I'm fine with that. Again, refer to the 4th.

      If you daughter were kidnapped, would you protest them using her cel phone to track her?

      My only protest is that you are resorting to emotions instead of continuing intelligent debate. In any case, it's a clear non-sequitur (and poorly laid trap) and has no place in the discussion.

      --
      It goes from God, to Jerry, to me.
    10. Re:note to self by rtb61 · · Score: 3, Insightful
      Problem, easy, hmm, police spyware, the magic box solution, the code can't ever be copied and used for criminal purposes, less than honest law enforcement officers would never ever sell copies of the program for other people to use, never ever.

      Technically law enforcement is giving the code away free, to the very criminals we should be endeavouring to keep the code away from, all they have to do is find it and get a cracker to reverse engineer it.

      A back door is a back door is a back door, when you pay for security software you pay for a complete solution, not some thing that leaks like a sieve. Security companies either declare the holes in the package or they knowingly commit fraud about the security of the software that they are providing.

      Basically if the law enforcement want to poke their sticky beaks in, they need to whack in a bit of hardware and have the warrant to go along with it, software is just a bull shit lazy trap waiting to blow up in their and our faces.

      --
      Chaos - everything, everywhere, everywhen
  4. Re:Would you TRUST their answers if they said "no" by HomelessInLaJolla · · Score: 3, Insightful

    They don't need to turn a blind eye to policeware. The commercially available remote administration tools aren't in the databases.

    --
    the NPG electrode was replaced with carbon blac
  5. Fastens buckle on tinfoil hat by fishthegeek · · Score: 4, Insightful

    I'm not normally given to conspiracies, but this is ridiculous. The fact that we're having this conversation means that at least someone is concerned about the possibility of Government key loggers not being detected, and if it's taken someone outside of gov't this long to discuss it then I feel certain that the gov't itself has been thinking about this for some time.

    These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.

    --
    load "$",8,1
  6. Whitelisting entities? by Pitawg · · Score: 5, Insightful

    As far as I am concerned, no company that white-lists "entities" is in security.

    White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.

  7. The respondents weaseled by Cafe+Alpha · · Score: 5, Interesting

    You'll notice that when asked about key loggers they started talking about methods of detection other than signature recognition. Kaspersky even mentioned that he wasn't talking about signature recognition which is the only reliable method.

    You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.

  8. TFA didn't ask about National Security Letters by schwaang · · Score: 4, Informative

    The question was "Have you ever received such a court order signed by a judge...".
    But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.

    That's only in Amerika of course.

    1. Re:TFA didn't ask about National Security Letters by cyberstealth1024 · · Score: 3, Informative

      For the rest of you Googlers: National Security Letter

    2. Re:TFA didn't ask about National Security Letters by schwaang · · Score: 4, Informative

      Totalitarian dictatorships absolutely would do this. But then, that's actually my point.

    3. Re:TFA didn't ask about National Security Letters by badfish99 · · Score: 3, Funny

      A friend of mine once worked in a job that required him to have signed the Official Secrets Act (this was in the UK, many years ago). He told the the following story: I don't know whether it was true.

      Once you have signed the act, you are not allowed to reveal certain official secrets. He read the act and discovered that the fact that he had signed the act would be one of the official secrets that he was not allowed to reveal.
      So, whenever he was asked whether he had signed the act, he would say "under section x.y of the act, I am not allowed to tell you that". Everyone took this to mean "yes", and duly proceeded to reveal their various secrets to him. Of course, he had never signed the act.

    4. Re:TFA didn't ask about National Security Letters by FailedTheTuringTest · · Score: 3, Informative

      It's an amusing story, but of course it is not true. First, the Official Secrets Acts (1911 and 1989) are law, and is enforceable whether the person in question has signed anything or not, just like any other law. "Signing the Official Secrets Act" (or more properly, signing a statement acknowledging that they understand the provisions of the Act) is simply a way of impressing people and reminding them that loose lips sink ships. Second, the Act doesn't say anything about signing it, and of course nothing about not telling people whether you've signed it. (Official Secrets Acts 1911 and 1989)

  9. Re:Undetectable Policeware = Undetectable Malware by Howitzer86 · · Score: 3, Insightful

    That's not likely, as there isn't such a thing as a policeware flag. Instead, the federal government will contact the spyware removal companies and let them know that their super secret monitor worm/trogan/virus/whatever is not to be put within their databases.

    Sure, at some point someone may create a malicious program that pretends to be an established policeware program, but that would be big enough to create headlines... and it's reign would thus be short.

  10. Police spyware used by the dark side? by syousef · · Score: 4, Interesting

    1. Whitelist police spyware
    2. Crim gets hold of police spyware
    3. Crim gets pwns your machine, steals your identity and makes your life a living hell for the next 3 years or more.

    If you paid for a piece of anti-spyware and they leave a backdoor open like this, isn't that a case of negligence?

    --
    These posts express my own personal views, not those of my employer
    1. Re:Police spyware used by the dark side? by BUL2294 · · Score: 3, Informative

      I live in Chicago. Half the cops here are crooks, and the other half would never snitch on their crooked friends...

      So, yes, such white-listed malware is bound to get into the hands of crooks--especially if it's in the hands of cops.

      --
      Windows 3.1x calc: 3.11 - 3.10 = 0.00
  11. Don't play stupid.. by msimm · · Score: 3, Insightful

    Some technologies are simply too easily abused. You want to check my system for criminal activity? Fine. Get a warrant and confiscate it. I don't think this is anti 5-0. This is checks and balances. There are tons of great people involved in law enforcement, but adding tools and acceptions like this is just taking another needless step down a slippery slope.

    We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves.

    --
    Quack, quack.
  12. Well, this isn't exactly new... by Penguinisto · · Score: 4, Informative
    Seriously - there's even a good reason why MSFT doesn't really want to talk about it.

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  13. -1, Moot by StikyPad · · Score: 5, Insightful

    Unlike traditional malware, "policeware" would only be present on the target machine(s), rather than spread to any and every computer, so it's extremely unlikely that AV vendors would ever receive a sample. No sample means it would continue to go undetected, provided it was designed to go undetected in the first place.

    And how often do you look at the back of your computer? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.

    The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.

    --
    https://www.eff.org/https-everywhere
  14. Re:Security by Jugalator · · Score: 5, Informative

    Decoded because tinfoiling or making a point this way is just plain annoying... :-p

    "Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds."

    With Bush in office you can only expect more of the same.

    --
    Beware: In C++, your friends can see your privates!
  15. McAfee and Symantec dropped the ball by BillGatesLoveChild · · Score: 5, Informative

    Consider what happened with the SONY rootkit? Bruce Schneier (Cryptography and Security Expert) reported that Symantec and McAfee who both knew about the SONY rootkit did not add it to their signatures file. Apparently if SONY hacks your computer, that's fine with them! They only updated their files once SONY themselves had retracted the rootkit. http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html

    If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.

    Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?

  16. Brilliant! by Deadplant · · Score: 3, Insightful

    1) AV companies whitelist trojan used by government agents.
    2) government agents install said trojan on all the bad-guys computers.

    So now all the known bad guys have copies of a trojan that is whitelisted by the AV software...
    What could possibly go wrong?
    That's exactly the level of intelligence I've come to expect from this government.

    Oh wait, maybe they'll copyright the the trojan so the bad guys can't copy it and use it on other computers...

    Any AV company that co-operates with such a plan is incompetent.

  17. Generic test? by wytcld · · Score: 3, Interesting

    Is there such a thing as a generic test for keyloggers? Perhaps some way to profile a known-clean system and then spot the difference in some aspect of performance if a keylogger is subsequently inserted? If the keylogger is rootkit-like it may be hard to spot in the small space of memory it would require. But wouldn't it usually introduce some slight delay in the speed of keyboard input getting to the intended program? Is there any way to test for that without the test program itself getting the same slightly-delayed input, with no way to measure when the key actually made contact? Can keyboard input be simulated in a way that would send it through any installed keylogger, and so reveal it?

    Alternately, the keylogger is most likely storing the logged keys either in clear or in isomorphic form to the input. So if you inserted your own keylogger into the system, what would it take to scan memory (and drives?) for matches on samples of what your own keylogger captures? Keyloggers aren't going to want to be burdened with heavy encryption to avoid this scanning, since that would add enough system load to make them more spottable by other means. Obviously you'd have to mask out the legitimate memory locations of, say, your word processor the input's going to - which would miss a keylogger patched into your word processor.

    Is anyone working on a way to harden systems against this whole category? (Yeah, key-logging dongles are yet another thing. Software insertion is the question I'm addressing.)

    --
    "with their freedom lost all virtue lose" - Milton
  18. What are the chances of... by ls671 · · Score: 3, Interesting

    What are the chances of success of a company specifically advertising that they don't overlook any spyware (including intelligence services spyware) from any country including US and making their business model on it?

    --
    Everything I write is lies, read between the lines.
  19. Re:Security by biggles266 · · Score: 3, Funny

    I for one welcome our new Tbireazrag overlords!