Infinity Bugs--A new can of worms?

[Tim May]

The "infinity bug" is alleged to be a device rendering any telephone, 
even one on-hook, capable of transmitting audio to a listener. Whether 
it's real is not the point.

Could the LEAs and intelligence agencies be using the equivalent of 
infinity bugs in the computers of targets? Something that is sent to a 
user as an attachment or executable, a la the various worms and viruses, 
something that sends results of keystrokes, or passwords entries, or 
keyword searches?

Items:

* The alleged use of "registration sniffers" which Microsoft was alleged 
(probably wrongly) to have used a few years ago to scan the hard disks 
of users of its products and then this information--it was 
alleged--could be retrieved by MS at some point. (I say probably wrongly 
for reasons discussed a few years ago. Still, it suggests some 
possibilities, which is why I mention it now.)

* The spoof Web pages, masquerading as real Web pages. A classic 
man-in-the-middle attack, analogous to building a fake ATM (on screen or 
even physical) around a real ATM. Even the "Web page shrinks to a 3 x 5 
pixel dot and lingers on the screen where it is not noticed" method. (I 
don't remember what this was called, so I'm describing it.)

* The SirCam thing, of course. My spoof about NIPC secret documents 
being sent out turned out not to be such a spoof after all, we heard a 
few days later. Suppose a much more refined and much more targeted 
version of SirCam was deposited on a target's computer?

* We know there has been much funding of worms and viruses by the 
government...for more than a few years. There were _claims_ after the 
Gulf War that the U.S. had disabled some Iraqi systems with worms, 
viruses, trojans, etc. (Some of these claims were based on an 
"Infoworld" spoof reporting on viruses being sent to printers. But I 
expect _some_ of the claims may be based on fact.)

* I read a French novel some years back called "Softwar," where a 
software bug is placed inside a supercomputer and is set to go off if 
ever a weather report has a specific combination of temperatures and 
wind speeds in a specific city.  Poorly written (maybe it was the 
translation, maybe it was just typical French SF), but an interesting 
idea.

* There were some cases years ago where Webcams, often built into 
monitors or left sitting on top of monitors permanently, could be 
turned-on remotely. Even more the case with built-in microphones. It'd 
be a hoot if the Feds are finding ways to turn on Webcams and 
microphones in homes and businesses. Even to leave trojans on a system 
for storing compressed snatches of audio.


These items are just meant to suggest possibilities. Besides doing 
research to "protect" the computer infrastructure, it seems that using 
"remote viewing" is a potential good alternative to Carnivore and to 
breaking physically into homes.

Maybe something like this is the bugging technology the FBI doesn't want 
to disclose in open court?

Last point. As networks get so complex, with so many old legacy things 
left hanging on corporate Intranets, on LANs and WANs and wireless nets 
(another can of worms, so to speak), more and more opportunities for 
depositing little bits of code to sniff passwords, to search for 
keywords, to turn on microphones and cameras. It's a place I'd be 
putting some money into, were I the CIA, DEA,  FBI, or any of a dozen 
other agencies.


--Tim May