*************************************************************** Security-news A security bulletin for autonomous resistance movements Produced by the folks who bring you http://security.tao.ca *************************************************************** January 27th, 2003 A mish-mash of stuff this week.... We are need of people to write security how-to articles that would be of interest to the activist community - technical or non-technical - So if you have something you want to share, please send it to secure@resist.ca - Thanks! ********************************** Security-news: Issue #12 - Contents ********************************** * Security tip of the week: House Alarms vs. Motion-detecting Cameras * News & Analysis: FBI Taps Campus Police in Anti-Terror Operations * News & Analysis: New Tools for Domestic Spying, & Qualms (part 2 of 2) * How to: Identify and Deal with Keystroke Loggers, Trojans and Backdoors ***** Security Tip of the Week: House Alarms vs. Motion-detecting Cameras ***** A house (or infoshop space) alarm, once set off (either by accident or surrepitious entry) - may give police the right to enter your space to investigate a suspected break-in. Rather than trying to prevent surreptitious entry with an alarm system, a better strategy is to detect entry by using a well-concealed motion detecting camera. The preferable set-up is one which automatically emails or otherwise transmits an image of the intruder to you (which foils tape-switching or camera-removal strategies). ***** News & Analysis: FBI Taps Campus Police in Anti-Terror Operations Student, Faculty Groups Fear a Return of Spying Abuses Against Activists, Foreign Nationals By Dan Eggen Washington Post Staff Writer Saturday, January 25, 2003 ***** Federal authorities have begun enlisting campus police officers in the domestic war on terror, renewing fears among some faculty and student groups of overzealous FBI spying at colleges and universities that led to scandals in decades past. Since the Sept. 11, 2001, terrorist attacks, the FBI has strengthened or established working relationships with hundreds of campus police departments, in part to gain better access to insular communities of Middle Eastern students, government officials said. On at least a dozen campuses, the FBI has included collegiate police officers as members of local Joint Terrorism Task Forces, the regional entities that oversee counterterrorism investigations nationwide. Some officers have been given federal security clearance, which allows them access to classified information. Their supervisors often do not know which cases these officers are working on because details cannot be shared, officials said. The FBI and many campus police officers view the arrangements as a logical, effective way to help monitor potential terrorist threats and keep better tabs on the more than 200,000 foreign nationals studying in the United States. Several of the Sept. 11 hijackers were enrolled as students at American flight schools, and one entered the country on a student visa but never showed up at the school. "Campus law enforcement is starting to get a lot more recognition from the FBI and other federal agencies now, because they're realizing we do have police departments and we can play a vital role in stopping terrorism," said H. Scott Doner, police chief at Valdosta State University in Georgia and president of the International Association of Campus Law Enforcement Administrators. "Everybody's got to have their eyes and ears open to make sure something doesn't happen again." But the effort has touched a nerve among some faculty and student groups, as well as Muslim activists, who fear that the government is inching toward the kind of controversial spying tactics it used in the 1950s and 1960s. With few restrictions, the FBI at the time aggressively monitored, and often harassed, political groups, student activists and dissidents. Faculty leaders and administrators argue that U.S. colleges and universities are unique places devoted to the exchange of ideas, and that even the hint of surveillance by government authorities taints that environment. "This type of cooperation is perfectly valid if it's based on criminal activity, but the danger with the FBI is that it doesn't always limit itself to that," said Sarah Eltantawi, spokeswoman for the Muslim Public Affairs Council. "Given the FBI's history, there's a definite concern that they will go too far." Closer ties between the FBI and campus police are the latest example of the government's determination to keep better tabs on foreign students and faculty in the United States. The efforts have met resistance at many colleges, which are accustomed to a fair amount of independence from government scrutiny and which often are home to activists suspicious of the FBI. This month, the Immigration and Naturalization Service is launching a computerized tracking system for all foreign nationals studying in the United States, a program that was stalled for years, in part by university complaints. Some FBI field offices have also asked local universities and colleges for detailed lists of foreign students and faculty, prompting objections from academic groups and several U.S. senators. "There is a concern on the part of universities to balance on this tightrope in the post-September 11 world," said A. John Bramley, provost at the University of Vermont. "On the one hand, no one wants to do anything that is not entirely supportive of national security. On the other hand, universities are open places that want to encourage dialogue and diversity." Distrust of the FBI runs high among some faculty who remember the counterculture demonstrations of the 1960s. Under J. Edgar Hoover's 15-year COINTELPRO program, the bureau engaged in broad and questionable tactics aimed at monitoring and disrupting student activist groups. FBI agents infiltrated leftist antiwar and civil rights groups with informants, tapped into radio frequencies to disrupt protest plans, stole membership rolls and compiled dossiers on student political leaders. The FBI even produced bogus student newspapers, one conservative and one liberal, to spread inaccurate information and sow dissension among student groups. The COINTELPRO program was halted in 1971. The FBI has long had liaison relationships with police and security departments at some universities, particularly larger institutions with higher crime rates or heavy involvement in sensitive research areas, officials said. But the Sept. 11 attacks prompted the bureau to strengthen its links to local and state police departments, including those on college campuses. Precise numbers are not available, but FBI estimates and interviews with campus police administrators indicate that at least a dozen departments have assigned officers to play significant roles in FBI anti-terrorism task forces. The arrangements with the schools vary. At the University of Texas in Dallas, a campus police officer attends monthly task force meetings and is in regular communication with the FBI, but has not participated in active investigations, officials said. In Gainesville, Fla., a University of Florida officer is assigned to work full time alongside FBI agents and state police in terror investigations. At the University of Toledo, police chief John A. Dauer said that one full-time and one part-time officer are assigned to the FBI terrorism task force based in Cleveland. Although he is not privy to the details of his officers' work with federal agents, Dauer said the arrangement gives him a better handle on possible terrorist threats on campus than he previously had. "We have a large Arab population between here and Dearborn that they are concerned about, and a considerable international population on campus," Dauer said. "Having the detectives work with them helps us be more proactive in terms of information. Without that, we'd probably have very little information at all." A similar arrangement has prompted controversy at the University of Massachusetts at Amherst, where an FBI agent and a campus police detective showed up at the office of an Iraqi-born economics professor in November for an interview. The campus detective, Barry Flanders, was assigned to the local FBI task force and was working on federal terrorism investigations at least two days a week. FBI officials and campus police said they were able to quickly discount the anonymous tip that led to the interview, and professor M.J. Alhabeeb told local media outlets that the meeting was brief and polite. But the case prompted a wave of protests by students and faculty, who argued that the arrangement gave the FBI the ability to intrude on the privacy rights of foreign nationals. The local American Civil Liberties Union has filed a Freedom of Information Act request demanding details about the university's cooperation with the FBI. "What we know about the FBI in the past is that it has engaged in a whole set of activities against people because they didn't like the views they expressed or the associations they had formed," said Dan Clawson, a sociology professor at the University of Massachusetts who helped arrange a faculty protest meeting on the topic. "It appears that we are likely to go back to that time. . . . Universities should take a principled stand saying we oppose these activities because they interfere with the free exchange of information and ideas." University of Massachusetts police chief Barbara O'Connor said the modern FBI operates under tighter restrictions than it did decades ago. Letting one of her officers work alongside the bureau is a sensible way to guard against terrorist threats and to keep the campus involved in federal probes, she said. "I think we have a responsibility as a major university to contribute to the safety of this region, despite the political pressure that's been brought to bear," O'Connor said. "I understand people's concerns about civil liberties, but this is part of making sure people aren't harming citizens." Sheldon E. Steinbach, general counsel for the American Council on Education, said criticism of the FBI's heightened activity on U.S. campuses is overblown. "Much of the concern expressed at the moment is speculative and anticipatory," he said. "It's ascribing sinister motives to the FBI before anything remotely akin to that has been proven." ***** News & Analysis: New Tools for Domestic Spying, and Qualms By MICHAEL MOSS and FORD FESSENDEN December 10, 2002 (Part 2 of 2) ***** `It Smacks of Big Brother' The Congressional inquiry's lingering criticism has added impetus to a movement within government to equip terror fighters with better computer technology. If humans missed the clues, the reasoning goes, perhaps a computer will not. Clearly, the F.B.I. is operating in the dark ages of technology. For instance, when agents in San Diego want to check out new leads, they walk across the street to the Joint Terrorism Task Force offices, where suspect names must be run through two dozen federal and local databases. Using filters from the Navy's space warfare project, Spawar, the agents are now dumping all that data into one big computer so that with one mouse click they can find everything from traffic fines to immigration law violations. A test run is expected early next year. Similar efforts to consolidate and share information are under way in Baltimore; Seattle; St. Louis; Portland, Ore.; and Norfolk, Va. "It smacks of Big Brother, and I understand people's concern," said William D. Gore, a special agent in charge at the San Diego office. "But somehow I'd rather have the F.B.I. have access to this data than some telemarketer who is intent on ripping you off." Civil libertarians worry that centralized data will be more susceptible to theft. But they are scared even more by the next step officials want to take: mining that data to divine the next terrorist strike. The Defense Department has embarked on a five-year effort to create a superprogram called Total Information Awareness, led by Adm. John M. Poindexter, who was national security adviser in the Reagan administration. But as soon as next year, the new Transportation Security Administration hopes to begin using a more sophisticated system of profiling airline passengers to identify high-risk fliers. The system in place on Sept. 11, 2001, flagged only a handful of unusual behaviors, like buying one-way tickets with cash. Like Admiral Poindexter, the transportation agency is drawing from companies that help private industry better market their products. Among them is the Acxiom Corporation of Little Rock, Ark., whose tool, Personicx, sorts consumers into 70 categories - like Group 16M, or "Aging Upscale" - based on an array of financial data and behavioral factors. Experts on consumer profiling say law enforcement officials face two big problems. Some commercial databases have high error rates, and so little is known about terrorists that it could be very difficult to distinguish them from other people. "The idea that data mining of some vast collection of databases of consumer activity is going to deliver usable alerts of terrorist activities is sheer credulity on a massive scale," said Jason Catlett of the Junkbusters Corporation, a privacy advocacy business. The data mining companies, Mr. Catlett added, are "mostly selling good old-fashioned snake oil." Libraries and Scuba Schools As it waits for the future, the F.B.I. is being pressed to gather and share much more intelligence, and that has left some potential informants uneasy and confused about their legal rights and obligations. Just how far the F.B.I. has gone is not clear. The Justice Department told a House panel in June that it had used its new antiterrorism powers in 40 instances to share terror information from grand jury investigations with other government authorities. It said it had twice handed over terror leads from wiretaps. But that was as far as Justice officials were willing to go, declining to answer publicly most of the committee's questions about terror-related inquiries. Civil libertarians have sued under the Freedom of Information Act to get the withheld information, including how often prosecutors have used Section 215 of the 2001 antiterror law to require bookstores or librarians to turn over patron records. The secrecy enshrouding the counterterrorism campaign runs so deep that Section 215 makes it a crime for people merely to divulge whether the F.B.I. has demanded their records, deepening the mystery - and the uneasiness among groups that could be required to turn over information they had considered private. "I've been on panel discussions since the Patriot Act, and I don't think I've been to one without someone willing to stand up and say, `Isn't the F.B.I. checking up on everything we do?' " said John A. Danaher III, deputy United States attorney in Connecticut. Several weeks ago, the F.B.I. in Connecticut took the unusual step of revealing information about an investigation to dispute a newspaper report that it had "bugged" the Hartford Public Library's computers. Michael J. Wolf, the special agent in charge, said the agency had taken only information from the hard drive of a computer at the library that had been used to hack into a California business. "The computer was never removed from the library, nor was any software installed on this or any other computer in the Hartford Public Library by the F.B.I. to monitor computer use," Mr. Wolf said in a letter to The Hartford Courant, which retracted its report. Nevertheless, Connecticut librarians have been in an uproar over the possibility that their computers with Internet access would be monitored without their being able to say anything. They have considered posting signs warning patrons that the F.B.I. could be snooping on their keystrokes. "I want people to know under what legal provisions they are living," said Louise Blalock, the chief librarian in Hartford. In Fairfield, the town librarian, Tom Geoffino, turned over computer log-in sheets to the F.B.I. last January after information emerged that some of the Sept. 11 hijackers had visited the area, but he said he would demand a court order before turning over anything else. Agents have not been back asking for more, Mr. Geoffino said. "We're not just librarians, we're Americans, and we want to see the people who did this caught," he said. "But we also have a role in protecting the institution and the attitudes people have about it." The F.B.I.'s interest in scuba divers began shortly before Memorial Day, when United States officials received information from Afghan war detainees that suggested an interest in underwater attacks. An F.B.I. spokesman said the agency would not confirm even that it had sought any diver names, and would not say how it might use any such information. The owners of Reef Seekers say they had lots of reasons to turn down the F.B.I. The name-gathering made little sense to begin with, they say, because terrorists would need training far beyond recreational scuba lessons. They also worried that the new law would allow the F.B.I. to pass its client records to other agencies. When word of their revolt got around, said Bill Wright, one of the owners, one man called Reef Seekers to applaud it, saying, "My 15-year-old daughter has taken diving lessons, and I don't want her records going to the F.B.I." He was in a distinct minority, Mr. Wright said. Several other callers said they hoped the shop would be the next target of a terrorist bombing. http://www.nytimes.com/2002/12/10/national/10PRIV.html?ex=1040539795&ei=1&en=f1d7ce390e76978a ***** How to: Identify and Deal with Keystroke Loggers, Trojans and Backdoors (basic) ***** Keystroke Loggers Keystroke loggers come in both hardware and software forms and are used to capture and compile a record of everything you type and then make it available, sometimes over e-mail or a Web site, to the agency or individual snooping on you. Most keystroke loggers record the application name, the time and date the application was opened, and the keystrokes associated with that application. Keystroke loggers are becoming more popular with law enforcement and employers because they capture information literally as it is being typed--before any encryption can take place - which gives them the access they want to passphrases and other usually well-hidden information. Hardware keystroke loggers are what they sound like - hardware devices that attach to your keyboard and record data. These devices generally look like a standard keyboard adapter, so they can be hard to spot unless you are specifically looking for them. In order to retrieve data from a hardware logger, the person who is doing the spying must regain physical access to that piece of equipment. Hardware loggers work by storing information in the actual device, and generally do not have the ability to broadcast or send such information out over a network. To take a look at two of the main products on the market (and to give you an idea of what to look for), check out Key Katcher and Key Ghost. KeyGhost also makes keyboards with the key logger built straight in, which makes it much more difficult to spot. Note that because these are hardware devices, KeyKatcher and KeyGhost will not be discovered by any of the anti-spyware, anti-virus or desktop security programs. You must visually scan the back of your computer where the keyboard is plugged in to detect it's presence. Software keystroke loggers are likely more prevalent because they can be installed remotely (via a network, a piece of trojan software, or as part of a virus), and don't require physical access to obtain keystroke data (data is often emailed out from the machine periodically). Software loggers often have the ability to obtain much more data as well, as they are not limited by physical memory allocations in the same way. There are hundreds of software keystroke-loggers out there - the best known is Amecisco Invisible Keylogger Stealth. Other programs that perform these functions include Spector, KeyKey Monitor, 007 STARR, Boss Everywhere, and I-See-Ua. Check them out if you're interested in seeing how they work, and what type of data they provide once installed. We know for a fact that the FBI is using both hardware and software loggers. In December, 2001 - there was a case in which the FBI put a hardware keylogger on the machine of a member of an organized crime family, without first obtaining a wiretap warrant. In that case the US Supreme Court ruled that the FBI did not need a warrant in order to record keystrokes on a target's machine. To read more about this case, click here. For a software example, check out information about Magic Lantern - developed as part of the FBI's Carnivore project - it is a trojan/key-logger specifically aimed at gathering encryption key information for transmission back to the FBI. Detecting Keystroke Loggers The only way to check for keystroke logging hardware is to familiarize yourself with what it looks like and visually scan your machine on a regular basis. Taking pictures of the inside and outside of your machine when you get it is always a good idea, so you can compare if anything seems to be out of place. For some specific ideas of what to look for, check out the SpyCop page on this subject. In combatting software loggers, you can also take a virtual snapshot of the contents of your hard drive, as well as any alterations made by programs to other files. You must make a new snapshot each time you install new software or make system upgrades in order to keep it up to date. As well, you should store that "snapshot" file off your computer and in a private location so that it can't be altered by someone having physical or remote access to your machine. Products that take system snapshots include: Snapshot Spy Pro and ArkoSoft System Snapshot (for windows boxes). Fcheck is one of the more trusted programs out there for linux machines - we're hoping one of you out there can tell us whether or not Fcheck runs on OSX as well. There are a few programs out there specifically designed to detect keystroke logging software. Two that have received good reviews are Anti-keylogger and SpyCop. Neither of these programs are free, but Anti-keylogger does have a demo version that allows you to scan your machine for logging programs. We haven't been able to fully test either of these softwares, since we aren't putting the money up to purchase them. We currently don't know of *any* program that checks for Magic Lantern (please email us if you know otherwise). Trojans & Backdoors Another software method an investigating agency may utilize is a trojan carrying a backdoor program. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised. (Need we remind you not to open up .exe files or other attachments coming from folks you don't know?) These trojans, once launched by the targeted user carry a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the intruder to access your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer. It's obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through, unless you are permanently connected to the Internet, in which case - you should probably be looking at a good hardware or software firewall. There's a free one that's easy to use called ZoneAlarm, available from ZDNet. It's also recommended for users of regular modems who want to improve their security. If your machine behaves strangely and you think you've got a parasitic backdoor (it's a bit like somebody else having a remote keyboard for the same computer) manually unplug the phone/adsl line to break the connection and get yourself a top virus protection program. Don't reconnect that machine to the Internet (not even to collect email) until you're sure it's clean. *************************************************************** Security-news Good computer security is no substitute for good sense! To sub or unsub - http://resist.ca/mailman/listinfo/security-news ***************************************************************