FBI wants worm's keycapture data
Khoder bin Hakkin
hakkin at sarin.com
Mon Dec 17 11:50:29 PST 2001
http://www.dailyrotten.com/articles/archive/189387.html
December 17, 2001
FBI wants access to worm's pilfered data
A ROTTEN.COM EXCLUSIVE
The FBI is asking for access to a massive database that contains
the private communications and passwords of the victims of the
Badtrans Internet worm. Badtrans spreads through security flaws
in Microsoft mail software and transmits everything the victim
types. Since November 24, Badtrans has violated the privacy of
millions of Internet users, and now the FBI wants to take part in
the spying.
Victims of Badtrans are infected when they
receive an email
containing the worm in an attachment and either
run the program
by clicking on it, or use an email reader like
Microsoft Outlook
which may automatically run it without user
intervention. Once
executed, the worm replicates by sending copies
of itself to all
other email addresses found on the host's
machine, and installs a
keystroke-logger capable of stealing passwords
including those
used for telnet, email, ftp, and the web. Also
captured is
anything else the user may be typing, including
personal
documents or private emails.
Coincidentally, just four days before the
breakout of Badtrans it
was revealed that the FBI was developing their
own
keystroke-logging virus, called Magic Lantern.
Made to
complement the Carnivore spy system, Magic
Lantern would
allow them to obtain target's passwords as they
type them. This
is a significant improvement over Carnivore,
which can only see
data after it has been transmitted over the
Internet, at which
point the passwords may have been encrypted.
After Badtrans pilfers keystrokes the data is
sent back to one of
twenty-two email addresses (this is according
to the FBI--
leading anti-virus vendors have only reported
seventeen email
addresses). Among these are free email
addresses at Excite,
Yahoo, and IJustGotFired.com. IJustGotFired is
a free service of
MonkeyBrains, a San Francisco based independent
Internet
Service Provider.
In particular, suck_my_prick at ijustgotfired.com
began receiving
emails at 3:23 PM on November 24. Triggering
software
automatically disabled the account after it
exceeded quotas, and
began saving messages as they arrived. The
following day,
MonkeyBrains' mail server was sluggish. Upon
examination of
the mail server's logs, it quickly became
apparent that 100 emails
per minute to the "suck_my_prick" alias were
the source of the
problem. The mails delivered the logged
keystrokes from over
100,000 compromised computers in the first day
alone.
Last week the FBI contacted the owner of
MonkeyBrains, Rudy
Rucker, Jr., and requested a cloned copy of the
password
database and keylogged data. The database
includes only
information stolen from the victims of the
virus, not information
about the perpetrator. The FBI wants
indiscriminant access to
the illegally extracted passwords and
keystrokes of over two
million people without so much as a warrant.
Even with a
warrant they would have to specify exactly what
information
they are after, on whom, and what they expect
to find. Instead,
they want it all and for no justifiable reason.
One of the most basic tenets of an
authoritarian state is one that
claims rights for itself that it denies its
citizens. Surveillance is
perhaps one of the most glaring examples of
this in our society.
Accordingly, rather than hand over the entire
database to the
FBI, MonkeyBrains has decided to open the
database to the
public. Now everyone (including the FBI) will
be able query
which accounts have been compromised and search
for their
hostnames. Password and keylogged data will not
be made
available, for obvious legal reasons.
The implications of complying with the FBI's
request, absent any
legal authority, are staggering. This is
information that no one,
not even the FBI, could legally gather
themselves. The fact that
they seek to take advantage of this worm and
benefit from its
illicit spoils, demonstrates the FBI's complete
and utter contempt
for constitutionally mandated due process and
protection from
unreasonable search and seizure. It defies
reason that the FBI
expects the American people to trust them to
only look at certain
permissible nuggets of data and ignore the rest
of what they
collect. One need only imagine what J. Edgar
Hoover would do
with today's expansive surveillance system,
coupled with the
new powers granted by the Patriot Act, to
appreciate the
Orwellian nightmare that the United States is
becoming. The last
thing the FBI should have is a spying Internet
worm, and it looks
like they've found one. Welcome to the Magic
Lantern.
More information about the Testlist
mailing list