[security-news] Bulletin #12, January 27th, 2003
security-news at lists.resist.ca
security-news at lists.resist.ca
Sun Jan 26 22:30:10 PST 2003
***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************
January 27th, 2003
A mish-mash of stuff this week.... We are need of people to write
security how-to articles that would be of interest to the activist
community - technical or non-technical - So if you have something you
want to share, please send it to secure at resist.ca - Thanks!
**********************************
Security-news: Issue #12 - Contents
**********************************
* Security tip of the week: House Alarms vs. Motion-detecting Cameras
* News & Analysis: FBI Taps Campus Police in Anti-Terror Operations
* News & Analysis: New Tools for Domestic Spying, & Qualms (part 2 of 2)
* How to: Identify and Deal with Keystroke Loggers, Trojans and
Backdoors
*****
Security Tip of the Week: House Alarms vs. Motion-detecting Cameras
*****
A house (or infoshop space) alarm, once set off (either by accident or
surrepitious entry) - may give police the right to enter your space to
investigate a suspected break-in. Rather than trying to prevent
surreptitious entry with an alarm system, a better strategy is to detect
entry by using a well-concealed motion detecting camera. The preferable
set-up is one which automatically emails or otherwise transmits an image
of the intruder to you (which foils tape-switching or camera-removal
strategies).
*****
News & Analysis: FBI Taps Campus Police in Anti-Terror Operations
Student, Faculty Groups Fear a Return of Spying Abuses Against
Activists, Foreign Nationals
By Dan Eggen Washington Post Staff Writer
Saturday, January 25, 2003
*****
Federal authorities have begun enlisting campus police officers in the
domestic war on terror, renewing fears among some faculty and student
groups of overzealous FBI spying at colleges and universities that led
to scandals in decades past.
Since the Sept. 11, 2001, terrorist attacks, the FBI has strengthened or
established working relationships with hundreds of campus police
departments, in part to gain better access to insular communities of
Middle Eastern students, government officials said.
On at least a dozen campuses, the FBI has included collegiate police
officers as members of local Joint Terrorism Task Forces, the regional
entities that oversee counterterrorism investigations nationwide.
Some officers have been given federal security clearance, which allows
them access to classified information. Their supervisors often do not
know which cases these officers are working on because details cannot be
shared, officials said.
The FBI and many campus police officers view the arrangements as a
logical, effective way to help monitor potential terrorist threats and
keep better tabs on the more than 200,000 foreign nationals studying in
the United States. Several of the Sept. 11 hijackers were enrolled as
students at American flight schools, and one entered the country on a
student visa but never showed up at the school.
"Campus law enforcement is starting to get a lot more recognition from
the FBI and other federal agencies now, because they're realizing we do
have police departments and we can play a vital role in stopping
terrorism," said H. Scott Doner, police chief at Valdosta State
University in Georgia and president of the International Association of
Campus Law Enforcement Administrators. "Everybody's got to have their
eyes and ears open to make sure something doesn't happen again."
But the effort has touched a nerve among some faculty and student
groups, as well as Muslim activists, who fear that the government is
inching toward the kind of controversial spying tactics it used in the
1950s and 1960s. With few restrictions, the FBI at the time aggressively
monitored, and often harassed, political groups, student activists and
dissidents.
Faculty leaders and administrators argue that U.S. colleges and
universities are unique places devoted to the exchange of ideas, and
that even the hint of surveillance by government authorities taints that
environment.
"This type of cooperation is perfectly valid if it's based on criminal
activity, but the danger with the FBI is that it doesn't always limit
itself to that," said Sarah Eltantawi, spokeswoman for the Muslim Public
Affairs Council. "Given the FBI's history, there's a definite concern
that they will go too far."
Closer ties between the FBI and campus police are the latest example of
the government's determination to keep better tabs on foreign students
and faculty in the United States. The efforts have met resistance at
many colleges, which are accustomed to a fair amount of independence
from government scrutiny and which often are home to activists
suspicious of the FBI.
This month, the Immigration and Naturalization Service is launching a
computerized tracking system for all foreign nationals studying in the
United States, a program that was stalled for years, in part by
university complaints. Some FBI field offices have also asked local
universities and colleges for detailed lists of foreign students and
faculty, prompting objections from academic groups and several U.S.
senators.
"There is a concern on the part of universities to balance on this
tightrope in the post-September 11 world," said A. John Bramley, provost
at the University of Vermont. "On the one hand, no one wants to do
anything that is not entirely supportive of national security. On the
other hand, universities are open places that want to encourage dialogue
and diversity."
Distrust of the FBI runs high among some faculty who remember the
counterculture demonstrations of the 1960s. Under J. Edgar Hoover's
15-year COINTELPRO program, the bureau engaged in broad and questionable
tactics aimed at monitoring and disrupting student activist groups.
FBI agents infiltrated leftist antiwar and civil rights groups with
informants, tapped into radio frequencies to disrupt protest plans,
stole membership rolls and compiled dossiers on student political
leaders. The FBI even produced bogus student newspapers, one
conservative and one liberal, to spread inaccurate information and sow
dissension among student groups. The COINTELPRO program was halted in
1971.
The FBI has long had liaison relationships with police and security
departments at some universities, particularly larger institutions with
higher crime rates or heavy involvement in sensitive research areas,
officials said. But the Sept. 11 attacks prompted the bureau to
strengthen its links to local and state police departments, including
those on college campuses.
Precise numbers are not available, but FBI estimates and interviews with
campus police administrators indicate that at least a dozen departments
have assigned officers to play significant roles in FBI anti-terrorism
task forces.
The arrangements with the schools vary. At the University of Texas in
Dallas, a campus police officer attends monthly task force meetings and
is in regular communication with the FBI, but has not participated in
active investigations, officials said. In Gainesville, Fla., a
University of Florida officer is assigned to work full time alongside
FBI agents and state police in terror investigations.
At the University of Toledo, police chief John A. Dauer said that one
full-time and one part-time officer are assigned to the FBI terrorism
task force based in Cleveland. Although he is not privy to the details
of his officers' work with federal agents, Dauer said the arrangement
gives him a better handle on possible terrorist threats on campus than
he previously had.
"We have a large Arab population between here and Dearborn that they are
concerned about, and a considerable international population on campus,"
Dauer said. "Having the detectives work with them helps us be more
proactive in terms of information. Without that, we'd probably have very
little information at all."
A similar arrangement has prompted controversy at the University of
Massachusetts at Amherst, where an FBI agent and a campus police
detective showed up at the office of an Iraqi-born economics professor
in November for an interview. The campus detective, Barry Flanders, was
assigned to the local FBI task force and was working on federal
terrorism investigations at least two days a week.
FBI officials and campus police said they were able to quickly discount
the anonymous tip that led to the interview, and professor M.J. Alhabeeb
told local media outlets that the meeting was brief and polite.
But the case prompted a wave of protests by students and faculty, who
argued that the arrangement gave the FBI the ability to intrude on the
privacy rights of foreign nationals. The local American Civil Liberties
Union has filed a Freedom of Information Act request demanding details
about the university's cooperation with the FBI.
"What we know about the FBI in the past is that it has engaged in a
whole set of activities against people because they didn't like the
views they expressed or the associations they had formed," said Dan
Clawson, a sociology professor at the University of Massachusetts who
helped arrange a faculty protest meeting on the topic. "It appears that
we are likely to go back to that time. . . . Universities should take a
principled stand saying we oppose these activities because they
interfere with the free exchange of information and ideas."
University of Massachusetts police chief Barbara O'Connor said the
modern FBI operates under tighter restrictions than it did decades ago.
Letting one of her officers work alongside the bureau is a sensible way
to guard against terrorist threats and to keep the campus involved in
federal probes, she said.
"I think we have a responsibility as a major university to contribute to
the safety of this region, despite the political pressure that's been
brought to bear," O'Connor said. "I understand people's concerns about
civil liberties, but this is part of making sure people aren't harming
citizens."
Sheldon E. Steinbach, general counsel for the American Council on
Education, said criticism of the FBI's heightened activity on U.S.
campuses is overblown.
"Much of the concern expressed at the moment is speculative and
anticipatory," he said. "It's ascribing sinister motives to the FBI
before anything remotely akin to that has been proven."
*****
News & Analysis: New Tools for Domestic Spying, and Qualms
By MICHAEL MOSS and FORD FESSENDEN
December 10, 2002
(Part 2 of 2)
*****
`It Smacks of Big Brother'
The Congressional inquiry's lingering criticism has added
impetus to a movement within government to equip terror
fighters with better computer technology. If humans missed
the clues, the reasoning goes, perhaps a computer will not.
Clearly, the F.B.I. is operating in the dark ages of
technology. For instance, when agents in San Diego want to
check out new leads, they walk across the street to the
Joint Terrorism Task Force offices, where suspect names
must be run through two dozen federal and local databases.
Using filters from the Navy's space warfare project,
Spawar, the agents are now dumping all that data into one
big computer so that with one mouse click they can find
everything from traffic fines to immigration law
violations. A test run is expected early next year. Similar
efforts to consolidate and share information are under way
in Baltimore; Seattle; St. Louis; Portland, Ore.; and
Norfolk, Va.
"It smacks of Big Brother, and I understand people's
concern," said William D. Gore, a special agent in charge
at the San Diego office. "But somehow I'd rather have the
F.B.I. have access to this data than some telemarketer who
is intent on ripping you off."
Civil libertarians worry that centralized data will be more
susceptible to theft. But they are scared even more by the
next step officials want to take: mining that data to
divine the next terrorist strike.
The Defense Department has embarked on a five-year effort
to create a superprogram called Total Information
Awareness, led by Adm. John M. Poindexter, who was national
security adviser in the Reagan administration. But as soon
as next year, the new Transportation Security
Administration hopes to begin using a more sophisticated
system of profiling airline passengers to identify
high-risk fliers. The system in place on Sept. 11, 2001,
flagged only a handful of unusual behaviors, like buying
one-way tickets with cash.
Like Admiral Poindexter, the transportation agency is
drawing from companies that help private industry better
market their products. Among them is the Acxiom Corporation
of Little Rock, Ark., whose tool, Personicx, sorts
consumers into 70 categories - like Group 16M, or "Aging
Upscale" - based on an array of financial data and
behavioral factors.
Experts on consumer profiling say law enforcement officials
face two big problems. Some commercial databases have high
error rates, and so little is known about terrorists that
it could be very difficult to distinguish them from other
people.
"The idea that data mining of some vast collection of
databases of consumer activity is going to deliver usable
alerts of terrorist activities is sheer credulity on a
massive scale," said Jason Catlett of the Junkbusters
Corporation, a privacy advocacy business. The data mining
companies, Mr. Catlett added, are "mostly selling good
old-fashioned snake oil."
Libraries and Scuba Schools
As it waits for the future, the F.B.I. is being pressed to
gather and share much more intelligence, and that has left
some potential informants uneasy and confused about their
legal rights and obligations.
Just how far the F.B.I. has gone is not clear. The Justice
Department told a House panel in June that it had used its
new antiterrorism powers in 40 instances to share terror
information from grand jury investigations with other
government authorities. It said it had twice handed over
terror leads from wiretaps.
But that was as far as Justice officials were willing to
go, declining to answer publicly most of the committee's
questions about terror-related inquiries. Civil
libertarians have sued under the Freedom of Information Act
to get the withheld information, including how often
prosecutors have used Section 215 of the 2001 antiterror
law to require bookstores or librarians to turn over patron
records.
The secrecy enshrouding the counterterrorism campaign runs
so deep that Section 215 makes it a crime for people merely
to divulge whether the F.B.I. has demanded their records,
deepening the mystery - and the uneasiness among groups
that could be required to turn over information they had
considered private.
"I've been on panel discussions since the Patriot Act, and
I don't think I've been to one without someone willing to
stand up and say, `Isn't the F.B.I. checking up on
everything we do?' " said John A. Danaher III, deputy
United States attorney in Connecticut.
Several weeks ago, the F.B.I. in Connecticut took the
unusual step of revealing information about an
investigation to dispute a newspaper report that it had
"bugged" the Hartford Public Library's computers.
Michael J. Wolf, the special agent in charge, said the
agency had taken only information from the hard drive of a
computer at the library that had been used to hack into a
California business. "The computer was never removed from
the library, nor was any software installed on this or any
other computer in the Hartford Public Library by the F.B.I.
to monitor computer use," Mr. Wolf said in a letter to The
Hartford Courant, which retracted its report.
Nevertheless, Connecticut librarians have been in an uproar
over the possibility that their computers with Internet
access would be monitored without their being able to say
anything. They have considered posting signs warning
patrons that the F.B.I. could be snooping on their
keystrokes.
"I want people to know under what legal provisions they are
living," said Louise Blalock, the chief librarian in
Hartford.
In Fairfield, the town librarian, Tom Geoffino, turned over
computer log-in sheets to the F.B.I. last January after
information emerged that some of the Sept. 11 hijackers had
visited the area, but he said he would demand a court order
before turning over anything else. Agents have not been
back asking for more, Mr. Geoffino said.
"We're not just librarians, we're Americans, and we want to
see the people who did this caught," he said. "But we also
have a role in protecting the institution and the attitudes
people have about it."
The F.B.I.'s interest in scuba divers began shortly before
Memorial Day, when United States officials received
information from Afghan war detainees that suggested an
interest in underwater attacks.
An F.B.I. spokesman said the agency would not confirm even
that it had sought any diver names, and would not say how
it might use any such information.
The owners of Reef Seekers say they had lots of reasons to
turn down the F.B.I. The name-gathering made little sense
to begin with, they say, because terrorists would need
training far beyond recreational scuba lessons. They also
worried that the new law would allow the F.B.I. to pass its
client records to other agencies.
When word of their revolt got around, said Bill Wright, one
of the owners, one man called Reef Seekers to applaud it,
saying, "My 15-year-old daughter has taken diving lessons,
and I don't want her records going to the F.B.I."
He was in a distinct minority, Mr. Wright said. Several
other callers said they hoped the shop would be the next
target of a terrorist bombing.
http://www.nytimes.com/2002/12/10/national/10PRIV.html?ex=1040539795&ei=1&en=f1d7ce390e76978a
*****
How to: Identify and Deal with Keystroke Loggers, Trojans and Backdoors
(basic)
*****
Keystroke Loggers
Keystroke loggers come in both hardware and software forms and are used
to capture and compile a record of everything you type and then make it
available, sometimes over e-mail or a Web site, to the agency or
individual snooping on you. Most keystroke loggers record the
application name, the time and date the application was opened, and the
keystrokes associated with that application. Keystroke loggers are
becoming more popular with law enforcement and employers because they
capture information literally as it is being typed--before any
encryption can take place - which gives them the access they want to
passphrases and other usually well-hidden information.
Hardware keystroke loggers are what they sound like - hardware devices
that attach to your keyboard and record data. These devices generally
look like a standard keyboard adapter, so they can be hard to spot
unless you are specifically looking for them. In order to retrieve data
from a hardware logger, the person who is doing the spying must regain
physical access to that piece of equipment. Hardware loggers work by
storing information in the actual device, and generally do not have the
ability to broadcast or send such information out over a network. To
take a look at two of the main products on the market (and to give you
an idea of what to look for), check out Key Katcher and Key Ghost.
KeyGhost also makes keyboards with the key logger built straight in,
which makes it much more difficult to spot. Note that because these are
hardware devices, KeyKatcher and KeyGhost will not be discovered by any
of the anti-spyware, anti-virus or desktop security programs. You must
visually scan the back of your computer where the keyboard is plugged in
to detect it's presence.
Software keystroke loggers are likely more prevalent because they can be
installed remotely (via a network, a piece of trojan software, or as
part of a virus), and don't require physical access to obtain keystroke
data (data is often emailed out from the machine periodically). Software
loggers often have the ability to obtain much more data as well, as they
are not limited by physical memory allocations in the same way. There
are hundreds of software keystroke-loggers out there - the best known is
Amecisco Invisible Keylogger Stealth. Other programs that perform these
functions include Spector, KeyKey Monitor, 007 STARR, Boss Everywhere,
and I-See-Ua. Check them out if you're interested in seeing how they
work, and what type of data they provide once installed.
We know for a fact that the FBI is using both hardware and software
loggers. In December, 2001 - there was a case in which the FBI put a
hardware keylogger on the machine of a member of an organized crime
family, without first obtaining a wiretap warrant. In that case the US
Supreme Court ruled that the FBI did not need a warrant in order to
record keystrokes on a target's machine. To read more about this case,
click here. For a software example, check out information about Magic
Lantern - developed as part of the FBI's Carnivore project - it is a
trojan/key-logger specifically aimed at gathering encryption key
information for transmission back to the FBI.
Detecting Keystroke Loggers
The only way to check for keystroke logging hardware is to familiarize
yourself with what it looks like and visually scan your machine on a
regular basis. Taking pictures of the inside and outside of your machine
when you get it is always a good idea, so you can compare if anything
seems to be out of place. For some specific ideas of what to look for,
check out the SpyCop page on this subject.
In combatting software loggers, you can also take a virtual snapshot of
the contents of your hard drive, as well as any alterations made by
programs to other files. You must make a new snapshot each time you
install new software or make system upgrades in order to keep it up to
date. As well, you should store that "snapshot" file off your computer
and in a private location so that it can't be altered by someone having
physical or remote access to your machine. Products that take system
snapshots include: Snapshot Spy Pro and ArkoSoft System Snapshot (for
windows boxes). Fcheck is one of the more trusted programs out there for
linux machines - we're hoping one of you out there can tell us whether
or not Fcheck runs on OSX as well.
There are a few programs out there specifically designed to detect
keystroke logging software. Two that have received good reviews are
Anti-keylogger and SpyCop. Neither of these programs are free, but
Anti-keylogger does have a demo version that allows you to scan your
machine for logging programs. We haven't been able to fully test either
of these softwares, since we aren't putting the money up to purchase
them. We currently don't know of *any* program that checks for Magic
Lantern (please email us if you know otherwise).
Trojans & Backdoors
Another software method an investigating agency may utilize is a trojan
carrying a backdoor program. A trojan is a program that looks innocent
but carries a dangerous payload, like the Trojan Horse of Greek
mythology. It may be disguised as a game or some other kind of
executable program, in the same way that viruses are often disguised.
(Need we remind you not to open up .exe files or other attachments
coming from folks you don't know?)
These trojans, once launched by the targeted user carry a backdoor
program (or maybe just a few lines of code that create a security hole
so a backdoor program to be installed later). A backdoor program allows
the intruder to access your computer whenever it's on the Internet. It's
a remote control, and usually a very thorough one with full access to
every facility and file on your computer.
It's obviously important to avoid getting a backdoor program inside your
computer. The best way is to use a competent virus protection program.
Most of these will stop trojans and backdoors getting through, unless
you are permanently connected to the Internet, in which case - you
should probably be looking at a good hardware or software firewall.
There's a free one that's easy to use called ZoneAlarm, available from
ZDNet. It's also recommended for users of regular modems who want to
improve their security.
If your machine behaves strangely and you think you've got a parasitic
backdoor (it's a bit like somebody else having a remote keyboard for the
same computer) manually unplug the phone/adsl line to break the
connection and get yourself a top virus protection program. Don't
reconnect that machine to the Internet (not even to collect email) until
you're sure it's clean.
***************************************************************
Security-news <security-news at resist.ca>
Good computer security is no substitute for good sense!
To sub or unsub - http://resist.ca/mailman/listinfo/security-news
***************************************************************
More information about the security-news
mailing list