Infinity Bugs--A new can of worms?
Tim May
tcmay at got.net
Fri Aug 10 09:40:09 PDT 2001
The "infinity bug" is alleged to be a device rendering any telephone,
even one on-hook, capable of transmitting audio to a listener. Whether
it's real is not the point.
Could the LEAs and intelligence agencies be using the equivalent of
infinity bugs in the computers of targets? Something that is sent to a
user as an attachment or executable, a la the various worms and viruses,
something that sends results of keystrokes, or passwords entries, or
keyword searches?
Items:
* The alleged use of "registration sniffers" which Microsoft was alleged
(probably wrongly) to have used a few years ago to scan the hard disks
of users of its products and then this information--it was
alleged--could be retrieved by MS at some point. (I say probably wrongly
for reasons discussed a few years ago. Still, it suggests some
possibilities, which is why I mention it now.)
* The spoof Web pages, masquerading as real Web pages. A classic
man-in-the-middle attack, analogous to building a fake ATM (on screen or
even physical) around a real ATM. Even the "Web page shrinks to a 3 x 5
pixel dot and lingers on the screen where it is not noticed" method. (I
don't remember what this was called, so I'm describing it.)
* The SirCam thing, of course. My spoof about NIPC secret documents
being sent out turned out not to be such a spoof after all, we heard a
few days later. Suppose a much more refined and much more targeted
version of SirCam was deposited on a target's computer?
* We know there has been much funding of worms and viruses by the
government...for more than a few years. There were _claims_ after the
Gulf War that the U.S. had disabled some Iraqi systems with worms,
viruses, trojans, etc. (Some of these claims were based on an
"Infoworld" spoof reporting on viruses being sent to printers. But I
expect _some_ of the claims may be based on fact.)
* I read a French novel some years back called "Softwar," where a
software bug is placed inside a supercomputer and is set to go off if
ever a weather report has a specific combination of temperatures and
wind speeds in a specific city. Poorly written (maybe it was the
translation, maybe it was just typical French SF), but an interesting
idea.
* There were some cases years ago where Webcams, often built into
monitors or left sitting on top of monitors permanently, could be
turned-on remotely. Even more the case with built-in microphones. It'd
be a hoot if the Feds are finding ways to turn on Webcams and
microphones in homes and businesses. Even to leave trojans on a system
for storing compressed snatches of audio.
These items are just meant to suggest possibilities. Besides doing
research to "protect" the computer infrastructure, it seems that using
"remote viewing" is a potential good alternative to Carnivore and to
breaking physically into homes.
Maybe something like this is the bugging technology the FBI doesn't want
to disclose in open court?
Last point. As networks get so complex, with so many old legacy things
left hanging on corporate Intranets, on LANs and WANs and wireless nets
(another can of worms, so to speak), more and more opportunities for
depositing little bits of code to sniff passwords, to search for
keywords, to turn on microphones and cameras. It's a place I'd be
putting some money into, were I the CIA, DEA, FBI, or any of a dozen
other agencies.
--Tim May
More information about the cypherpunks-legacy
mailing list