Pages: 1

Author Topic: Magic Lantern  (Read 182 times)

LYC

  • Pupae
  • **
  • Posts: 55
Magic Lantern
« on: June 08, 2010, 11:21:35 PM »
http://en.wikipedia.org/wiki/Magic_Lantern_%28software%29

I thought this was a rather interesting program that you may want to be aware of -- do you guys know of any other similar programs to this, and how to keep them off your computer?

marakov

  • Pupae
  • **
  • Posts: 74
Re: Magic Lantern
« Reply #1 on: June 09, 2010, 12:35:23 AM »
Yes we know of Magic Lantern (FBI) I think. Many of us are not from America so we do not worry but we have government problems too! Just like this! So we have ways to take care in danger of this.

1) Do not use Microsoft products
2) Use a popular Live CD for internet use
3) Keep properly encrypted archive for storage of files. Truecrypt or dm-crypt (with AES-256). With a long password of upper/lower case letters of numbers too and quotation/exclamation/expression/and more/ and no phrases.
2) Direct all internet packets through Tor
3) Only use HTTPS unless there is no choice. Get firefox and use Noscript plugin and Adblock plugin.
4) Make your initial connection to a Wifi router from long distance antenna to it so that you can use someone else internet connection then use Tor.
5) Do not give away details that identifying. You can say where you are from but do not say what city you are in. Do not say identifying things and more.
6) If you take photography of reaction then be sure to remove EXIF data from each picture. Use google to find EXIF data. Look for open source program. It is free and works not like fake pay program.
7) Be paranoid because you are chemist. Government are want to capture you because you top of food chain. They want to ruin you.
8) Tell no person what you do. Do not show them. No wife and no best friend. This is solitary work.
9) Love fellow bee or wasp because we only have each one of us and no person else.
10) Know that we are no perfect and can make mistake. Forgive for the science. The science must be first.

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Magic Lantern
« Reply #2 on: June 09, 2010, 01:22:55 AM »
Use Live CD for internet use - Not a thumb drive, computers could add code to that, unlike a CD, which is un-write-able. .
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Magic Lantern
« Reply #3 on: June 09, 2010, 01:55:37 AM »
Quote from: Vesp on June 09, 2010, 01:22:55 AM
Use Live CD for internet use - Not a thumb drive, computers could add code to that, unlike a CD, which is un-write-able. .


Excellent! And also enable BIOS write protection, so malicious spy code can't be written there.
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Magic Lantern
« Reply #4 on: June 09, 2010, 02:15:41 AM »
While many of us do not care, I am one of them - we still ought to work on creating a list of the many things to do to keep things secure and private.

I know there is a lot of good information out there, but I have never seen it all compiled together in a nice archive. I am no expert at it, but it does seem like one of the things that would be good to have.
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Magic Lantern
« Reply #5 on: June 11, 2010, 06:31:53 AM »
Marakov-
I agree with all your tips except for the one about Tor. Tor is very unsafe and makes it very easy for LEO to do MITM and sniffing attacks on the data sent through Tor. Instead of Tor I suggest good offshore VPN services like hxxp://perfect-privacy.com

Also, I suggest everybody use Keyscrambler (hxxp://www.qfxsoftware.com) to protect against keyloggers. Here is a key for the Professional Version:
alanmonick186@gmail.com
MLWWLTFJ7

marakov

  • Pupae
  • **
  • Posts: 74
Re: Magic Lantern
« Reply #6 on: June 11, 2010, 10:14:47 AM »
Quote from: TooCold on June 11, 2010, 06:31:53 AM
Marakov-
I agree with all your tips except for the one about Tor. Tor is very unsafe and makes it very easy for LEO to do MITM and sniffing attacks on the data sent through Tor. Instead of Tor I suggest good offshore VPN services like hxxp://perfect-privacy.com

Also, I suggest everybody use Keyscrambler (hxxp://www.qfxsoftware.com) to protect against keyloggers. Here is a key for the Professional Version:
alanmonick186@gmail.com
MLWWLTFJ7

You do not Tor and the why of Tor. Read the Tor site. If you use encryption of HTTPS/SSL with Tor and the certificate is a proper and not a Ettercap fake then Tor is secure for the reason Tor exist.

I disagree with Keyscrambler. I want to use program where I can read it has source code. GnuPG and Truecrypt and Dm-crypt are good progams where I can do that.

I agree with use the live cd and use the encrypted for storage.

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Magic Lantern
« Reply #7 on: June 12, 2010, 12:16:13 AM »
Yes, OpenSource programs are always better since you can read the source code, and know more about it then you can something that you can't read the source code too -- who knows what backdoors could be in that.
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Magic Lantern
« Reply #8 on: June 12, 2010, 05:48:03 PM »
Obviously open source software is preferable. However, that is no reason to dismiss every closed-source program. I'm sure you guys use other closed-source software. Keyscrambler is very reputable and has been independently tested and confirmed to contain no backdoors, trojans, or spyware. I don't have time to search for and post the organizatiosn that have tested it, but I researched them extensively before I started using them.  I have personally confirmed that keyscrambler does what it claims by testing it with keyloggers and I used wireshark to capture several hours of traffic on several different days and I can assure you that keyscrambler doesn't "phone-home" or anyone else. I am not advocating keyscrambler as some end all security measure merely as an addition to a collection of security software, like truecrypt etc.

Tor on the other hand is very insecure. SSL certificates can be spoofed with MITM attcaks. Also they can be stripped. Tor has been used in successful hacking attempts numerous times. Many documents on wikileaks were stolen using vulnerabilties in tor.  Plus with the amount of LEO using tor it is easy for them to take advantage of tor by sniffing exits nodes etc. Offshore VPNs that are OpenVPN are much safer. I realize that you must trust your VPN provider. But, there are many VPNS to choose from and one could switch VPNs often if one were so inclined.

Dongle

  • Larvae
  • *
  • Posts: 47
Re: Magic Lantern
« Reply #9 on: July 04, 2010, 12:32:24 AM »
Regarding LiveCDs, I'd recommend PuppyLinux because the *entire* installation is loaded into a RAM drive, so you have the benefit of speed and security as soon as the computer is switched off. If you choose to run a persistent partition, use a Linux distro that allows for an encryption of the entire partition - therefore, upon boot, you will have to enter the passphrase to boot the system. Within that you can keep a truecrypt container and use that to store sensitive files.

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Magic Lantern
« Reply #10 on: July 04, 2010, 12:48:32 AM »
I wonder if any *BSD versions are better to use? I.e something like OpenBSD w/ fluxbox + the few programs like firefox, etc that you'd need.

I could be wrong, but isn't FreeBSD and OpenBSD more secure at default than almost any other operating systems?
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

Warwick

  • Honky
  • Larvae
  • *
  • Posts: 17
Re: Magic Lantern
« Reply #11 on: July 04, 2010, 12:53:29 AM »
Quote from: Vesp on July 04, 2010, 12:48:32 AM
I could be wrong, but isn't FreeBSD and OpenBSD more secure at default than almost any other operating systems?

Yes its probably the case, I could be wrong also... I'll get that bioassay on paper then, thinigs may fair better.... haha

lugh

  • Global Moderator
  • Foundress Queen
  • *****
  • Posts: 876
Re: Magic Lantern
« Reply #12 on: July 28, 2010, 01:44:57 AM »
Quote
I thought this was a rather interesting program that you may want to be aware of -- do you guys know of any other similar programs to this, and how to keep them off your computer?

This software was used in Strike's case:

h**p://news.cnet.com/8301-10784_3-9741357-7.html

so those of us that were around when that happened are quite familiar with these law enforcement tools  ;)  The number one rule is to retain physical control of your computer(s)  ;)  Keylogger detectors can detect such software:

h**p://www.styopkin.com/keylogger_hunter.html

h**p://www.anti-keyloggers.com/

h**p://dewasoft.com/privacy/kldetector.htm

h**p://www.snoopfree.com/

h**p://psmantikeyloger.sourceforge.net/prod01.htm

h**p://www.maxsecuritylab.com/dataguard-anti-keylogger/download-anti-keyloger.php

These programs are simply law enforcement trojans, originally based on Back Orifice  :-X  Hey Man said this company produces the best keyloggers available:

h**p://www.amecisco.com/

8)

« Last Edit: July 28, 2010, 02:30:24 AM by lugh »
Chemistry is our Covalent Bond

Dongle

  • Larvae
  • *
  • Posts: 47
Re: Magic Lantern
« Reply #13 on: July 30, 2010, 01:51:20 AM »
Lugh, wait, are you saying that all those keylogger detectors are in fact trojans? Do you have a recommendation for a good detector?

Sedit

  • Global Moderator
  • Foundress Queen
  • *****
  • Posts: 2,099
Re: Magic Lantern
« Reply #14 on: July 30, 2010, 03:09:21 AM »
Many keylogers are simular to trojens since most of the time you don't know its there. Its not good for you if someone puts one in your system without you knowing it because it could cause you a world of hurt. Morpheous(any yall know about this bot from back in the day?)use to have a great keylogger I liked alot. It wasn't appearing to have any back doors you yourself didnt setup and if you wished to have anyones information it was easy to place it on someones computer. I would have to say though 99% of the time you do not want a keylogger in your system.

However I want one for my computer right now because I dont trust whats going on when im not here so can anyone suggest an open source one for me?
There once were some bees and you took all there stuff!
You pissed off the wasp now enough is enough!!!

lugh

  • Global Moderator
  • Foundress Queen
  • *****
  • Posts: 876
Re: Magic Lantern
« Reply #15 on: July 30, 2010, 04:04:36 AM »
Hey Man said that the Invisible Keylogger Stealth was the best keylogger available, he's always been right in these matters before  ;) He installed it on his computer so as to understand exactly what a keylogger does  :P  Source Forge has a list of keyloggers which would be open source:

h**p://sourceforge.net/search/?type_of_search=soft&words=keylogger

Quote
Lugh, wait, are you saying that all those keylogger detectors are in fact trojans?

those were keylogger detectors that were posted upthread, that's what most people are interested in doing  ;D  Almost all trojans have a keylogger included, one of the first ones was Back Orifice and the code was reverse engineered to create Magic Lantern by a well known con man who decided to make law enforcement his marks ::)  This type of software is rather daunting but can be dealt with using counter measures such as those mentioned in this thread   :)  Physical control of the computer is the first priority, then real time registry protection  8)
« Last Edit: July 30, 2010, 04:15:22 AM by lugh »
Chemistry is our Covalent Bond
Pages: 1