Slashdot Log In
Will Security Firms Detect Police Spyware?
Posted by
kdawson
on Tue Jul 17, 2007 06:04 PM
from the who-do-you-trust dept.
from the who-do-you-trust dept.
cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."
Related Stories
[+]
McAfee Will Ignore FBI Spyware 571 comments
Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."
[+]
Symantec Will Not Detect Magic Lantern 582 comments
An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
[+]
FBI Remotely Installs Spyware to Trace Bomb Threat 325 comments
cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Would you TRUST their answers if they said "no"? (Score:5, Insightful)
Open Source all the way.
TFA didn't ask about National Security Letters (Score:5, Informative)
But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.
That's only in Amerika of course.
Parent
Re:TFA didn't ask about National Security Letters (Score:5, Informative)
Parent
New solution (Score:4, Funny)
note to self (Score:5, Informative)
never buy anything from check point.
Re:note to self (Score:5, Insightful)
Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.
Parent
Re:note to self (Score:5, Interesting)
Oversight essentially means they run back to the office and time-stamp a preprinted form. There's a little more involved than that, but not much. They get to choose the most pliable judge available...and there are some who are pretty pliable.
The bizarre thing is that even THAT much oversight is seen as too much by those in charge of the snooping agencies. And it's not usually because of urgency. (As I recall they can get special exemptions for planting a bug on a target of opportunity...retroactive permission.)
The current moral corruption of the police appears to extend all the way from the local level to the federal. (I hope your local police are still honest. If so, count yourself lucky...or uninformed.)
This current level of corruption probably reaches back to Nixon's Imperial Presidency, and before him to FDR's centralization of the government. And before him, also. (Notice that it's not specific to any one party. What one party does, the other party rarely repeals.) With the removal of habeas corpus it's barely disguised any more. This *IS* a police state. So far it's a more humane one than most of it's predecessors, but it has the diagnostic features. Britain is, or appears to be headed, the same way.
Probably this is because of two basic features:
1) Population density makes it more difficult to control people, and
2) The removal of a frontier means that if the powers that be get mad at you, there's no place to escape to.
Ostensibly these two factors pull in opposite directions, but actually the freedom of the frontier had a back-transference that lead to greater liberty in the sessile population.
What can be done? Solutions seem either difficult or undesirable. Either drastically decrease the population (H5N1 may attempt this solution), or create a new frontier (which must be reachable at least by the middle class, if not by the impoverished). Space travel appears too expensive for the foreseeable future. Ditto for under-sea colonies. And it has to be a meat-space frontier. Virtual realities don't have the same "getting out from under the thumb of an oppressive government" effect (except in fantasy...which isn't sufficient).
Parent
Don't play stupid.. (Score:4, Insightful)
We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves.
Parent
Re:note to self (Score:5, Insightful)
It's a simple rule of security: If there's a low security path, the bad guys will take it. That's how they win. Assuming otherwise is silly.
Parent
Re:note to self (Score:4, Insightful)
This isn't about how and when police should use wiretaps. It is about companies ignoring their ethical obligation to detect any and all "spyware." Hence the note to self: "Never by anything from Checkpoint" They either can't be trusted to do the job you pay them to do.
For an example of why this whitelisting is a problem regardless of whether or not individual wiretapping cases are legit: What if a criminal decides to utilize the police spyware? How hard can it be to take a machine has been "bugged" by the police, find the binary, and copy it for your own use... and do your dirty work undetected? All it takes is one clever hacker to dissect the police keylogger and distribute it amongst his friends....
-matthew
Parent
Re:note to self (Score:4, Insightful)
Parent
Re:note to self (Score:4, Insightful)
Yes, unless they have a proper warrant, legally issued by an actual judge. Refer to the 4th amendment.
Would your opinion change if the Police had a warrant?
A warrant means oversight. I'm fine with that. Again, refer to the 4th.
If you daughter were kidnapped, would you protest them using her cel phone to track her?
My only protest is that you are resorting to emotions instead of continuing intelligent debate. In any case, it's a clear non-sequitur (and poorly laid trap) and has no place in the discussion.
Parent
Re:note to self (Score:5, Insightful)
Parent
Re:note to self (Score:5, Interesting)
--jeffk++
Parent
Re:note to self (Score:4, Insightful)
Technically law enforcement is giving the code away free, to the very criminals we should be endeavouring to keep the code away from, all they have to do is find it and get a cracker to reverse engineer it.
A back door is a back door is a back door, when you pay for security software you pay for a complete solution, not some thing that leaks like a sieve. Security companies either declare the holes in the package or they knowingly commit fraud about the security of the software that they are providing.
Basically if the law enforcement want to poke their sticky beaks in, they need to whack in a bit of hardware and have the warrant to go along with it, software is just a bull shit lazy trap waiting to blow up in their and our faces.
Parent
Fastens buckle on tinfoil hat (Score:5, Insightful)
These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.
Well, this isn't exactly new... (Score:5, Informative)
Parent
Whitelisting entities? (Score:5, Insightful)
White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.
The respondents weaseled (Score:5, Interesting)
You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.
Police spyware used by the dark side? (Score:5, Interesting)
2. Crim gets hold of police spyware
3. Crim gets pwns your machine, steals your identity and makes your life a living hell for the next 3 years or more.
If you paid for a piece of anti-spyware and they leave a backdoor open like this, isn't that a case of negligence?
-1, Moot (Score:5, Insightful)
And how often do you look at the back of your computer [google.com]? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.
The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.
McAfee and Symantec dropped the ball (Score:5, Informative)
If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.
Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?
Brilliant! (Score:4, Insightful)
2) government agents install said trojan on all the bad-guys computers.
So now all the known bad guys have copies of a trojan that is whitelisted by the AV software...
What could possibly go wrong?
That's exactly the level of intelligence I've come to expect from this government.
Oh wait, maybe they'll copyright the the trojan so the bad guys can't copy it and use it on other computers...
Any AV company that co-operates with such a plan is incompetent.
Generic test? (Score:4, Interesting)
Alternately, the keylogger is most likely storing the logged keys either in clear or in isomorphic form to the input. So if you inserted your own keylogger into the system, what would it take to scan memory (and drives?) for matches on samples of what your own keylogger captures? Keyloggers aren't going to want to be burdened with heavy encryption to avoid this scanning, since that would add enough system load to make them more spottable by other means. Obviously you'd have to mask out the legitimate memory locations of, say, your word processor the input's going to - which would miss a keylogger patched into your word processor.
Is anyone working on a way to harden systems against this whole category? (Yeah, key-logging dongles are yet another thing. Software insertion is the question I'm addressing.)
Re:Security (Score:5, Informative)
"Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds."
With Bush in office you can only expect more of the same.
Parent