Well folks, for those of you who thought that goverments do not waste their time developing Trojan horses, and viruses, here is a nice eye opener:
http://www.pcworld.com/news/article/0,aid,78070,00.asp
This should make you think twice about not having a some kind of a Trojan defender installed!

Moved from TDS support forum as a general info topic and nothing related to TDS at all within the post

Thanks for posting that article Godzillex. It was an eye opener!

That was some interesting times 2 years ago when that article first came out and many members here may remember the thread here @ Wilders around that time. Since Magic Lantern is over 2 years old....I'm sure the FBI has moved onto big and better things....anonymously ?

Wilders April 2002 thread---> FBI must cough up Carnivore info (http://www.wilderssecurity.com/showthread.php?t=990)

I had that thread bookmarked (couldn't find it for the life of me though), but that was an *excellent* thread.

Thanks for the link, Bubba. Kinda nice going back and re-reading some of those posts. ;)

snap

Are you certain the current breed of Anti-trojans on the market can detect government issue spyware? One might think they would have their best hackers on it, and ensured it would not be detectable by any of the products on the market.

After all if they wish to use it against top cless criminals, their intended victims are likely to be extremly paranoid and use the same defences (or same level at least) as most paranoid wilders people (heck at least these criminals have reasons to be paranoid!). This means people using TDS, BOClean, Ewido, Trojanhunter etc. I'm sure spyware designed by the goverment would be tested against these....

-{ Quote: "That was some interesting times 2 years ago when that article first came out and many members here may remember the thread here @ Wilders around that time. Since Magic Lantern is over 2 years old....I'm sure the FBI has moved onto big and better things....anonymously ?

Wilders April 2002 thread---> FBI must cough up Carnivore info (http://www.wilderssecurity.com/showthread.php?t=990)" }-

Wow, Bubba! Talk about bringing back memories! That was quite a thread. The only problem is that going back and looking at it two years later makes me wonder again who "response" really was.

As for the current status of Magic Lantern: it is real, it is widely used, and I believe is undetectable by any consumer software. There's just too much evidence that precautions taken by some, were somehow fruitless against "Magic Lantern" and its variants. Is that a good/bad thing? That's worthy of a thread in itself. There is no question that free people everywhere are threatened by radical Islam and terrorism. However, I also believe free people everywhere are threatened by those seeking to protect them.

BTW, There is little on Magic Lantern since the FBI admitted its development. See this article. (http://www.wired.com/news/print/0,1294,49102,00.html)
The entire program is now classified "top secret" and - who knows?

John
Luv2BSecure

And what makes you sure that TDS-3 or Boclean etc have to add the defs? How about the government talks to them asking them NOT TO and persuadeing them a bit with whatever means they can. How would you know if either TDS-3 or Boclean or any other company actually adds the definitions for those even if they can be detected they might not be. :)

-{ Quote: "That was some interesting times 2 years ago when that article first came out and many members here may remember the thread here @ Wilders around that time. Since Magic Lantern is over 2 years old....I'm sure the FBI has moved onto big and better things....anonymously ? [/URL]" }-

Bubba,
I beleive that Magic Lantern and Carnivore refer to two different projects. The first is a Trojan installed on users' systems to log keystrokes, the other is a scanner which sits at ISP level to passively monitor and save all *interesting* e-mails.

Cheers!

-{ Quote: "The only problem is that going back and looking at it two years later makes me wonder again who "response" really was.
" }-

You mean you still don't know who 'response' was? :o

(I do, but I'll never tell) :lurking:;D

I thought we had another thread on Magic Lantern too, but I'm not finding that one. Didn't spy1 have a thread about that? (it's been too long to remember.)

snap

-{ Quote: "Bubba,
I beleive that Magic Lantern and Carnivore refer to two different projects. " }-As noted in the link I posted, the links within that long thread and the 2001 article link that luv2bsecure posted....Magic Lantern and Carnivore are one in the same.

-{ Quote: "An FBI spokesman confirmed Wednesday that the U.S. government is working on a controversial Internet spying technology, code-named "Magic Lantern,".....While the FBI requires a court order to install its technology, formerly called "Carnivore,"" }-

In any case....Please do not take my posts wrongly....I am still searching myself for some more up to date info concerning Magic Lantern\Carnivore....but as of yet I haven't stumbled across any.

-{ Quote: "Wow, Bubba! Talk about bringing back memories! That was quite a thread. The only problem is that going back and looking at it two years later makes me wonder again who "response" really was.

As for the current status of Magic Lantern: it is real, it is widely used, and I believe is undetectable by any consumer software. There's just too much evidence that precautions taken by some, were somehow fruitless against "Magic Lantern" and its variants. Is that a good/bad thing? That's worthy of a thread in itself. There is no question that free people everywhere are threatened by radical Islam and terrorism. However, I also believe free people everywhere are threatened by those seeking to protect them.

BTW, There is little on Magic Lantern since the FBI admitted its development. See this article. (http://www.wired.com/news/print/0,1294,49102,00.html)
The entire program is now classified "top secret" and - who knows?

John
Luv2BSecure" }-

John Little, I am "response" and it is nice to have you back ;)

-{ Quote: "John Little, I am "response" and it is nice to have you back ;)" }-Well blow me away....Name Game, Backstroke, New Years....you ever been to the Ozarks man :)

-{ Quote: "Well blow me away....Name Game, Backstroke, New Years....you ever been to the Ozarks man :)" }-

Yup..one of my favorite places for air and not much traffic lately. Even for a Hunter ;)

Or an Old Crow ;D

But we could all watch out for those TEMPEST attacks. :)

http://www.dslreports.com/forum/remark,2051870~root=security,1~mode=flat

-{ Quote: "John Little, I am "response" and it is nice to have you back ;)" }-

:o :o :o

After all this time...............

:o :o :o

Reading back through that thread, I am glad "response" is here with us and on our side!

Just one more thing. (Enter Lt. Colombo here).....

Were there two "response" posters in that thread as speculated by several at the time? Curiosity has got the best of me. :)

Thanks for the welcome back, Primrose....

John
Luv2BSecure

.

-{ Quote: ":o :o :o

After all this time...............

:o :o :o

Reading back through that thread, I am glad "response" is here with us and on our side!

Just one more thing. (Enter Lt. Colombo here).....

Were there two "response" posters in that thread as speculated by several at the time? Curiosity has got the best of me. :)

Thanks for the welcome back, Primrose....

John
Luv2BSecure

." }-

No you can pin the tail on me for all..in fact were there two, I would have told you then and BTW..I did not hold another membership at the Wilders forum under any other name at that time when I made those posts.. but then I never used Response for any other thread except that one..and never have posted as a guest when I was an active member at Wilders.

-{ Quote: "I am still searching myself for some more up to date info concerning Magic Lantern\Carnivore....but as of yet I haven't stumbled across any." }-
Hi Bubba,

Unfortunately, there is very little information. FOIA requests have come back time and again as DENIED/NS. This is a request that is denied on basis of National Security. The entire program is, in fact, classified.

A lot of speculation though.....

1. There have been reports that the Magic Lantern program is nothing more than a keylogger that we already identify and remove when found. "Hiding in the open" as they say.

2. A highly sophisticated trojan keylogger that uses technology and (possibly) Windows exploits known only to a select few.

One thing is for certain: It has been used, cited in federal criminal filings in several cases (and some that have nothing to do with terrorism). It is said by some that in some of these cases, the information was extracted from computers hardened with all of the software - and more - that we all discuss here. The consensus among those I talk with believe it is simply not detectable by consumer AT/AS software and is in fact "magic"......Sorry, I couldn't resist.

John
Luv2BSecure

.

John,
You mentioned that you've talked with others about this keylogger. Like most people here at Wilders, I'm interested. Can you point me to the boards where you've discussed this? How can I learn more?
Thanks.

-{ Quote: "John,
You mentioned that you've talked with others about this keylogger. Like most people here at Wilders, I'm interested. Can you point me to the boards where you've discussed this? How can I learn more?
Thanks." }-

To be quite honest, I have been "out-of-the-loop" with message boards, etc. for quite some time due to illness. Another thing - there's not a lot of places online to discuss things like this. When I refer to talking to others, I mean that literally as in "talking" to others. My professional work has been in academia/non profit and centered around privacy issues.
EPIC is a good resource (http://www.epic.org/) for keeping up with privacy in the digital world.

John
Luv2BSecure

.

-{ Quote: "
A lot of speculation though.....

1. There have been reports that the Magic Lantern program is nothing more than a keylogger that we already identify and remove when found. "Hiding in the open" as they say.

2. A highly sophisticated trojan keylogger that uses technology and (possibly) Windows exploits known only to a select few.
" }-

Interesting stuff being discussed here...
In the article it speaks mostly of the FBI and the government, so I assume they are talking about American Government. So what would an AT developer like TDS (for example) which is not based in the United States, have anything to do with the workings of the American Government? Or is the use of these types of keylogger/programs something that is some how internationally agreed upon? Sorry if I could not phrase that any better.

Signature detection is one thing but how about a more "generic" way of stopping keyloggers. Lets say what ProcessGuard does. Or other kernal mode protection like the one being implemented by SSM (I believe). Both of these developers I admire very much, it is hard to imagine the creators of such keylogger/programs might know something they dont. But then again anything is possible in this world...

Going along with my thought from above, maybe it is more possible if the creators of the keylogger/programs knew the source in Windows and exploit it as John mentioned. But how about Linux (non-proprietary versions), FreeBSD, and OpenBSD that are open source?

Didn't mean to call you out John by quoting you, I just thought you brought up some very good points here :)

-{ Quote: "Interesting stuff being discussed here...
In the article it speaks mostly of the FBI and the government, so I assume they are talking about American Government. So what would an AT developer like TDS (for example) which is not based in the United States, have anything to do with the workings of the American Government? Or is the use of these types of keylogger/programs something that is some how internationally agreed upon? Sorry if I could not phrase that any better. " }-

I would think that Diamond CS would be *very* interested in Magic Lantern. First, the gratification of knowing that they have made a trojan detector which can snoop out FBI's vermin (supposedly the best code writers in the world) is reason enough.

Also, the technology used in this goverment-made key logger has potential to be shared among the goverments of the world. Remember, Australia is also part of the Echelon Network which includes: U.S.A., U.K., New Zealand, and Canada.

Lastly, there is a good deal of TDS customers residing in the U.S.A., so let's not discount the sales incentive for Diamond CS.

And yes, if you want to have a more secure computing environment, FreeBSD and or other UNIX-derivatives will do an excellent job (they also have the advantage of being free, and open source). I think if you're to give the bozos in Micro$oft enough rope, one of these days they'll hang themselves. Their code is getting more bloated with each release of Windows: there isn't a day that goes by where some *major* security issue isn't discovered. It's become a dangerous joke!

What if Micro$oft is in on the game as well? Couldn't M$ agree to put some kind of backdoor in Windows? It could even possibly be downloaded with Windows updates, so no version of Windows could escape it.

But if the world governments were in on some kind of plot to spy on us there has got to be some way to monitor the outgoing traffic (keylogs) from your computer, unless they use a similar technology like some of the latest CIA type burst bugs. These are audio bugs that record conversations, store it and then periodically release a quick burst of the recorded data, in random digital spread spectrum frequencies, instead of a constant radio signal like one would assume a bug would. And they often use frequencies above the range most commerical spectrum analyzers could pick up anyway. These types of bugs are very difficult to find, even with a spectrum analyzer.

So why couldn't some type of software program be designed in a similar way? To periodically release recorded data, in such a way, as to be undetectable by most currently known techniques/programs used to find these threats.

-{ Quote: "What if Micro$oft is in on the game as well? Couldn't M$ agree to put some kind of backdoor in Windows? It could even possibly be downloaded with Windows updates, so no version of Windows could escape it. " }-
Great point! I've always been weary of Windows "updates".

LIFE RULE #1
At the end of the day nothing is what it appears to be

The FBI (or any other three-letter agency) doesn't HAVE to put anything ON or IN your computer - all they have to do is simply "request" (even verbally) that your ISP turn over all logs of your web-traffic.

Unless everything you're doing is totally encrypted and tunneled, you're all theirs.

You'll never see it - and no software on your computer will ever detect it.

-{ Quote: "The FBI (or any other three-letter agency) doesn't HAVE to put anything ON or IN your computer - all they have to do is simply "request" (even verbally) that your ISP turn over all logs of your web-traffic.

Unless everything you're doing is totally encrypted and tunneled, you're all theirs.

You'll never see it - and no software on your computer will ever detect it." }-
Hi Smurf,
We're talking about Magic Lantern, which is different than simple ISP logging. Magic Lantern is actually a TLA keylogging trojan that is placed on a suspect computer in order to capture (usually) the passphrase to encrypted files, containers, partitions, etc. It's easy to get it all confused though. :)

Fellow Creatures,

The only real question is are you a target. I am sure all three letter agencies can spy on any internet user in various ways and fashions. Sometimes they might get caught. That is just part of being a user now a days. It may not be right, but it is just the way it is.

Only if you make yourself are a target by your "activity", should you be concerned, not enough man power or computing power to watch everybody. They would only monitor for strange stuff. I would bet Micro$oft is part of the process though. By the way this is not just a United States thing either I'm sure other coutries have there own "listeners" too.

Just a disclosure: I am not part of any security agency and have no inside tract. Just my own thinking on this. ;)

But, people have bosses, bosses get impatienct, so people find other people to take the heat, even good peoples. don't matter to bosses if wrong persons, unders not yelled threetened with job. so who gets hurt,? everyday man.

Still a very good read ;)

Security and Encryption FAQ - Revision 18.2

by Doctor Who

http://www.usenet-replayer.com/faq/alt.computer.security.html

Here are facts:

The Russians used to sit outside IBM mainframe datacentres and pick up radiation from their locally and remotely attached cluster controllers and even individual screens, just like TV Detector License vans do in England. Well, they might spot the odd German Paratrooper...

The Russians our now our friends...so our telecomm companies do the job for them. When ever the spot suspicious signs - people legally using encryption or words like BOMB or SEMTEX or GIRL or IRAQ then they send in a Chinook bearing Official Thugs from the Ministry of Evaporance.

It's not all bad news...we're all given a fair and reasonable chance to dig ourselves out through the weak, lower board of the coffinse our maimed bodies with sealed into, provided we can superglue our bones together (gasp) in tim...

Bring back Cerberus....

:o :o :o Girl??? That would be the great majority of humanity!! And same with Iraq! How about "that's the bomb!!" ?

We're doomed, I tell ya!!

Marja8)

Hero worship is mostly idol gossip.