http://www.dailyrotten.com/articles/archive/189387.html December 17, 2001 FBI wants access to worm's pilfered data A ROTTEN.COM EXCLUSIVE The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. Since November 24, Badtrans has violated the privacy of millions of Internet users, and now the FBI wants to take part in the spying. Victims of Badtrans are infected when they receive an email containing the worm in an attachment and either run the program by clicking on it, or use an email reader like Microsoft Outlook which may automatically run it without user intervention. Once executed, the worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords including those used for telnet, email, ftp, and the web. Also captured is anything else the user may be typing, including personal documents or private emails. Coincidentally, just four days before the breakout of Badtrans it was revealed that the FBI was developing their own keystroke-logging virus, called Magic Lantern. Made to complement the Carnivore spy system, Magic Lantern would allow them to obtain target's passwords as they type them. This is a significant improvement over Carnivore, which can only see data after it has been transmitted over the Internet, at which point the passwords may have been encrypted. After Badtrans pilfers keystrokes the data is sent back to one of twenty-two email addresses (this is according to the FBI-- leading anti-virus vendors have only reported seventeen email addresses). Among these are free email addresses at Excite, Yahoo, and IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains, a San Francisco based independent Internet Service Provider. In particular, suck_my_prick@ijustgotfired.com began receiving emails at 3:23 PM on November 24. Triggering software automatically disabled the account after it exceeded quotas, and began saving messages as they arrived. The following day, MonkeyBrains' mail server was sluggish. Upon examination of the mail server's logs, it quickly became apparent that 100 emails per minute to the "suck_my_prick" alias were the source of the problem. The mails delivered the logged keystrokes from over 100,000 compromised computers in the first day alone. Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker, Jr., and requested a cloned copy of the password database and keylogged data. The database includes only information stolen from the victims of the virus, not information about the perpetrator. The FBI wants indiscriminant access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant. Even with a warrant they would have to specify exactly what information they are after, on whom, and what they expect to find. Instead, they want it all and for no justifiable reason. One of the most basic tenets of an authoritarian state is one that claims rights for itself that it denies its citizens. Surveillance is perhaps one of the most glaring examples of this in our society. Accordingly, rather than hand over the entire database to the FBI, MonkeyBrains has decided to open the database to the public. Now everyone (including the FBI) will be able query which accounts have been compromised and search for their hostnames. Password and keylogged data will not be made available, for obvious legal reasons. The implications of complying with the FBI's request, absent any legal authority, are staggering. This is information that no one, not even the FBI, could legally gather themselves. The fact that they seek to take advantage of this worm and benefit from its illicit spoils, demonstrates the FBI's complete and utter contempt for constitutionally mandated due process and protection from unreasonable search and seizure. It defies reason that the FBI expects the American people to trust them to only look at certain permissible nuggets of data and ignore the rest of what they collect. One need only imagine what J. Edgar Hoover would do with today's expansive surveillance system, coupled with the new powers granted by the Patriot Act, to appreciate the Orwellian nightmare that the United States is becoming. The last thing the FBI should have is a spying Internet worm, and it looks like they've found one. Welcome to the Magic Lantern.
Khoder bin Hakkin wrote:
http://www.dailyrotten.com/articles/archive/189387.html
December 17, 2001 FBI wants access to worm's pilfered data
Have to reply to this - the outcome of this is great...
Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker, Jr.,
[I *assume* son of, uh, Rudy Rucker, mathemtician and author. I thoroughly recommend "White Light".]
Accordingly, rather than hand over the entire database to the FBI, MonkeyBrains has decided to open the database to the public. Now everyone (including the FBI) will be able query which accounts have been compromised and search for their hostnames. Password and keylogged data will not be made available, for obvious legal reasons.
[commentary snipped] Flantastic! What possible reason could the FBI have come up with (and I would love to see a copy of the request for MonkeyBrain's database) for obtaining such confidential data, even if/especially when illegally obtained in the first place... The only disheartening side of this is that 99% of the people who *should* be querying that list won't ever hear of it... Ah yes, the media loves to report the gory stuff, yet seems all too ready to ignore the /useful/ bits... Of course, if report mails form the virus were sent to another dozen-and-a-half addresses too, what's the FBI doing about *those* accounts? Did Yahoo et al. just hand over the data as requested? I find it hard to believe that the FBI chased up just one avenue... Furthermore, under the second phase of the UK Data Protection Act [http://www.dataprotection.gov.uk/], if the forthcoming Hague Convention on Jurisdiction and Foreign Judgments in Civil and Commercial Matters [http://www.hcch.net/e/workprog/jdgm.html] were to come into force, would I be allowed to ask the Feds for my account details if I lost them?... .g
participants (2)
-
Graham Lally
-
Khoder bin Hakkin