The US Federal Bureau of Investigation is developing a computer program that can steal the passwords that suspected criminals use to lock encrypted messages, according to a source cited by MSNBC.
The 鈥淭rojan horse鈥 program, known as Magic Lantern, could be sent to a suspect attached to a seemingly innocent email message. After the program has installed itself using a known software bug, it would capture the passwords used to encrypt messages and send these to FBI officers.
Investigators might then be able to decrypt and read secret email messages. But some computer experts question how successful such a system would be.
Advertisement
Graham Cluley, an anti-virus researcher at Sophos, says that some anti-virus software may detect the program automatically. If not, the anti-virus software could easily be configured to catch the program, he says.
鈥淚t would be relatively trivial to write a detector for it鈥, Cluley told New Scientist. 鈥淪ome customers may ask for a fix for it.鈥
Key logging
In October, with a search warrant, the FBI manually installed key-logging software on a suspect鈥檚 computer system and captured encryption software passwords. These were used to decipher messages and gather evidence for an investigation into organised crime.
Magic Lantern would be one part of the FBI鈥檚 growing arsenal of computer eavesdropping tools. These include the software system known as Carnivore, which is capable of sifting through large volumes of emails for incriminating evidence. But Carnivore cannot crack encrypted messages.
Brian Gladman, a retired UK Ministry of Defence expert and a campaigner against government regulation of encryption, says that common encryption tools such as Pretty Good Privacy and GnuPG have forced the authorities to turn to such methods.
But Gladman also says that this new technique would go farther than anything the FBI has employed before. 鈥淓ntering a computer system is quite a different from passive eavesdropping,鈥 he says. 鈥淭his at least has to be highly regulated.鈥