frank on Fri, 21 Dec 2001 12:13:02 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Nettime-nl] Fw: Badtrans FBI


Directing traffic
A look at the FBI's computer surveillance scheme
http://www.sfbg.com/News/36/12/fbi.html

By A.C. Thompson

FROM A CLUTTERED warehouse on Third Street in San Francisco, Rudy
Rucker Jr. runs Monkeybrains.net, a tiny dial-up Internet service
provider and Web-hosting service ­ and on Nov. 25 his servers were
moving at a seriously sluggish pace. "My first thought was, 'This
sucks, my mail's not going fast enough,' " Rucker Jr. tells me.

Some quick detective work revealed that a worm called Badtrans was
transmitting data stolen from more than 100,000 computers to an
address at IJustGotFired.com, a Web site Rucker Jr. hosts. The
Badtrans traffic ­ 100 e-mails a minute ­ was the source of the
slowdown. He promptly disabled the account.

Hacker attacks are old news. What's fascinating about Rucker Jr.'s
run-in with Badtrans is that it offers a glimpse at the kind of
personal information the Federal Bureau of Investigation has publicly
acknowledged it intends to collect. And it has thrust Rucker Jr., the
son of acclaimed sci-fi author Rudy Rucker, into a cyber-standoff with
the FBI.

Badtrans seems to be similar to an FBI project dubbed Magic Lantern, a
new "spy virus" first revealed in news reports by MSNBC on Nov. 20
(see "Wartime Profiteers of the Digital Age," page 22). Magic Lantern,
reportedly, can record every keystroke a suspect makes and then
transmit the information ­ e-mail messages, passwords, what Web sites
the suspect has visited, etc. ­ back to the bureau.

The Badtrans worm is "almost exactly like Magic Lantern," security
consultant and software designer Jesse Burns says. Like Magic Lantern,
Badtrans logs keystrokes and funnels the data back to the worm's
creator. In this case the info was routed to 22 e-mail addresses,
mostly free Yahoo! and Excite accounts. Experts at tech security firm
Symantec labeled Badtrans a worst-case hacker attack ­ a level-four
threat ­ and quickly posted an antidote to the virus.

The massive flow of Badtrans bytes to Rucker Jr.'s servers caught the
eye of the FBI's computer crimes unit, and on Dec. 3 an agent gave him
a ring. "I helped them with some information," Rucker Jr. says. "I
gave them information I thought might be pertinent to catching the
people who were victimizing my server."

But the bureau wanted something else. "They asked me if I could store
the data [harvested by the worm] for them and burn it on a CD-ROM," he
says. Rucker Jr. balked. "The data I have is juicy. It's good for Big
Brother surveillance, but it's not going to help them solve their
case." So he stalled, telling the agents to mail a written request for
the material.

Rucker Jr. shows me e-mail correspondence with David Freyman of the
FBI's National Infrastructure Protection Center in Newark, N.J., that
seems to back up his story. "Thanks for the update on the saving [of]
the information," a Dec. 12 message from Freyman reads. Contacted by
the Bay Guardian, Freyman declined to comment on the probe.

Rucker Jr. says he won't give up the info, now up to 303,000 messages,
or two gigabytes, without a court order. "If a judge tells me to
release it, I'll hand it over. I'm not going to jail over this."

Seth Schoen is a staff technologist at the Electronic Frontier
Foundation, a digital civil liberties group that often butts heads
with the federal government. Schoen figures the FBI may have valid
reasons for requesting the data Rucker Jr. is holding. "Presumably it
will help their investigation ­ if they want to know who is being
victimized and what kind of information is being collected," Schoen
says.

However, Schoen is skeptical of the FBI's Magic Lantern scheme. He
says the bureau may find it difficult to target specific ­ suspect ­
computers. "It's very tricky to collect information on one
individual," Schoen tells me. 

On a computer monitor in his bedroom-office, Rucker Jr. gives me a
look at some of the stuff gathered by Badtrans ­ and, at least
theoretically, by Magic Lantern. I check out some e-mail missives,
searching on the word "anarchy." Sixty-six messages pop up. One is by
a high school student who started an "anarchy club." Another is by a
guy who thinks anarchy is a variant of satanism.

Next I scroll through a few hundred Web site urls. I can see who's
been surfing for porn (blowyourload.com, yourpenis.com,
iloveporno.com), who's been applying for loans (freddiemac.com,
equityloansnow.com), who's been looking for jobs
(fairfieldcountyjobs.com, museumjobs.com).

I can see why the feds would be enamored with this kind of technology:
in terms of surveillance, this program makes phone-tapping look like a
laughable anachronism. It also gives me the very creepy feeling of
reading someone's diary. Scratch that ­ it's more like having access
to the diaries of thousands of people.

"My instinct says not to give this information to the FBI," Rucker Jr.
muses. "Thinking that Big Brother is right all the time is bad for our
country, it's bad for people's rights, it's bad for people who want to
live in little hellholes like this running their own computer
companies."


______________________________________________________
* Verspreid via nettime-nl. Commercieel gebruik niet
* toegestaan zonder toestemming. <nettime-nl> is een
* open en ongemodereerde mailinglist over net-kritiek.
* Meer info, archief & anderstalige edities:
* http://www.nettime.org/.
* Contact: Menno Grootveld (rabotnik@xs4all.nl).