Magic Lantern is keystroke logging software developed by the United States’ Federal Bureau of Investigation. Variously described as a virus and a Trojan horse, it can be installed remotely, via an e-mail attachment or by exploiting common operating system vulnerabilities. It’s unclear whether Magic Lantern would transmit keystrokes it records back to the FBI over the Internet or store the information to be seized later in a raid.
The FBI intends to deploy Magic Lantern in the form of an e-mail attachment. When the attachment is opened, it installs a trojan horse on the suspect’s computer. The trojan horse is activated when the suspect uses PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.
Magic Lantern could be installed over the Internet by tricking a person into double-clicking an e-mail attachment or by exploiting some of the same weaknesses in popular commercial software that allow hackers to break into computers.
Co-operation by Antivirus Vendors
Magic Lantern was first reported in a column by Bob Sullivan of MSNBC on 20 November 2001 and by Ted Bridis of the Associated Press.
Bridis reported that Network Associates (maker of McAfee anti-virus products), had contacted the FBI following the press reports about Magic Lantern to ensure their anti-virus software would not detect the program. While Network Associates issued a denial, the public disclosure of the existence of Magic Lantern sparked a debate as to whether anti-virus companies could or should detect the FBI’s keystroke logger.
This infographic by MobiStealth looks at how the Magic Lantern progressed over time, and precisely what the rootkit can help steal from a target’s system: