Re: [Full-Disclosure] Wiretap or Magic Lantern?

From: Szilveszter Adam (adam_at_hif.hu)
Date: 04/07/04

  • Next message: James.Cupps_at_sappi.com: "RE: [Full-Disclosure] Wiretap or Magic Lantern?" 
    To: LC <full-disclosure@lists.netsys.com>
Date: Wed, 07 Apr 2004 14:12:49 +0200

    Hello all,

    As for the "Magic Lantern" stuff, yes AFAIR it was like your typical
    malware, was delivered eg via email and did pretty much the same stuff
    that today's keystroke-logging remote-controllable malware does. Nothing
    truly exciting, not even at the time, but for the fact that it was the
    Feds that were using it. (People simply *love* consipracy theories and
    things that have to do with any kind of secret services. These orgs
    profit from this fact tremendously. Just look at their booths at job
    fairs: they are bustling with hangers-on and wannabees.)

    As for the article cited, whenever I read something like that I always
    think to myself: "It is quite reasonable to believe, that these
    so-called correspondents were already under surevillance for some reason
    or other, and therefore their emails were already monitored." It is the
    only feasible way for this to happen. All the rest of the tales of a
    super-duper system that monitors all the world's Internet, satellite,
    radio and phone traffic and screens it in real-time is just a
    smoke-screen for the ppl who love spy movies. And of course it furthers
    the interests of the U.S., since this way no one (not even the so-called
    allies) can be quite sure what they now or are capable of discovering.

    Note that this is *not* to say that the technical ingredients of such a
    system are not already available to governments in many countries. They
    are. Phone calls, mobile calls, satellite traffic or Internet traffic:
    they can be and are monitored both by police and by the secret services.
    On more places than you would think. Just think about the scandals about
    the spying on UN delegates in New York, or the bugging of the EU
    Commission's offices in Brussels (both by the US). But this does not
    happen in an all-encompassing blanket manner. And certainly not with
    some automatic keyword search or what have you run against all that data.

    BTW as for some of the myths that accompany these covert ops in
    cyberspace: you would be really surprised to learn how sophisticated
    criminals have already been caught simply by sending them HTML email
    that contained an invisible web bug, the kind that is in your spam every
    day. It is mostly still the human factor, that gives one away, there is
    mostly no need to go head-on against really strong crypto or stego.
    Approach it from the human side and you are there much faster.

    BTW as for the "NSA-proof"-nes of PGP: It is not uncrackable. Nothing
    is, given the right amount of time and resources on your hands. The only
    question is, does it need to be? And is it worth it? If you can get at
    the info in say 10,000 years from now than clearly this is not an
    option. And there is no need to go there either, when all you need is
    some attractive woman and many men will readily tell more than you had
    ever hoped for. :-P

    P.S. The article reminds me of the stories of drug busts on
    border-crossing stations when they say: "The passengers were behaving
    themselves in a suspicous manner so we subjected them to a thorough
    search. And guess what, we found the dope." Sure. It really wasn't
    someone giving the border guards a phone call just at the right time. ;-)

    Regards:
    Sz.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: James.Cupps_at_sappi.com: "RE: [Full-Disclosure] Wiretap or Magic Lantern?"
    • Quantcast