Print
Discuss
Send to friend
RSS feedsMagic Lantern sounds like the back end of a Disney film name. Mary and the Magic Lantern, perhaps. In actual fact, if you haven't heard yet, it's the FBI's villain-tracking Trojan, a small application that embeds itself on a criminal's PC and then either sends every keystroke back to Washington or saves them in a file to be retrieved later as part of a raid.
It's shrouded in secrecy. Type Magic Lantern into the search box at www.fbi.gov (www.fbi.gov) and you won't turn up a single hit among the 3,982 documents it searches.
Phone the FBI and after waiting on hold ("Are they tracing me?") a spokesperson will tell you that "we're not commenting on any technology right now". Call Symantec's press team for more information and it will tell you all Magic Lantern-related comments must come from its US HQ.
Even Russian anti-virus outfit Kapersky admits "at this time [we have] not received any confirmation about Magic Lantern's existence or the FBI's intention to develop such a program. In this case, we view these rumours as they are - just rumours without any basis in fact".
That didn't stop it lambasting its competitors, further up the same page, for apparently ensuring that their products did not scan for the Trojan.
Physical sneaking
The truth of the matter, though, is that Magic Lantern is really nothing more sinister than a convenient way of achieving what is already in place. Hunt around the net and you'll find countless references to an existing FBI technology called the 'key logger system', which does much the same, but requires a certain amount of physical sneaking around inside a suspect's house or place of business to be installed.
And the major virus-killing companies, contrary to what Kapersky may say, are not leaving back doors wide open for the FBI. They apparently have never met with it or had any communication regarding this issue, and they do intend to scan for Magic Lantern if and when it appears.
A Symantec spokesperson, on condition of anonymity, stated the company's position: "We will treat it as any other virus." He acknowledged that if the judicial system, which ultimately decides who is and isn't tapped, demanded the company's compliance then it would have to consider its position.
However, he was standing firmly behind the comments of Symantec chief executive John W Thompson: "[Our] first priority is to protect our customers from malicious and illegal attacks. We have no intention of leaving or creating a hole in our software that might compromise our customers' security."
Covert operation
It's a relief to many that this is the case. December 2001 saw the release of Malantern, described by rival McAfee as "a silly Trojan", which poses as the FBI's covert binary super-sleuth. It was apparently the work of an Argentinean teenager posing as Agent Linux. Real name: Jordan Schloss, if the executable's output is to be believed.
Tracking him down to a Hotmail account, I asked why he'd written the virus, classed as fairly low-risk by both McAfee and Symantec.
"I think the anti-virus software manufacturers are fools," he replied. "If they put a backdoor for Magic Lantern in their products, then virus writers like me will release Clonez (sic) to act and look like Magic Lantern, and hackers will find a way to exploit Magic Lantern ... I coded Malantern in less then two minutes. It was coded to wake people up about the FBI project, but I never spread it."
Both McAfee and Symantec have updated their virus definition files to detect and clean Malantern away, but it does raise an interesting question.
Biting the bullet
Let's suppose Magic Lantern does exist, or something like it. It would create a classic rock-and-hard-place scenario, with the virus detection companies stuck in the middle. These companies have to make a decision. They can either change their policies and leave a back door for the governments of the world (and the likes of Agent Linux) or they can write bullet-proof software to repel every threat.
One of those options will likely attract the attention of the law enforcement agencies, and could perhaps impact on the companies' other activities. The other would almost certainly put them out of business as consumers switched to more comprehensive protection.
The general public, though, has no need to worry about Magic Lantern. The vast majority of us will never be a subject of its unwanted attention, and if it does what it's rumoured to do then it will protect rather than harm us. In these uncertain times, it seems inevitable.
Fighting talk
Quoted in the New York Times, US Defense Secretary Donald Rumsfeld underlined the importance of electronic surveillance to the US. "Even the vocabulary of this war will be different," he said, on the subject of the so-called War Against Terror. "When we 'invade the enemy's territory', we may well be invading his cyberspace."
Let's just hope that 'invasion', and the possibility of compliance from the US's various corporate allies, doesn't backfire. Unable to announce the full extent of its successes, if the FBI's need to get into a suspect's PC with ease in some way impacts on the rest of us, it will do more than anything to turn us against the idea of electronic surveillance.
All Antivirus and Firewall Protection
del.icio.us
Digg this
reddit!
