SCN: Keystroke logging

Steve steve at advocate.net
Wed Dec 5 07:30:40 PST 2001 

x-no-archive: yes

======================


(Robert Vamosi, ZDNet AnchorDesk)---What if every keystroke you 
typed was recorded? Programs that do this have existed for years, 
and are often traded on shadowy Web sites. Alone, they are mere 
curiosities, but when coupled with Trojan horses that send the 
data over the Internet, these so-called keystroke loggers allow 
malicious users to steal your passwords and credit card numbers.  

Now the U.S. government wants to use similar keystroke-logging-
enabled Trojan horses in the war against terrorism, and two U.S. 
antivirus companies have announced they'll look the other way.  

Simply put, a keystroke logging program is a memory application 
that records every keystroke a user makes on a given computer. 
Most keystroke loggers record the application name, the time and 
date the application was opened, and the keystrokes associated 
with that application. For example, when you open Outlook and 
write an e-mail, the keystroke logger would record your e-mail 
address, the subject line, and any body text you type.  

Some keystroke loggers are advertised as child-protection 
programs, as they allow parents to see which sites their children 
have visited, or what their children typed during online chats. 
Keystroke loggers are also advertised as a means for companies 
to "assess" their employees' work habits. But this technology gets 
really pernicious when a malicious user couples it with a Trojan 
horse, as was the case with the recent Badtrans.B worm.  

Often, keystroke loggers track what you type in popular Web 
browsers. Lately, though, new loggers record the passphrase you 
enter into encryption programs such as PGP. The passphrase is a 
series of words that access your encryption key. Once malicious 
users obtain your passphrase, they can use your encryption key, 
and therefore decrypt any information you have encrypted.  

The U.S. government wants to use these encryption-keystroke 
loggers to find criminals and terrorists. In a recent and highly 
publicized loan shark and racketeering case in New York, FBI 
agents obtained information using an encryption-keystroke logger 
placed on computers in suspected mobster Nicodemo Scarfo's 
New Jersey office. According to MSNBC, agents did so by 
breaking into the Scarfo office and individually installing the logger 
on each computer. (I'll leave the question of whether or not the 
government should be able to "steal" encryption keys for another 
column.)  

Code-named "Magic Lantern," the bureau's new project would 
essentially create a government-sanctioned Internet worm that 
would self-install encryption-keystroke loggers on chosen 
computers. Agents would still need to obtain a court order before 
"infecting" someone, however the U.S. Patriot Act passed in 
October requires authorization only from a state or U.S. attorney 
general at first; a judge's order isn't needed until later. 

One method of distributing the encryption-keystroke loggers 
involves having a friend or relative of the person under 
investigation send him or her an infected e-mail. Of course, this 
could only happen if the suspect's antivirus program didn't first 
detect the FBI's Trojan horse.  

So far, Symantec and Network Associates have said their software 
will not detect the presence of this FBI Trojan horse. It should be 
noted that antivirus products already exclude some files from their 
scans, though none are as powerful as Magic Lantern. No 
antivirus software vendors outside the U.S have weighed in on this 
matter yet.  

Shane Coursen, a SecurityFocus columnist and CEO of WildList 
Organization International, a group that tracks viruses in the wild, 
predicts that any such collusion with the FBI might begin the 
downfall of U.S. antivirus software maker's dominance worldwide. I 
think the real danger lurks in the FBI borrowing a page from a 
malicious user's notebook. Even if every antivirus vendor in the 
world agreed to exclude the FBI's Trojan, the shadow Web sites 
already used by malicious users would start hosting custom Magic 
Lantern detection programs. Once such a tool is available, the 
FBI's magic would be useless.  


Copyright 2001 CNET Networks Inc.





* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *

More information about the scn mailing list