[Full-Disclosure] Wiretap or Magic Lantern?
From: Feher Tamas (etomcat_at_freemail.hu)
To: email@example.com Date: Wed, 7 Apr 2004 12:26:06 +0200 (CEST)
I wonder if the "Magic Lantern" trojan truly exists? I don't quite get
this "Big Brother watches all Internet traffic realtime" story.
1., The sheer volume of all traffic (IM, SMTP - including spam, P2P,
webmail, etc.) must be too much no matter what Crays you have.
(Imagine someone uses command line FTP right now, types "bin" and
all the warning lights suddenly turn red at NSA HQ.)
2., The terrorsts are not stupid, they use strong encryption and there is
proof that PGP repels NSA.
3., So I think it was some bugging method , either a software or
hardware device (small thingie hidden in the keyboard).
Regards, Tamas Feher.
Canadian terrorist arrests a key win for NSA hackers
by DAVID AKIN, Globe and Mail Update, 6 April 2004
A computer hacker who allowed himself to be publicly identified only
as "Mudhen" once boasted at a Las Vegas conference that he could
disable a Chinese satellite with nothing but his laptop computer and a
The others took him at his word, because Mudhen worked at the Puzzle
Palace - the nickname of the U.S. National Security Agency facility at
Fort Meade, Md., which houses the world's most powerful and
sophisticated electronic eavesdropping and anti-terrorism systems.
It was these systems, plus an army of cryptographers, chaos theorists,
mathematicians and computer scientists, that may have pulled in the
first piece of evidence that led Canadian authorities to arrest an
Ottawa man on terrorism charges last week.
Citing anonymous sources in the British intelligence community, The
Sunday Times reported that an e-mail message intercepted by NSA
precipitated a massive investigation by intelligence officials in
several countries that culminated in the arrest of nine men in Britain
and one in suburban Orleans, Ont. - 24-year-old software developer
Mohammed Momin Khawaja, who has since been charged with
terrorist act and being part of a terrorist group.
The Orleans arrest is considered an operational milestone for this vast
electronic eavesdropping network and its operators. But Dave Farber,
Internet pioneer and computer-science professor at Carnegie-Mellon
University in Pittsburgh, said the circumstances are also notable
because it will be the first time that routine U.S. monitoring of e-
mail traffic has led to an arrest.
"That's the first admission I've actually seen that they actually
monitor Internet traffic. I assumed they did, but no one ever admitted
it," Mr. Farber said.
Officials at the NSA could not be reached for comment. But U.S.
authorities are uniquely positioned to monitor international Internet
and telecommunications traffic because many of the world's
international gateways are located in their country. And once that
electronic traffic touches an American computer -- an e-mail message, a
request for a website or an Internet-based phone call, for instance --
it is routinely monitored by NSA spies.
"Foreign traffic that comes through the U.S. is subject to U.S. laws,
and the NSA has a perfect right to monitor all Internet traffic," said
Mr. Farber, who has also been a technical adviser to the U.S. Federal
That's what happened in February, when NSA officers at Fort Meade
intercepted a message between correspondents in Britain and Pakistan,
The Sunday Times reported. The contents of that message have not
revealed, but are significant enough that dozens of intelligence
officials were mobilized in Britain, Canada and the United States.
The intelligence officers at Fort Meade rely on a sophisticated suite
of supercomputers and telecommunications equipment to analyze
of messages and phone calls each day, looking for certain keywords or
Internet traffic is chopped up into small chunks called packets, and
each individual package is then routed over the Internet, to be
reassembled at the recipient's end. The packet is wrapped in what
computer scientists sometimes refer to as the envelope. And just as the
exterior of a regular piece of mail contains important addressing
information, so does the envelope of a digitized packet. These bits of
information are called headers, and they can be valuable to
investigators as well.
Headers typically contain generic descriptions of the packet's
contents, in order to let computers make better decisions about how to
route the packet through the Internet. E-mail traffic gets a lower
priority than Internet video traffic, for instance.
Headers also pick up the numeric or Internet Protocol (IP) address of
all the computers a packet touches as it travels from its originating
machine all the way to its destination. Every computerized device
connected to the Internet has its own unique IP number.
Investigators could program their supercomputers to flag packets of
information that met certain criteria, such as a certain IP number, a
certain traffic pattern or a certain kind of content. As soon as a
packet is flagged, investigators would apply for warrants to assemble
the packets and read the messages' contents.
Full-Disclosure - We believe in it.