I’ve been listening to a lot of boasting from football fans lately. I’ve also been listening to a lot of excuses being made after the boasting fell short of its mark. You see, football is all about coming up with a good plan and working the plan. If the plan is good and it’s implemented to perfection then you’ve got a win. A lot of coaches can come up with winning plans but when going head to head only one of the two teams is going to win, regardless of how well both sides plan.
It all boils down to the implementation of the plan. Even a poor plan can result in a win given good implementation if the otherside fails to implement their plan properly. Planning is only half of it. Remember that.
Now let’s look at what this has to do with IT security software firms cooperating with the FBI and their Magic Lantern program. From what I’m understanding, Magic Lantern is a way for the FBI to covertly plant keylogging software on a suspect’s computer without ever physically entering the suspects location of operation. The keylogging software is used to grab passphrases used with encryption software the suspect may be using on his computer. This software isn’t new, building into it the ability to covertly install it over the internet is. This could well be one of the promised uses of viruses for the “good” of mankind.
But wait a minute. Even if it is a virus for the good of mankind, the bad guys aren’t going to view it as such. Are they? So off go the bad boys to the local Software, Etc. to purchase anti-virus software from McAfee and Symantec. This is some good software and it should catch those virii before they can do their damage. Won’t they? Well, they should and this should pose as a stumbling block for the FBI because even though those G-men are just as clever as the hackers they are sometimes after in building a virus or a trojan horse to install their keylogger software, as soon as the exploit they have found becomes known McAfee and Symantec owe it to their customers to close that hole and detect that virus.
At least one would think so.
Symantec’s chief researcher, Eric Chien, says:
“If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it – we wouldn’t detect it,” said Chien. “However we would detect modified versions that might be used by hackers.”
That’s their plan. Of course, Nebraska really planned to beat Colorado last week, too. The problem is I see no guarantee that Symantec can successfully implement their above stated plan. There are going to be clever hackers who are going to be able to figure out how to present themselves as FBI approved software. What is Symantec’s plan then?
Just something to think about.