FBI develops 'Trojan horse' software for better eavesdropping


By TED BRIDIS, Associated Press
Published 5:35 p.m. PST Wednesday, Nov. 21, 2001

WASHINGTON (AP) - The FBI is going to new lengths to eavesdrop, designing software to monitor computer use and urging phone companies to help make wiretaps more reliable. The FBI's "Magic Lantern" technology would allow investigators, via the Internet, to secretly install powerful software that records every keystroke on a person's computer, according to people familiar with the effort. The software is similar to "Trojan horse" programs already used by some hackers and corporate spies.

The FBI envisions using Magic Lantern, part of a broad FBI project called "Cyber Knight," to record the secret key a person might use to encrypt messages or computer files. The bureau has been largely frustrated in efforts to break open such messages by trying random combinations, and officials are increasingly concerned about their inability to read encrypted messages in criminal or terrorist investigations.  The FBI said in a statement Wednesday that it can not discuss details of its technical surveillance efforts, though it noted that "encryption can pose potentially insurmountable challenges to law enforcement when used in conjunction with communication or plans for executing serious terrorist and criminal acts."

The FBI added that its research is "always mindful of constitutional, privacy and commercial equities," and that its use of new technology can be challenged in court and in Congress. The FBI's existing monitoring technology, called the "Key Logger System," has required investigators to sneak into a target's home or business and attach the device to a computer. Magic Lantern could be installed over the Internet by tricking a person into opening an e-mail attachment or by exploiting the same weaknesses in popular software that allow hackers to break into computers. It's unclear whether Magic Lantern would transmit the keystrokes it records back to the FBI over the Internet or store the information to be seized later in a raid.

The existence of Magic Lantern was first disclosed by MSNBC.
"If they are using this kind of program, it would be a highly effective way to bypass any encryption problems," said James E. Gordon, who heads the information technology practice for Pinkerton Consulting and Investigations Inc. "Once they have the keys to the kingdom, they have complete access to anything that individual is doing." People familiar with the project, who spoke only on condition of anonymity, said the package is being developed at the FBI's electronic tools laboratory, the same outfit that built the bureau's "Carnivore" Internet surveillance technology.

    The former head of the lab, Donald M. Kerr, became head of the CIA's science and technology unit in August. Some experts said Magic Lantern raises important legal questions, such as whether the FBI would need a wiretap order from a judge to use it. The government has previously argued that the FBI can capture a person's computer keystrokes under the authority of a traditional search warrant, which involves less oversight by the courts. "It's an open question whether the covert installation of something on a computer without a physical entry requires a search warrant," said David Sobel, a lawyer with the Washington-based Electronic Privacy Information Center, a civil liberties group.

    Earlier this month the FBI urged some of the nation's largest telephone companies to change their networks so that investigators can reliably eavesdrop on conversations using new data technology.
At a conference Nov. 6 in Tucson, Ariz. - and in a 32-page follow-up letter sent about two weeks ago - the FBI told leading telecommunications officials that increasing use of Internet-style data technology to transmit voice calls is frustrating FBI wiretap efforts. Although Carnivore can be used to capture electronic messages, it can't record voice messages sent over data networks for a variety of technical reasons. The bureau's access to voice calls using traditional technology is guaranteed under the 1994 Communications Assistance to Law Enforcement Act, but it exempted "information services." The FBI said Wednesday it is not seeking to broaden the 1994 law to cover modern data technology; industry officials say the changes being sought by the FBI could take years to make.

    The FBI told companies that it will need access to voice calls sent over data networks "within a few hours" in some emergency situations, and that any interference caused by a wiretap "should not be perceptible" to avoid tipping off a person that his calls might be monitored.


Home