FBI runs Trojan horse

The FBI may be in possession of software capable of remotely compromising a suspect's computer and installing a keylogger to harvest encryption key passwords.

The discovery comes only weeks after the Bureau made a motion to suppress evidence about the use of similar technology in the recent US versus Nicodemo Scarfo case. The FBI claimed that releasing information about the technology would jeopardise current as well as future investigations.

A report on the so-called 'Magic Lantern' software by MSNBC reveals that the tool operates much like a Trojan horse. It arrives in an email and then installs itself invisibly and sets up a keylogger which presumably captures such data as the pass code for an encryption program such as PGP and forwards it to the FBI.

The tool has a lot in common with Dirt, the phantom program developed by Codex Data Systems, which claims to fit remote monitoring capabilities in a 20Kb package and place a Trojan in any other type of file.

It is thought that authorities are turning to such drastic measures because criminals using encryption systems always seem to have the upper hand as in the Scarfo case.

Only last month the FBI's Carnivore project won a major victory with the passing of the USA Patriot Act, which means that agents only need to obtain permission from a state attorney general to use spy tapping techniques. Previously they would require an order from a judge.

However, the tech community has met the news with as much derision as it did Dirt, and it has struck a nerve on the Slashdot forum.

"Does this mean it will now be illegal to use a secure system? Having any type of security/virus protection will be a circumvention of law-enforcing software," said one user.

Others slammed the software on its scant technical detail, claiming that Linux users would be immune because of the different nature in which *nix email clients work.

"This only works if: a) The FBI kicks in your door and installs Outlook; b) You always open email with the subject 'Snow White and the 7 FBI Agents'; c) You run the attachment called 'FBILOVESYOU.VBS'," came one humorous retort.

Another issue is the fact that antivirus software would technically prevent Magic Lantern from being executed. Similarly, the developers of Dirt admitted that the only reason antivirus software didn't detect their tool was because the antivirus companies had not got hold of a copy to develop a virus signature for it.

Magic Lantern is the latest in a series of tools being developed for the FBI's DragonWare suite which features Carnivore, Packeteer and Coolminer.

Magic Lantern and its sibling tools, whatever they are, go under the project name 'Cyber Knight' which is designed to match captured data with relevant encryption keys and thus speed up the investigation process.