Magic Lantern software

HomePage | Recent changes | View source | Discuss this page | Page history | Log in |

Printable version | Disclaimers | Privacy policy

Magic Lantern is the name of a software system used by the United States Federal Bureau of Investigation (FBI) to obtaining encryption keys from suspects' computer systems. The FBI's controversial monitoring software known as Carnivore is useless when the intercepted communications are encrypted.

Magic Lantern is a trojan-horse method of installing keylogging software on a suspect's machine. It allows the keylogger to be sent to the suspect via an e-mail; the keylogger is automatically and invisibly installed when the message is read, much like many Microsoft viruses. It is unknown what platforms Magic Lantern has been developed for; it is quite possible that only users of Microsoft Outlook are vulnerable to the trojan installation.

At first, some antivirus software companies, including Symantec and Network Associates made statements that they would assist the FBI by revising their virus scanners to not alert anyone to Magic Lantern's presence. Others, including Sophos, announced that they will work to detect it, saying that its customers outside the United States would expect protection against the application. Within a few weeks, however, both Symantec and Network Associates had realized that a hole left for the FBI could be exploited by malicious hackers and stated that they had no intention of voluntarily modifying their products to satisfy the FBI.

The FBI has used keyloggers before; in United States v. Scarfo, a keylogger was used to capture the Pretty Good Privacy passphrase used by an alleged mobster. Those keyloggers, however, had to be manually installed after gaining physical access to the subject's computer.

Magic Lantern is one of several enhancements to Carnivore discovered by the public in mid-November, 2001. In response to a Freedom of Information Act request filed in 2000 by the Electronic Privacy Information Center, the FBI released a series of unclassified documents relating to Carnivore, which included the "Enhanced Carnivore Project Plan." Redacted portions of that document mention "Cyber Knight," a database that sorts and matches data gathered using various Carnivore-like methods from e-mail, chat rooms, instant messages, and Internet phone calls. It also matches files with captured encryption keys.

Its existence was confimed by the FBI on December 12, 2001.

Badtrans, an illegal computer worm, has the same functionality as Magic Lantern, but infected random victims (instead of only carefully selected criminal suspects, as Magic Lantern would surely be used). Badtrans e-mailed the keylogs it gathered to several addresses. In mid-December of 2001 the FBI contacted at least one owner of the servers hosting the destination addresses and requested all the keylog data stolen from the victims of the worm -- as well as any available information about the perpetrator.

/Talk