Magic Lantern (software)
Encyclopedia
Magic Lantern is keystroke logging
software developed by the United States' Federal Bureau of Investigation
. Magic Lantern was first reported in a column by Bob Sullivan
of MSNBC
on 20 November 2001 and by Ted Bridis of the Associated Press
.
or by exploiting common operating system
vulnerabilities, unlike previous keystroke logger programs used by the FBI. It has been variously described as a virus
and a Trojan horse
. It is not known how the program might store or communicate the recorded keystrokes.
request filed in 2000 by the Electronic Privacy Information Center
, the FBI released a series of unclassified
documents relating to Carnivore
, which included the "Enhanced Carnivore Project Plan". Sullivan's confidential source said that redacted portions of that document mention "Cyber Knight",
. When the attachment is opened, it installs a trojan horse
on the suspect's computer. The trojan horse is activated when the suspect uses PGP
encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.
Spokesmen for the FBI soon confirmed the existence of a program called Magic Lantern. They denied that it had been deployed, and they declined to comment further.
Concerns include uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the jurisdiction of the law.
Bridis reported that Network Associates (maker of McAfee
anti-virus products), had contacted the FBI following the press reports about Magic Lantern to ensure their anti-virus software would not detect the program. Network Associates issued a denial, fueling speculation as to which anti-virus products might or might not detect government trojans.
CNET News has surveyed 13 security companies about their contacts with and level of cooperation with law enforcement authorities.
Graham Cluley, a technology consultant from Sophos
, said "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn’t know whether it was being used by the FBI or if it had been commandeered by a third party". Another reaction from this came from Marc Maiffret, chief technology officer and cofounder of eEye Digital Security who states: "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools."
When asked if Magic Lantern would need a court order to deploy, FBI spokesman Paul Bresson would not comment, stating: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process." Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Implementing Magic Lantern does not require physical access to a suspect's computer, unlike Carnivore, a predecessor to Magic Lantern, since physical access to a computer would require a court order.
Following the media coverage of Magic Lantern, F-Secure
(a Finnish anti-virus company), announced their policy on detecting government spying programs: "F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
Keystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
software developed by the United States' Federal Bureau of Investigation
Federal Bureau of Investigation
The Federal Bureau of Investigation is an agency of the United States Department of Justice that serves as both a federal criminal investigative body and an internal intelligence agency . The FBI has investigative jurisdiction over violations of more than 200 categories of federal crime...
. Magic Lantern was first reported in a column by Bob Sullivan
Bob Sullivan (journalist)
Bob Sullivan is an award winning American online journalist, author and one of the founding members of msnbc.com...
of MSNBC
MSNBC
MSNBC is a cable news channel based in the United States available in the US, Germany , South Africa, the Middle East and Canada...
on 20 November 2001 and by Ted Bridis of the Associated Press
Associated Press
The Associated Press is an American news agency. The AP is a cooperative owned by its contributing newspapers, radio and television stations in the United States, which both contribute stories to the AP and use material written by its staff journalists...
.
How it works
Magic Lantern can reportedly be installed remotely, via an e-mail attachmentE-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images...
or by exploiting common operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
vulnerabilities, unlike previous keystroke logger programs used by the FBI. It has been variously described as a virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
and a Trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
. It is not known how the program might store or communicate the recorded keystrokes.
Purpose
In response to a Freedom of Information ActFreedom of Information Act (United States)
The Freedom of Information Act is a federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government. The Act defines agency records subject to disclosure, outlines mandatory disclosure...
request filed in 2000 by the Electronic Privacy Information Center
Electronic Privacy Information Center
Electronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
, the FBI released a series of unclassified
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
documents relating to Carnivore
Carnivore (FBI)
Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic...
, which included the "Enhanced Carnivore Project Plan". Sullivan's confidential source said that redacted portions of that document mention "Cyber Knight",
Example deployment method
The FBI intends to deploy Magic Lantern in the form of an e-mail attachmentE-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images...
. When the attachment is opened, it installs a trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
on the suspect's computer. The trojan horse is activated when the suspect uses PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.
Spokesmen for the FBI soon confirmed the existence of a program called Magic Lantern. They denied that it had been deployed, and they declined to comment further.
Antivirus vendor cooperation
The public disclosure of the existence of Magic Lantern sparked a debate as to whether anti-virus companies could or should detect the FBI's keystroke logger.Concerns include uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the jurisdiction of the law.
Bridis reported that Network Associates (maker of McAfee
McAfee
McAfee, Inc. is a computer security company headquartered in Santa Clara, California, USA. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion...
anti-virus products), had contacted the FBI following the press reports about Magic Lantern to ensure their anti-virus software would not detect the program. Network Associates issued a denial, fueling speculation as to which anti-virus products might or might not detect government trojans.
CNET News has surveyed 13 security companies about their contacts with and level of cooperation with law enforcement authorities.
Graham Cluley, a technology consultant from Sophos
Sophos
Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways....
, said "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn’t know whether it was being used by the FBI or if it had been commandeered by a third party". Another reaction from this came from Marc Maiffret, chief technology officer and cofounder of eEye Digital Security who states: "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools."
When asked if Magic Lantern would need a court order to deploy, FBI spokesman Paul Bresson would not comment, stating: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process." Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Implementing Magic Lantern does not require physical access to a suspect's computer, unlike Carnivore, a predecessor to Magic Lantern, since physical access to a computer would require a court order.
Following the media coverage of Magic Lantern, F-Secure
F-Secure
F-Secure Corporation is an anti-virus and computer security software company based in Helsinki, Finland. The company has 18 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia...
(a Finnish anti-virus company), announced their policy on detecting government spying programs: "F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
See also
- Carnivore (software)
- Backdoor (computing)
- Policeware
- ECHELONECHELONECHELON is a name used in global media and in popular culture to describe a signals intelligence collection and analysis network operated on behalf of the five signatory states to the UK–USA Security Agreement...
- Computer and Internet Protocol Address VerifierComputer and Internet Protocol Address VerifierThe Computer and Internet Protocol Address Verifier is a data gathering tool that the Federal Bureau of Investigation uses to track and gather location data on suspects under electronic surveillance...
Further reading
- Amanda So and Christopher Woo. "The Case for Magic Lantern: September 11 Highlights the Need for Increased surveillance," Harvard Journal of Law and Technology. v15, p521. (discusses the legal framework surrounding the use of keystroke loggers in law enforcement)
External links
- EPIC site
- Carnivore questions
- CNBC - first press story about Magic Lantern
- Early wire report (AP) on USA TodayUSA TodayUSA Today is a national American daily newspaper published by the Gannett Company. It was founded by Al Neuharth. The newspaper vies with The Wall Street Journal for the position of having the widest circulation of any newspaper in the United States, something it previously held since 2003...
, 21 November 2001 - Article from San Francisco ChronicleSan Francisco Chroniclethumb|right|upright|The Chronicle Building following the [[1906 San Francisco earthquake|1906 earthquake]] and fireThe San Francisco Chronicle is a newspaper serving primarily the San Francisco Bay Area of the U.S. state of California, but distributed throughout Northern and Central California,...
, 28 November 2001 - CNET News - Feds use key logger to thwart PGP, Hushmail