Will security firms detect police spyware?

(continued from previous page)

Even if the FBI, the Drug Enforcement Administration or other federal police haven't tried to compel security companies to whitelist fedware, security experts predict that such a court order is just a matter of time.

What remains unclear, however, is whether police have the legal authority to do so under current law. "The government would be pushing the boundaries of the law if it attempted to obtain such an order," said Kevin Bankston, an attorney with the Electronic Frontier Foundation who has litigated wiretapping cases. "There's simply no precedent for this sort of thing."

One possibility is a section of the Wiretap Act that says courts can "direct that a provider of wire or electronic communication service, landlord, custodian or other person" to help with electronic surveillance.

"There is some breadth in that language that is of concern and that the Justice Department may attempt to exploit," Bankston said.

In theory, government agencies could even seek a court order requiring security companies to deliver spyware to their customers as part of an auto-update feature. Most modern security companies, including operating system makers such as Microsoft and Apple, offer regular patches and bug fixes. Although it would be technically tricky, it would be possible to send an infected update to a customer if the vendor were ordered to do so.

When asked if it had ever received such a court order, Microsoft demurred. "Microsoft frequently has confidential conversations with both customers and government agencies and does not comment on those conversations," a company representative said. Of the 13 companies surveyed, McAfee was the other company that declined to answer. (Two others could not be reached as of Tuesday morning.)

Some security companies refused to reply to the initial version of our survey, which broadly asked about fedware whitelisting. In response, we revised the question to ask if they would alert a customer to the presence of keystroke loggers installed by a police or intelligence agency "in the absence of a lawful court order signed by a judge."

Cris Paden, Symantec's manger of corporate public relations, initially declined to reply. "There are legitimate reasons for not giving blanket guarantees--one of those is a court order," he said at first. "There are extenuating circumstances and gray issues."

But after we altered the question, Paden replied: "Barring a court order to cooperate with law enforcement authorities, Symantec would definitely alert our customers to the presence of any malicious code or programs that we detect on their systems." He added that Symantec had "absolutely not" received any such a court order.

One danger with whitelisting fedware is that it creates a potentially serious vulnerability in security software. If a malicious vendor of spyware were clever enough to mimic the whitelisted government spyware, it would also go undetected.

But if fedware becomes more common, savvy criminals could simply turn to open-source software that's less likely to have backdoors for police. ClamAV and OpenAntiVirus.org both offer open-source security software, and it's also possible to boot off of a CD-ROM and inspect the hard drive for malicious tampering.

At the moment, at least, there aren't any industry standards about detecting fedware. "CSIA does not currently have a position on this issue nor has the issue ever been addressed by its board of directors," said Tim Bennett, president of the Cyber Security Industry Alliance.

[inachu]

keyloggers and such.

My OS is or when it is running in peak form I can telll in easy tell tale fashion when something is not right when something was running or some hidden install. When a keylogger gets installed even when it is only 20k in size change the personality of my OS and when it does change I just reimage the whole thing and start over with FDSIK and fresh clean copy of XP. Be it fedware or spyware or trojans I know when my system has been compromised.

[gggg sssss]

fdisk had not been around since windows 95

, so stop the BS

[OneWithTech]

How about going with the company...

..that has the most honesty in this whole gig, eEye' Blink
Personal for $25 is now the guaranteed choice for me and my
clients.

There's nothing like a security company that blatantly risks the
security of it's clients to allow policing of a system that has NO
boundaries' in tact.

Justin
Tech01.net

[wildchild_plasma_gyro]

who regulates the regulator

Ok the recent spouts of cases against wiretapping and spying activity in the name of security and wellbeing show that there is a lot of trust ground and development still needed to be made in the policing circles before people and companies alike are going to be satisfied that any work done in the name of protection is done with respect to the peoples interests and values.
However the internet/computing world is only really just entering toddlership and it's up to all of you to make sure the balance within is the right one for you to trully move forward with the most confidence.

[dondarko]

regulates the regulators

it's God, he's supervising the supervisors, so don't worry, as would the current administration say.

[Macsaresafer]

All spyware requires a weak OS.

If you aren't running Windows, you have very little to worry about
from any hacker, police or not. If you are running Windows, you're
asking for trouble.

[Phillep_H]

Weak security

Did you notice the black bag jobs mentioned? If they can gain physical access to your computer, you have no protection from a key logger. They can stick a hardware key logger inside your key board or inline with your keyboard cable, if nothing else.

[LuvThatCO2]

Um, no

You can stick such software on an *nix OS as well, as long as you have root access - or possibly just the user's account. One might argue it'd be harder to detect under a non-windows platform since there's far fewer apps to detect spyware on those platforms.

Of course, you can also just stick a little device between the keyboard cable and the USB port to capture all the keystrokes, too. That'll work regardless of OS. So will a pinhole camera in the ceiling.

[Dr_Zinj]

Anti-Spyware SHOULD detect police spyware

1. You NEVER know for sure if it's really the police using the spyware..

2. Even if it is a policing agency (local cops, State, Feds, FBI, CIA, etc), there is nothing saying that they are engaged in authorized spying on your system. Matter of fact, they ALL have a very bad record of spying without authorization.

3. "You have the right to remain silent, anything you say can and will be used against you in a court of law." Spyware constitutes the de facto presence of the police in an interrogation setting without having first read you your Miranda Rights. You want to give up your rights?

4. Federal agencies have a bad track record of seizing and incarcerating people without due process of law. (post 9/11 and the Madrid Train Bombing come immediately to mind.) Wouldn't you at least like to have a bit of a warning that they were about to swoop down on you so you could at least tell your family or the news agencies that you were going to disappear into their hands?

[dondarko]

we gave up our rights in 2000

to put it simply.

[whmurray]

"Unreasonable Search and Siezure...."

....is, unfortunately, what a court says it is. History suggests that the FBI will assume that a new search technique is reasonable and work mightily to ensure that a court never gets to rule on it. This is the opposite of what one might hope.

One might have no problem with investigators installing spyware, and with anti-spyware vendors cooperating with them, if a court were issuing warrants on a case by case basis. I am confident that once the first case gets before a court, the courts will rule that such warrants are required. I am less hopeful that the courts will get an opportunity to rule.

[Phillep_H]

Update on links

Clam is for an email server and Openantivirus has not updated the sig file since May 2004.

[steelcitybred]

Big Brother: Just 1 More Step To The Ultimate Goal

Call me a conspiracy theorist, but this is just one more step
towards a one world government and the global watchdog. Just
like the "War on Terror", they(the powers that be) begin their new
projects by saying that it's aimed at the bad guys. Eventually, the
Feds will be able to spy on anyone's computer--suspected criminal
or not.

[Too Old For IT]

1984 is here already

George Orwell was just a few years off ...

[novelator]

Another issue we should be able to vote on as a nation

Yes, it's 1984, and why has no one in Congress addressed the issue?

This is just another big reason why we the People should be allowed to vote once a year in a BINDING national referendum and decide for ourselves, over and above any court, even the Supreme Court, whether we want our privacy invaded willy-nilly under any "well-meaning" pretense or not.

Funny this comes to light now. After reading the article, I immediately removed Window's messenger from my machine as it's been acting funny for the last two weeks, saying I've logged into another computer and must sign in again. Coupled with this Microsoft's refusal to answer the question as referenced in the article, I don't think I'll be chatting on the service any longer, nor using IE explorer at all.

Does anyone know what AVG's stand on this issue is yet?

M.L. Bushman

[declan00]

AVG

We included them in our survey. You did RTFA and see that we mentioned them in the body of the story and the chart, right? :)

Click on the link in the main article to the verbatim responses to see what they said.

[Phillep_H]

We do have a vote

Three people can lie to the jury in a courtroom. The two lawyers and the judge. The judge /lies/ when he says we cannot take into consideration whether or not the law is something we want enforced. That is the main reason for a jury, to try the law. Look up Jury Nullification.

[mattumanu]

This coming from a government that...

Wont do anything about spam, hasn't done anything about spyware to make it illegal, and wants to tax email.

It wouldn't take much for a hacker to find policeware, exploit it, and render millions of computers vunerable to attack. And what's to stop a bad cop from using the "whitelisted" policeware to either 1) blackmail an individual, 2) use the fedware key logger to steal personal information?

It wasn't all that long ago a police officer was caught going into an establishment that sells alcohol after hours, and while off duty, begged the people working there to sell him aloholic beverages. There's bad cops everywhere.

[missingamerica]

A glaring and troubling problem is detectable

"Later that year, the FBI confirmed that it was creating spy software called "Magic Lantern" that would allow agents to inject keystroke loggers remotely through a virus without having physical access to the computer."

From the other angle: "that would allow agents to inject keystrokes remotely through a virus without having physical access to a computer."

Viola. Incriminating evidence secretly injected and collected in one tidy package. Now that would solve a lot of pesky political problems, wouldn't it?

And now tell me that you can rule out that possibility with Bush, Cheney, and Gonzo running "Justice".

[Phillep_H]

And again

No party has a monopoly on that sort of thing, and the BATF/ATF/ATFE/(whatever they are called these days) have been out of control under all jurisdictions. So was the FBI under Hoover.

Take a look at Hillary Clinton's Master's Thesis, it's on Saul Alinsky's Delphi Method, a "big con" method of tricking the individuals in a crowd into thinking they are the only ones who did not agree to what the manipulators want to put over.

Are you going to try to claim that all those FBI records the Clintons had were not being used for the same sort of crooked trick you are accusing Bush and company of?

Do you really need me to go on? Clinton should have not only been impeached, he and Hillary should have been lynched. The news media was on their side and gave them a free pass instead of the Nixon treatment they so richly deserved.

[Impreza WRX]

You know...

I can see one of the bad guys getting a hold of "Magic Lantern", disassembling it and turning it into a real virus.

When you play with fire...

[dondarko]

and again...

with the Bush administration.

- WMDs that don't exist (all for going into Afghanistan, they asked for it)
-they didn't know that there are differences btwn Muslims
- NSA agent outted in the public (the law for that offence alone is death, b/c it is considered treason and it is, whoever leaked it)
- $1 trillion tax cut to the rich (I only got $250, woohoo)
- running private armies (security firms in Iraq and Afghanistan) who don't asnwer to anyone but money
- illegal wiretapping of citizen and residents without court order
- Jailing two border agents for shooting a Mexican drug dealer in the butt, no pardon for those two (and besides, when did it become a crime to defend your country against drug smuggler/killers/rappists
- Enron (remember Kay and Bush together, with Prez. hailing him and the company?), downt the tubes along with countless pensions and jobs.
- Rampant and careless outsourcing
- Secret energy talk meetings with Cheney and energy companies (and you wonder why you pay $3.99 per gallon?)
- Sending our GIs to combat without armor (first two years of humvees without adequate protection, even from small IEDs) should be considered treason.
= BIG ONE: ALLOWING, STILL (I DON'T CARE WHAT PARTY YOU ARE AND WHAT ARE YOUR ABORTION VIEWS) FOR SOCIAL SECURITY FUND TO BE USED AT WILL CONGRESS. THIS HAS BEEN THE FACT SINCE REAGAN WHEN THE LAW WAS CHANGED TO ALLOW DIPPING OFF FINGERS INTO SS FUND. BEFORE THAT IT WAS UNTOUCHABLE AS IT SHOULD BE, I DON'T WANT MY SS PAYING FOR A BRIDGE TO NOWHERE FOR 50 FOLKS AT HUNDREDS OF MILLIONS.
- Administration got the warning that 9/11 was going to happen but they were busy fishing and golfing.
- our car mileage hasn't improved since 70s (actually gone down for some studies) yet the administration insists on not imposing new standards. IT IS A FACT THAT U.S. CARS CANNOT BE SOLD ALMOST ANYWHERE IN THE DEVELOPED WORLD B/C OF OUR POOR MILEAGE/BIGGER POLLUTION. If you include Afghanistan and Iraq, then it would be two that allow our cars.
- Rushing back to DC to save Terri Schiavo, but we cannot get relief to Katrina victims for days and our lovery Condi was shopping for shoes while people were dying. AS A MATTER OF FACT WE CAN GET THE SUPPLIES AND DISASTER RELIEF HALF A WOLRD AWAY IN TWO DAYS (THINK OF THE TSUNAMI BACK IN THAT DECEMBER) BUT IT TOOK TWO WEEKS FOR KATRINA AREAS.


Wishy washy stuff:
- at first global warming is a myth and we pull out of Kyoto, now it's real and administration wants to lead. They lost their chance a long time ago.


and one more thing, "THE INTERNETS." They are using and making laws on techology stuff yet they have no idea about concepts (net neturality anyone?)

I could come up with a never ending list of crap but I simply don't have the time.

[mattumanu]

Good list...

Thanks, also, for making a list of real incidents rather than a list of made up ones. The only one I think could be fleshed out better is the WMDs... Essentially, WE gave them to them, but now no one knows where they are. :(

[c|net Reader]

Astounding

The bias and lies in your list are astounding. As this has strayed quite off topic from the article, I won't address your list in detail. I'm sure you'll attribute that to my inability to justify my position. While I can justify my position logically and factually, your writing suggests it would only be met with vitriol, so my effort would be wasted.

To everyone else, remember that repeating something doesn't make it true. The items in dondarko's list are nearly all wrong or severely biased. Most are simply a statement of left wing talking points. That doesn't implicitly make them wrong, but it makes them highly suspect at the least.

[dondarko]

we gave up our rights in 2000

to simply put it

[My-Self]

It's illegal for them to answer anything else ...

It's illegal for them to answer anything else ... McAfee and Microsoft who both refused to answer some questions are closer to the truth than those who gave false assurance.

They all lied because the Patriot Act prohibits them from telling anyone about those activities. The law says there should be 'delayed notification', without defining the delay. So, maybe one day, they'll be allowed to say the truth, or not.

http://www.cdt.org/security/011019sneakandpeek.shtml

[ralfthedog]

My understanding.

My understanding has always been that you can not tell someone that they are being monitored, however, If someone is not being monitored, you can tell them that.

[declan00]

not quite right

There are a few issues here:

* You are correct that the Patriot Act authorized the dubious practice of secret searches.

* But that section does not deal with prohibiting the recipients of a spyware court order from disclosing it, which is what we're talking about here, after all. So your invocation of the Patriot Act is irrelevant. (If you wish to prove me wrong, give a cite to the exact paragraph.)

* It is possible you're thinking of NSLs, but first, the FBI does not seem able to use NSLs to force keylogger non-detection under existing law, and second, there is a First Amendment issue (that we've covered before) when an NSL recipient is gagged.

* There is no law that I'm aware of requiring the recipient of a gag order to lie. If asked, the recipient would have to decline to answer.

Thinking through these things more deeply can be useful.

[ralfthedog]

Easy protection.

Get a small junk computer, Put Linux, or some form of open source Unix on it (Do not use windows).

Get any one of a number of packet sniffers that run in promiscuous mode.

Turn on your main computer, type a bunch of stuff, look at where your computer is sending packets.

[ethana2]

Absolutely.

If you don't have the source code, there's no saying what's behind the scenes. Naturally, there are plenty reasons beyond security to switch to GNU/Linux. In fact, hey- if anyone here wants more information on that, or any help switching or finding oss alternatives to anything- ethana2@gmail.com whatever I can do to help.

[eni9ma]

eEye terrorist

There?s something about the good old boys at eEye security that always keeps us on the Grey Hat security scene on our toes laughing at the poor idiotic souls who purchase eEye products. For those who aren?t familiar with eEye, we implore you to take a look at their ?Chief Hacking Officer? otherwise known as Marc Maiffret. They may want to look into his ties to Khalid Ibrahim of the Harkat-Ul-Ansar terrorist group.

Most are wondering who, or who cares, but for American companies who have employees responsible for purchasing eEye products who are reading this, Harkat-Ul-Ansar is a known terrorist group according to the United States government. Ibrahim, is connected to the original World Trade Center bombings and is said to have cooperated with the FBI in ratting on other terrorists no-gooders. So what was Marc Maiffret then known as Chameleon (previously known as sn1per) of the moronic hacking group Masters of Downloading (not to be confused with Mark Abene?s MOD) doing taking money from a terrorist? According to Marc, he was ?at the wrong place at the wrong time?.

Now common sense and logic shows the argument of ?wrong place wrong time? but how could one have been at the wrong place, accepting money from the wrong people at the wrong time? I mean Marc, you were cashing a check. It didn?t slip into your pocket, it didn?t magically appear in your pocket. Now one could allude to this notion of Marc being innocent by saying something like; ?Maiffret was caught up in a sweep of an area? That might have worked but he was trying to cash a check from a known terrorist who was trying to buy satellite images.

Carrying on, everyone who took computer security seriously at the time began distancing themselves from Marc, he was kicked out of the security group rhino9 and it is likely he became an informant along with the guys at Attrition.org (we will elaborate on this in another posting.) For a little bit of ?true? underground hacking history, the kind of stuff you won?t see anywhere out of fear of federal intervention on behalf of ?cooperating witnesses/snitches?, let?s give a brief explanation of what had been happening in the late 90?s through early 2000 when Janet Reno was in office. The government was closing in on idiots (hackers), and turning them into snitches, nothing more and nothing less. One could have beautified this comment, but that is the bottom line clean cut truth of the matter.

Now let?s take a simple step back for a moment to ask oneself, has there ever been a time when someone?s house or business was raided by the Federal Bureau of Investigation and the person left untouched without being arrested? Do the simple mathematics here. Supposing two federal agents visited you, they would need a court order, they would need gas to get to your home, they would need substantial information, etc.. How much do you think it would cost? Let?s factor the salaries only. For whom shall we start with? The judge who gave permission to whom ever issued the warrant, the agents? supervisor? There is a lengthy process the federal agents had to go through, or at least there was at that time, when an agent had to go through to knock on someone?s door. In any case, if they were there, they were there to arrest you period. So why wasn?t he charged Sherlock? Why should he be charged with anything, it was a simple mistake the feds made right? Wait, they just came under suspicion and let them go because they had nothing! If you believe this, I have a Bridge for sale.

So the remaining question is; Does Marc and company have a backdoor in its products for the federal government? Is eEye Security nothing more than a method for the government to track which hackers have downloaded and are using eEye products and where they are coming from? Enquiring minds want to know. There was a little known fact about the late 90?s and early 2000?s and this part becomes foggy and hearsay. Rumormill at the time was the feds were building a ?hacker? database along with other now defamed idiot John Vranesevich.

The government?s notion then, was, when the federal government needed funding for another cybercrime center, they would pull a random name out of its database, and being they had evidence of hacks via way of attrition, they would either make an arrest a month, or convert the arrested hackers into snitches. Pretty interesting method of bringing up statistics in hopes of building a budget wouldn?t you say. So now that the cat comes out of the bag a decade later, many security professionals who were then ?on the scene? will begin to know the truth and nothing but the truth.

Mention of attrition? The definition of it was its intent, but moving on to Jericho since you asked for it, is he a government snitch. He too was raided by the feds. One can either take the same stance of it was a mistake, or do the math as well. Martin is a character in his own mind, so he will likely retort with a craftily written retort but before he does, perhaps he should take into account the power of an FOIA request. Jericho before you shoot off your mouth, ask yourself do you REALLY want the public to see who you really are? Should was also bring out good old Pete Shipley? Those on the scene with a clue already know you are a perverse idiot capable of bedding a cat if it stood still, would you care to have your information disclosed the FOIA way? We may or may not get to you guys in another post but for now, back to eEye and their secret backdoors.

This new information about the hacking days of the mid to late nineties and early millenium may overwhelm many in the security industry who may have thought these were good guys, friends. ?Hackers with a cause?. For those wondering if this is hyperbole, I implore you to Google information on Marc. While you?re at it, for those in the academic industrie, feel free to find someone in the United States government who can ask any federal agent the following questions: ?Has there ever been a time they?ve raided someone?s house without probably cause.?, ?How difficult would it be to obtain a warrant to raid someone?s home with guns drawn, and walk away without arresting the suspect they raided for, after solely speaking with him?.

You see Jericho (Brian Martin) and his cohorts at the website Attrition were at the time mining hacker information. They will swear they won?t do so but we know better. So how does Jericho tie into eEye? Simple, via way of Dale Coddington aka Punkis who works at eEye. Snitches of a feather flock together. See it worked like this, once upon a time there was #dc-stuff, no wait, some may not be ready for that. krystlia, malvu, Brian Martin along with Peter Shipley hacking the NYTimes as HFG. (don?t worry Martin, I believe the US has a statute of limitations). There shall be more to come in upcoming weeks. Until then, be careful of those so called old school hackers you look up to. Chances are they are nothing more than government rats.

http://marc.info/?l=bugtraq&m=90221103125889&w=2
http://en.wikipedia.org/wiki/Harkat-ul-Ansar

[snharden]

eni9ma couldn't you write your own post?

Wow this guy posted this like it was info exclusive to him only. His post is this story here http://www.networkworld.com/community/node/17623 all the paranoid conspiracies are just that, Paranoid conspiracies.
Marc has never hid any of this info from anyone.
You can go back and hide under your rock now before all the hackers take you down....ROTFLMAO...

[Troll Hard]

They never detected Magic Lantern

and they won't detect Fedware either.

Magic Lantern was the virus that Clinton's administration invented. It is a key logger, monitors email and web usage, and all malware and security companies have to ignore it or face federal charges.

[intexx]

Gave up our rights? Not possible.

They're not ours to give away. We may use them, to be sure, but we can't give them up.

They were granted to us for our use, not by government, but by our creator. America is the first society in the history of mankind--and simultaneously the last--whose national charter officially recognizes this.

We then created government to protect our rights.

Here lately the problem is that the servant has taken over the house. We've got to get our once-legitimate government back.

[Phillep_H]

Almost

We have rights, no matter what, but we have to protect them.

The Second Amendment was intended to protect the rest from encroachment. Bush II is weak on the 2nd, Clinton was anti, and Bush I was anti.

I regard Thompson as a snake and Ron Paul as a kook, and those are the best two in the running.

I'm ready for a drink.

[TennMom1]

Our rights were taken, not given away

I agree. Under the guise of "homeland security", our rights have been usurped. When the president and congress gave the "green light" for unwarranted internet and telephone searches, they made it possible for government agencies to eavesdrop on everyone, and took away any reasonable expectation of privacy. If anyone believes it is only suspected terrorists who are being monitored, they must be living in under a rock. The fact that police agencies have taken advantage of unwarranted searches to take down drug dealers and pedophiles should be of no comfort to anyone. There is no doubt that the Internet can be a valuable crime fighting tool but, there should be warrants signed by judges before information is accessed, just as there must be if law enforcement wants to search a home or business. That protection is a constitutionally guaranteed right and should not be precluded in the name of national security.

[Impreza WRX]

Build a better mousetrap...

...and they will build a better mouse.

To circumvent the whole silent keylogger thing all you need is a bootable Linux CD that you pop into the drive when you want to do that kind of stuff. This bypasses the main operating system and the spyware keylogger. Plus, by using a CD-R or DVD-R, you can not get your bootable Linux infected, someone would have to physically burn an infected copy and swap the real one for it.

Back to the drawing board!

[ralfthedog]

As long as they don't do something to your BIOS.

You still have to use heavy encryption. You also have to worry about them doing something to your computer after it boots.

They would have to reinfect your computer each time it booted, however booting from non writable media does not protect you from a worm sent by internet running from ram.

The fact that it is a Linux CD helps quite a bit. Run as few services as you can. The more stripped down your operating system is, the safer it is.