FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- Date sent: Mon, 17 Dec 2001 15:20:51 -0500 To: Digital Bearer Settlement List <dbs@philodox.com>, dcsb@ai.mit.edu, cryptography@wasabisystems.com From: "R. A. Hettinga" <rah@shipwright.com> Subject: [DailyRotten] FBI requests worm-built password log
--- begin forwarded text
Status: U From: "Gordon Mohr" <gojomo@usa.net> To: <fork@xent.com> Subject: [DailyRotten] FBI requests worm-built password log Date: Mon, 17 Dec 2001 12:06:29 -0800 Sender: fork-admin@xent.com List-Id: Friends of Rohit Khare <fork.xent.com>
http://www.dailyrotten.com/articles/archive/189387.html
I can see legitimate reasons for wanting the log: tracing the progression/origin of the worm, or notifying the victims.
But the interplay with MagicLantern and PatriotAct issues is thought-provoking...
# December 17, 2001 # FBI wants access to worm's pilfered data # # A ROTTEN.COM EXCLUSIVE # The FBI is asking for access to a massive database that contains the # private communications and passwords of the victims of the Badtrans # Internet worm. Badtrans spreads through security flaws in Microsoft # mail software and transmits everything the victim types. Since # November 24, Badtrans has violated the privacy of millions of # Internet users, and now the FBI wants to take part in the spying. # # Victims of Badtrans are infected when they receive an email # containing the worm in an attachment and either run the program by # clicking on it, or use an email reader like Microsoft Outlook which # may automatically run it without user intervention. Once executed, # the worm replicates by sending copies of itself to all other email # addresses found on the host's machine, and installs a keystroke- # logger capable of stealing passwords including those used for # telnet, email, ftp, and the web. Also captured is anything else the # user may be typing, including personal documents or private emails. # # Coincidentally, just four days before the breakout of Badtrans it # was revealed that the FBI was developing their own keystroke-logging # virus, called Magic Lantern. Made to complement the Carnivore spy # system, Magic Lantern would allow them to obtain target's passwords # as they type them. This is a significant improvement over Carnivore, # which can only see data after it has been transmitted over the # Internet, at which point the passwords may have been encrypted. # # After Badtrans pilfers keystrokes the data is sent back to one of # twenty-two email addresses (this is according to the FBI-- leading # anti-virus vendors have only reported seventeen email addresses). # Among these are free email addresses at Excite, Yahoo, and # IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains, # a San Francisco based independent Internet Service Provider. # # In particular, suck_my_prick@ijustgotfired.com began receiving # emails at 3:23 PM on November 24. Triggering software automatically # disabled the account after it exceeded quotas, and began saving # messages as they arrived. The following day, MonkeyBrains' mail # server was sluggish. Upon examination of the mail server's logs, it # quickly became apparent that 100 emails per minute to the # "suck_my_prick" alias were the source of the problem. The mails # delivered the logged keystrokes from over 100,000 compromised # computers in the first day alone. # # Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker, # Jr., and requested a cloned copy of the password database and # keylogged data. The database includes only information stolen from # the victims of the virus, not information about the perpetrator. The # FBI wants indiscriminant access to the illegally extracted passwords # and keystrokes of over two million people without so much as a # warrant. Even with a warrant they would have to specify exactly what # information they are after, on whom, and what they expect to find. # Instead, they want it all and for no justifiable reason. # # One of the most basic tenets of an authoritarian state is one that # claims rights for itself that it denies its citizens. Surveillance # is perhaps one of the most glaring examples of this in our society. # Accordingly, rather than hand over the entire database to the FBI, # MonkeyBrains has decided to open the database to the public. Now # everyone (including the FBI) will be able query which accounts have # been compromised and search for their hostnames. Password and # keylogged data will not be made available, for obvious legal # reasons. # # The implications of complying with the FBI's request, absent any # legal authority, are staggering. This is information that no one, # not even the FBI, could legally gather themselves. The fact that # they seek to take advantage of this worm and benefit from its # illicit spoils, demonstrates the FBI's complete and utter contempt # for constitutionally mandated due process and protection from # unreasonable search and seizure. It defies reason that the FBI # expects the American people to trust them to only look at certain # permissible nuggets of data and ignore the rest of what they # collect. One need only imagine what J. Edgar Hoover would do with # today's expansive surveillance system, coupled with the new powers # granted by the Patriot Act, to appreciate the Orwellian nightmare # that the United States is becoming. The last thing the FBI should # have is a spying Internet worm, and it looks like they've found one. # Welcome to the Magic Lantern. # # # # -------------------------------------------------------------------- # ------------ # # The database is available at http://badtrans.monkeybrains.net # # [Editor's note: Rudy Rucker, Jr. contributed to this story, he was # also visited by the Secret Service last summer regarding his fan # site of President Bush's daughters at TheFirstTwins.com.] # # #
http://xent.com/mailman/listinfo/fork
--- end forwarded text