TUCoPS :: Malware :: badtrfbi.txt

The FBI wants to use the BadTrans worm's stolen data!!!

FBI wants access to worm's pilfered data

The FBI is asking for access to a massive database that contains the
private communications and passwords of the victims of the Badtrans
Internet worm. Badtrans spreads through security flaws in Microsoft mail
software and transmits everything the victim types. Since November 24,
Badtrans has violated the privacy of millions of Internet users, and now
the FBI wants to take part in the spying.

Victims of Badtrans are infected when they receive an email containing
the worm in an attachment and either run the program by clicking on it,
or use an email reader like Microsoft Outlook which may automatically
run it without user intervention. Once executed, the worm replicates by
sending copies of itself to all other email addresses found on the
host's machine, and installs a keystroke-logger capable of stealing
passwords including those used for telnet, email, ftp, and the web. Also
captured is anything else the user may be typing, including personal
documents or private emails.

Coincidentally, just four days before the breakout of Badtrans it was
revealed that the FBI was developing their own keystroke-logging virus,
called Magic Lantern. Made to complement the Carnivore spy system, Magic
Lantern would allow them to obtain target's passwords as they type them.
This is a significant improvement over Carnivore, which can only see
data after it has been transmitted over the Internet, at which point the
passwords may have been encrypted.

After Badtrans pilfers keystrokes the data is sent back to one of
twenty-two email addresses (this is according to the FBI-- leading
anti-virus vendors have only reported seventeen email addresses). Among
these are free email addresses at Excite, Yahoo, and IJustGotFired.com.
IJustGotFired is a free service of MonkeyBrains, a San Francisco based
independent Internet Service Provider.

In particular, suck_my_prick@ijustgotfired.com began receiving emails at
3:23 PM on November 24. Triggering software automatically disabled the
account after it exceeded quotas, and began saving messages as they
arrived. The following day, MonkeyBrains' mail server was sluggish. Upon
examination of the mail server's logs, it quickly became apparent that
100 emails per minute to the "suck_my_prick" alias were the source of
the problem. The mails delivered the logged keystrokes from over 100,000
compromised computers in the first day alone.

Last week the FBI contacted the owner of MonkeyBrains, Rudy Rucker, Jr.,
and requested a cloned copy of the password database and keylogged data.
The database includes only information stolen from the victims of the
virus, not information about the perpetrator. The FBI wants
indiscriminant access to the illegally extracted passwords and
keystrokes of over two million people without so much as a warrant. Even
with a warrant they would have to specify exactly what information they
are after, on whom, and what they expect to find. Instead, they want it
all and for no justifiable reason.

One of the most basic tenets of an authoritarian state is one that
claims rights for itself that it denies its citizens. Surveillance is
perhaps one of the most glaring examples of this in our society.
Accordingly, rather than hand over the entire database to the FBI,
MonkeyBrains has decided to open the database to the public. Now
everyone (including the FBI) will be able query which accounts have been
compromised and search for their hostnames. Password and keylogged data
will not be made available, for obvious legal reasons.

The implications of complying with the FBI's request, absent any legal
authority, are staggering. This is information that no one, not even the
FBI, could legally gather themselves. The fact that they seek to take
advantage of this worm and benefit from its illicit spoils, demonstrates
the FBI's complete and utter contempt for constitutionally mandated due
process and protection from unreasonable search and seizure. It defies
reason that the FBI expects the American people to trust them to only
look at certain permissible nuggets of data and ignore the rest of what
they collect. One need only imagine what J. Edgar Hoover would do with
today's expansive surveillance system, coupled with the new powers
granted by the Patriot Act, to appreciate the Orwellian nightmare that
the United States is becoming. The last thing the FBI should have is a
spying Internet worm, and it looks like they've found one. Welcome to
the Magic Lantern.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH