FBI issues warning on...

Story: FBI Issues Warning on Hotel Internet ConnectionsTotal Replies: 15
Author Content
HoTMetaL

May 15, 2012
3:42 AM EDT
This is serious stuff! This news could persuade me to switch to Linux!
notbob

May 15, 2012
10:00 AM EDT
I find it hilarious the FBI is issuing warning advisories while in the same breath demanding access to everyone's personal business. Like the FBI is above dwnlding some malicious malware on one's computer. Sure, pal.

nb
Bob_Robertson

May 15, 2012
10:42 AM EDT
Institutional Hypocrisy. Much like the NSA maintaining Security Enhanced Linux.

There are always people in such institutions who are good, decent, hard working individuals who care about, and are even motivated by, the actual good of the people who are taxed to support them.

Those are also very, very large bureaucracies. There will often be found contradictory departments, the "left hand" not knowing what the "right hand" is doing, etc. It's an attribute of bureaucracy itself, and a very good reason why firms can in fact get "too big" to be profitable.

Anyway, even Microsoft isn't all bad. The experience of DOS and Windows has caused people to assume that files can be shared, thus inspiring file and media standards that had not before existed as a motivation. There! I found one good result of Microsoft!
caitlyn

May 15, 2012
12:52 PM EDT
@notbob: I find the idea that the FBI would put malware on individual computers totally laughable and ridiculous. Why would they? What purpose would it serve? If the FBI does something questionable (like wanting to "wiretap" the Internet) it's to further some sort of investigation. Fortunately, in the U.S. we do have checks and balances on government intrusion and a free press. Both are powerful weapons in combating abuse.

@Bob_Robertson: SELinux is Open Source and part of the mainline kernel. The government uses Linux and there is nothing at all wrong (and a whole lot right) about them giving back to the community. If the NSA tried to put something nefarious into SELinux the fact that it's FOSS means that any of a large number of kernel hackers would catch it. I realize you don't trust government and see evil lurking in every government action, but, c'mon, SELinux code is out in the open. There is no hypocrisy involved at all and this is a good example of the NSA doing something that benefits the people.
Bob_Robertson

May 15, 2012
1:58 PM EDT
Caitlyn, you completely misunderstand me.

I asserted that SELinux is a good thing. So your telling me that it's a good thing is redundant.

The reason and purpose of the NSA is to capture and decrypt public and private communications, as per the National Security Letter that established the agency. To better secure private systems against even their own intrusion is, strictly speaking, "not their job" and by definition a case of institutional hypocrisy. Again, I didn't say it was a bad thing, I consider it a good case of institutional hypocrisy. An accidental benefit, in my opinion the result of good people trying to do good, in the right place and the right time.

Would that the Fed.Gov realized this and would swap wholesale to the use of SELinux systems instead of Windows, but oh well.

I also recall an "NSA_key" or something to that effect in the WindowsXP code that was leaked. Something like that would certainly fit the letter and intent of their charter.

The reason for the FBI to put malware on people's computers is well known: Keyloggers and who knows what else have been used many times to nab, or try to nab, nefarious characters. By definition those keyloggers, even if done for "good" reasons, are malware to the system's owners.

"I realize you don't trust government and see evil lurking in every government action, but, c'mon"

Technically speaking, since all government action is funded by theft, I would not have used the word "lurking". "Right out in front" would be a more accurate way to put it, if you're going to describe my opinion. I was, if you would please notice, trying to talk about good things.
jdixon

May 15, 2012
2:23 PM EDT
> I find the idea that the FBI would put malware on individual computers totally laughable and ridiculous. Why would they?

They can and have. It's the computer equivalent of a wiretap. From the Wikipedia article on keystoke logging:

In 2000, the FBI used a keystroke logger to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo.[15] Also in 2000, the FBI lured two suspected Russian cyber criminals to the US in an elaborate ruse, and captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects' computers in Russia in order to obtain evidence to prosecute them.[16]
caitlyn

May 15, 2012
3:15 PM EDT
Bob's line about "theft" is the old TOS violation and ideology sneaking in there again. Bob, I will call you on it every time. If it becomes egregious I will send an appropriate e-mail. I'll keep my ideology out of this if you keep yours out, OK? I somehow doubt than management will tolerate the old libertarian vs. socialist war of words rearing its ugly head again.

@jdixon, Bob_Robertson: I don't consider legitimate, legal, court sanctioned law enforcement activity to be "malware".
Khamul

May 15, 2012
3:25 PM EDT
So if Iran puts a keylogger on your system (which is fully legal, according to them, if it's sanctioned by the Iranian court system), it's "malware", but if the US Government puts a keylogger on your system, somehow it's not? I call BS on that one. "Malware" is a matter of perception, the perception of the user of that computer. There seems to be an implicit thread in your writings that the US government can do no wrong and all its actions are holy and sacrosanct.
caitlyn

May 15, 2012
3:30 PM EDT
Quoting:There seems to be an implicit thread in your writings that the US government can do no wrong and all its actions are holy and sacrosanct.
I call B.S. in the extreme on that one. You clearly haven't read my political writing. I can be harshly critical of US actions when it's appropriate.

What I see here is some people, yourself included Khamul, who enjoy gratuitous bashing of the US government. I don't like it and yes, I will keep calling people on it.

If the Iranian government puts a keylogger on my system in violation of US law then of course it is malware. If the US government puts a keylogger on my system after obtaining an appropriate court order then it isn't. If the US government puts a keylogger on an Iranian system in violation of Iranian law and absent a declaration of war or some sort of legal justification (i.e.: a court order of some sort) then of course that is malware.

Huge clue: I have been the subject of an FBI investigation. I was cleared. If they used a keylogger on my system with an appropriate court order I may not like it but they were certainly within their rights.
Bob_Robertson

May 15, 2012
3:38 PM EDT
Woops, duplicate. I beg the congresses pardon.
Bob_Robertson

May 15, 2012
3:39 PM EDT
"I may not like it but they were certainly within their rights."

Technically speaking, they were within their _powers_, not rights. Only individuals have rights in the US, govt agents and agencies have delegated or assumed powers.

It was not a TOS violation to correct the statement of my views that you made, unless you consider the statement you made to be a TOS violation.
Fettoosh

May 15, 2012
4:20 PM EDT
TOS, TOS, TOS, Here we go again. I like to get on it too but you guys need to be a bit more careful.



gus3

May 15, 2012
4:40 PM EDT
FetTOSh.
Khamul

May 15, 2012
4:40 PM EDT
If the Iranian government puts a keylogger on my system in violation of US law then of course it is malware.

What if the system in question is located in Tahiti? Is it still not-malware if the US does it? Because the above example was crossing national borders, it was about computers in Russia being hacked into by the USG.

And I'm sorry, "malware" is anything that goes against the wishes and best interests of the computer's user. It doesn't matter if the user is an out-and-out criminal, a keylogger on his system (even if being used in the best interest of society) isn't working to his benefit, it's working to his detriment, and that's the very definition of "malware". That doesn't mean it shouldn't be used in appropriate cases (e.g. suspected criminal located within US, being surveilled according to legally-obtained court order), but it's still malware.
jdixon

May 15, 2012
4:58 PM EDT
> I don't consider legitimate, legal, court sanctioned law enforcement activity to be "malware".

Then you're changing the definition of malware in midstream. Which is your prerogative, as long as you make it clear that's the definition you're using. It's not the one anyone else will be using.
caitlyn

May 15, 2012
11:16 PM EDT
OK, using your definition there are legitimate and proper uses for malware. There, is that better?

@Khamul: If the system was in Tahiti it would depend on French law and if the French government sanctioned the use of the keylogger.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!