Magic Lantern is
keystroke logging
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
software
Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work.
At the lowest programming level, executable code consists ...
created by the United States'
Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
(FBI). Magic Lantern was first reported in a column by
Bob Sullivan of
MSNBC
MSNBC (originally the Microsoft National Broadcasting Company) is an American news-based pay television cable channel. It is owned by NBCUniversala subsidiary of Comcast. Headquartered in New York City, it provides news coverage and political ...
on November 20, 2001
and by Ted Bridis of the
Associated Press
The Associated Press (AP) is an American non-profit news agency headquartered in New York City. Founded in 1846, it operates as a cooperative, unincorporated association. It produces news reports that are distributed to its members, U.S. newspa ...
.
Methodology
Magic Lantern can reportedly be installed remotely, via an
e-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images.
...
or by exploiting common
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
vulnerabilities
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
, unlike previous
keystroke
In programming and software design, an event is an action or occurrence recognized by software, often originating asynchronously from the external environment, that may be handled by the software. Computer events can be generated or triggere ...
logger programs used by the
FBI
The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
. It has been described as a
virus
A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea.
Since Dmitri Ivanovsky's 1 ...
and a
Trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
. It is not known how the program might store or communicate the recorded keystrokes.
Purpose
In response to a
Freedom of Information Act Freedom of Information Act may refer to the following legislations in different jurisdictions which mandate the national government to disclose certain data to the general public upon request:
* Freedom of Information Act 1982, the Australian act
* ...
request filed in 2000 by the
Electronic Privacy Information Center
Electronic Privacy Information Center (EPIC) is an independent nonprofit research center in Washington, D.C. EPIC's mission is to focus public attention on emerging privacy and related human rights issues. EPIC works to protect privacy, freedom o ...
, the FBI released a series of
unclassified
Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...
documents relating to
Carnivore
A carnivore , or meat-eater (Latin, ''caro'', genitive ''carnis'', meaning meat or "flesh" and ''vorare'' meaning "to devour"), is an animal or plant whose food and energy requirements derive from animal tissues (mainly muscle, fat and other sof ...
, which included the "Enhanced Carnivore Project Plan". Sullivan's confidential source said that redacted portions of that document mention "Cyber Knight",
Example deployment method
The FBI intends to deploy Magic Lantern in the form of an
e-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images.
...
. When the attachment is opened, it installs a
trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
on the suspect's computer. The trojan horse is activated when the suspect uses
PGP
PGP or Pgp may refer to:
Science and technology
* P-glycoprotein, a type of protein
* Pelvic girdle pain, a pregnancy discomfort
* Personal Genome Project, to sequence genomes and medical records
* Pretty Good Privacy, a computer program for the ...
encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.
Spokesmen for the FBI soon confirmed the existence of a program called Magic Lantern. They denied that it had been deployed, and they declined to comment further.
Antivirus vendor cooperation
The disclosure of the existence of Magic Lantern sparked a debate as to whether anti-virus companies could or should detect the FBI's keystroke logger.
Concerns include uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the jurisdiction of the law.
Bridis reported that
Network Associates
McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...
(maker of
McAfee
McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...
anti-virus products), had contacted the FBI following the press reports about Magic Lantern to ensure their anti-virus software would not detect the program. Network Associates issued a denial, fueling speculation as to which anti-virus products might or might not detect government trojans.
CNET News has surveyed 13 security companies about their contacts with and level of cooperation with law enforcement authorities. None of them confirmed that their products cover up malware installed by the government.
Graham Cluley, a technology consultant from
Sophos
Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily ...
, said "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn't know whether it was being used by the FBI or if it had been commandeered by a third party". Another reaction from this came from Marc Maiffret, chief technology officer and cofounder of eEye Digital Security who states: "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools."
When asked if Magic Lantern would need a court order to deploy, FBI spokesman Paul Bresson would not comment, stating: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process." Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Implementing Magic Lantern does not require physical access to a suspect's computer, unlike
Carnivore
A carnivore , or meat-eater (Latin, ''caro'', genitive ''carnis'', meaning meat or "flesh" and ''vorare'' meaning "to devour"), is an animal or plant whose food and energy requirements derive from animal tissues (mainly muscle, fat and other sof ...
, a predecessor to Magic Lantern, since physical access to a computer would require a court order.
Following the media coverage of Magic Lantern,
F-Secure
F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland.
The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Sweden, ...
(a Finnish anti-virus company), announced their policy on detecting government spying programs: "F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws. We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
See also
*
Backdoor (computing)
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus compu ...
*
Carnivore (software)
Carnivore, later renamed DCS1000, was a system implemented by the Federal Bureau of Investigation (FBI) that was designed to monitor email and electronic communications. It used a customizable packet sniffer that could monitor all of a target user ...
*
Computer and Internet Protocol Address Verifier, a more recent FBI tool
*
ECHELON
ECHELON, originally a secret government code name, is a surveillance program (signals intelligence/SIGINT collection and analysis network) operated by the five signatory states to the UKUSA Security Agreement:Given the 5 dialects that use ...
*
FOXACID
*
Main Core
Main Core is an alleged American government database containing information on those believed to be threats to national security.
History
The existence of the database was first asserted in May 2008 by Christopher Ketcham and again in July 200 ...
*
MiniPanzer and MegaPanzer
MiniPanzer and MegaPanzer are two variants of ''Bundestrojaner'' (German for federal Trojan horse) written for ERA IT Solutions (a Swiss federal government contractor) by software engineer Ruben Unteregger, and later used by Switzerland's Feder ...
*
Policeware
Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be comple ...
*
PRISM (surveillance program)
Prism usually refers to:
* Prism (optics), a transparent optical component with flat surfaces that refract light
* Prism (geometry), a kind of polyhedron
Prism may also refer to:
Science and mathematics
* Prism (geology), a type of sedimentary ...
*
R2D2 (trojan)
The Chaos Computer Club (CCC) is Europe's largest association of hackers with 7,700 registered members. Founded in 1981, the association is incorporated as an ''eingetragener Verein'' in Germany, with local chapters (called ''Erfa-Kreise'') in ...
References
{{reflist, 30em
Further reading
*Amanda So and Christopher Woo. "The Case for Magic Lantern: September 11 Highlights the Need for Increased surveillance," ''Harvard Journal of Law and Technology''. v15, p521. (discusses the legal framework surrounding the use of keystroke loggers in law enforcement)
FBI sought approval to use spyware against terror suspects. Magic Lantern reloaded
External links
CNBC- first press story about Magic Lantern
on ''
USA Today
''USA Today'' (stylized in all uppercase) is an American daily middle-market newspaper and news broadcasting company. Founded by Al Neuharth on September 15, 1982, the newspaper operates from Gannett's corporate headquarters in Tysons, Virgini ...
'', 21 November 2001
Article from''
San Francisco Chronicle
The ''San Francisco Chronicle'' is a newspaper serving primarily the San Francisco Bay Area of Northern California. It was founded in 1865 as ''The Daily Dramatic Chronicle'' by teenage brothers Charles de Young and M. H. de Young, Michael H. de ...
'', 28 November 2001
CNET News - Feds use key logger to thwart PGP, Hushmail
Federal Bureau of Investigation
Computer law
Surveillance
Spyware
Spyware used by governments