Well, shucks. Thoguht it would be fun to actually answer your question,
but then noticed that Google isn't accepting applications for new researchers.
So it looks like you get a freebie:
Magic Lantern is a keystroke logger. It keeps a record of
every sequence of pressed keys on the targeted computer.
From
<a href="http://www.fcnl.org/issues/immigrant/sup/anti-terrorism.htm">statements<
/a>
made by various government officials,
the device seems to be a piece of hardware that is physically
installed in your computer (or perhaps in the keyboard):
".. to detect the presence of the Magic Lantern in some crevice
in your computer"
It has also been suggested that there is a software-only version
of Magic Lantern:
"...search and seize "encryption key related pass phrases from [a] computer by
installing a specialized computer program ..."
Like other wiretapping devices, the device can only be installed
with a warrant. Under the USA Patriot act, however, the FBI
does
<a href="http://www.fcnl.org/issues/immigrant/sup/anti-terrorism.htm">
not need to provide notification that it has searched your
computer until sometime afterwords.</a>
Is Magic Lantern a virus? Almost certainly not, under the classic
definition of a virus. Under wiretap law,
Agencies are only permitted to perform wiretapping
with a warrant that specifies the specific computer(s) that need to
be tapped; under some circumstances, the USA Patriot Act permits
them to tap a specific individual. However, a virus or worm would
be indiscriminate, and therefore illegal. It's much more likely
that the program is installed either by physically accessing the
targeted computer (for which search warrants have been issued
in the past), or by deliberately hacking into one user's computer,
or sending them a "trojan horse" that purports to be useful
software, but actually contains the logging payload.
If the logger is hardware, it's clearly detectable by examination,
though it may require a fairly sophisticated user to distinguish
it from components that actually belong in a computer. But you
could probably do it by photographing the inside of your computer
as soon as you purchased it, and comparing the photographs later.
If the logger is software, it's definitely detectable, <b>if</b>
the tools to do so exist. If the government were in collusion with,
say, Microsoft, or with the anti-virus companies (as has been
<a href="http://www.theregister.co.uk/content/55/23150.html">suggested
and strongly denied by McAffe and others</a>, then the tools would
not exist to detect magic lantern, and a user would have to write
their own. It's also possible to write programs that escape the
notice of these programs. That doesn't mean there's no way to
detect the programs, but it means that the casual user is vastly less
likely to do so. Viruses do this all the time, but once they've made
it out into the wild, anti-virus companies typically update their
software to detect them. With Magic-Latern type sofware, the
AV companies would be less likely to ever see the real software.
It's an arms race; there are always better detection and stealth
techniques that can be used. The FBI would most likely try to stay
ahead of 99% of the people out there, which would mean avoiding
detection by anti-virus programs. |