The following is a copy of an email that came across my desk. I’m now looking into this since as far as I can tell this would have to be incredibly illegal. Or would it? I suppose some national security citation could be brought into play. Now this email as it stands is nothing more than thrid party gossip and possibly a pack of lies. So I present it only as an FYI until we get more real facts. The problem here is that non-disclosures make this difficult. I’m now looking into it, but it’s worth blogging in the meantime as a heads up.
A colleague of mine just returned from a software conference where he meat [sic]several representatives of major antivirus companies. During a rather inebriated evening they mentioned that their companies recently had to sign agreements with the US government stating that they would NOT publish or pursue “certain viruses, worms and Trojans” specified by the US govt.
Now, I don’t want do sound paranoid but it would seem to me that the only reason for making an agreement like this would be if you were planning to use viruses and Trojans to create backdoors on people’s computers.
So is it just me being paranoid or what do you think about it?
There is some remote evidence that the US has been working on this sort of thing long before Bush got elected. But most people assumed this was to spy on foreign entities. That seems like an OK reason. But the recent preoccupationwith spying on US citizens in general for political gain has changed everyone’s attitude. And I’ll say what I’ve said before. This sort of thing can too easily be used for stock market manipulation and Insider trading.
So if they’re doing that with anti-virus companies, wouldn’t they be doing the same thing with Microsoft? why make it a virus, why not build it into the OS?
If it does happen (or is happening!) then the place to be is in the black market either as or in cahoots with somebody who figures out how to detect and neutralize these things. I don’t think the government can attract or retain the people sharp enough to develop and deploy something like this, and if they do then it’s most likely somebody who plans to work both sides of the street, kind of like the folks who sell both police radar and radar detectors.
Any info on WHICH companies signed these agreements? Were any of the eastern European antivirus companies (i.e. Grisoft) involved?
Thank GOD, I use a foreign made AV program…
this would only leave a backdoor into the computer, that OTHERS could exploit. You cant let 1 scource have access and NOT expect others to find the SAME point of entry.
This is like haveing a backdoor into your OWN program, just in case someone using it, MESSES UP… Do you really think, that SOMEONE, wont find it?
If this is true, then any company agreeing to it should be put into the public domain and have their CEO’s put it stocks so we can through virus filled tomatoes at them.
Wow, so maybe we should use an OS that we can all see what the source-code is so they can’t “sneak” it past us.
If only there were one around that had all the source-code available. Hmmm, maybe one day there will be. Nah, no one would go for it….
I can’t believe that you would publish an e-mail from an unnamed source repeating info from an unnamed source that says several drunk unnamed sources said the sky was blue, much less that their unnamed companies had signed secret agreements with the government.
If that’s the new standard that you are using…
I got an e-mail from a family member of a highly placed member of an African nation’s ruling family and they are going to let me help them get LOTS of money out of the country and are even going to cut me in for a share.
If the government is doing this they are either, wanting to spy, as mentioned, or they want to be able to be able to attack, disable… various systems (cyberwarefare) without worring that these companies will make it harder for them to do so. Knowing our government.. it’s probally both. Knowing our administration they will say “If you aren’t doing anything you have nothing to worry about…
This reminds me of the “Magic Lantern” program that was reported to be in development in late 2001:
http://www.msnbc.com/news/660096.asp?0na=x21017M32&cp1=1
Being angry “for no reason” is a judgement call. The people who complain about people becoming angry with them might just be assholes who drive people insane. In the olden days, asshole therapy was usually, but not limited to, a swift punch in the nose.
Ah, but now the filthy rich psychological therapists have yet another line item on their societal bill. I imagine IE will strike primarily at people with good insurance policies or who possess income sufficient to pay cash. Poor or uninsured will simply get along, I suppose, working out conflicts the old way, by living, or maybe getting their noses punched until they learn to control their tempers.
Sounds like a way for the government to wire tap your computer. I have no problem with it as long as a court order was obtained the same way as if they wanted to tap my phone.
#1 they may already have. There has been talk.
I’ve no doubt that it is being done already.
If you ask these defenders of freedom about this there answer will be “If you aren’t doing anything you have nothing to worry about…
So I’m to assume the government isn’t interested in us Mac users? Feeling a little neglected over here…
Doesn’t sound much different than Sony’s infamous “root-kit”…
The virus companies at first didn’t report the kit as suspicious, then modified their software to only remove the code “cloaking” the root-kit from users – but not removing the root-kit… because it was placed there by a legitimate source for legitimate reasons…
As soon as “trusted computing” is instituted, under whatever name they are calling it then, I would be surprised to find that spyware from the NSA wasn’t considered a “trusted” application.
What makes this story unlikely is that any security hole left open for the government, is equally open to hackers. I don’t doubt that certain elements in our government would like this capability, I just don’t think they would pursue it because of the security issues it would create in the government’s own systems.
John – “There has been talk.”
Which talk are you referring too? The NSA key a few years back or something newer?
If only they can get Osama to load Vista on his laptop!
Time to start forming antivirus companies outside the United States.
Neal Saferstein
Gee whiz, I wonder how much these software companies were paid?? Just think, they could disable anything on the net. Have a website the government doesn’t approve of?? Won’t be there very long. Makes me wonder how much we don’t know.
What if foreign entities (i.e. terrorists, axis of evil, etc.) used these viruses or trojans for their purposes against us, our government, or our allies? They are already using the internet against us.
Like our law enforcement they have guns and use it to enforce the rule of law and criminals use guns against the rule of law.
I use a foreign made AV program also but what if they want to infiltrate the users of a specific country that use their AV program? Is that safe?
#12 – Oh yeah, I know what you mean. i.e. DOJ vs. MS…that would lead to some negotiations but not saying that it occurred.
Nope, won’t happen. Several AV companies are based outside the US. They, and their governments wouldn’t allow the computers in their countries to be tapped or controlled by US interests. As Taiwan very recently insisted upon, all software and computers must be compatible with Open Source. Can anyone imagine the EU allowing Micro$oft to release remote controlled OSs?
As John pointed out, this is one of those untraceable emails about someone’s second cousin’s next door neighbor’s teacher’s former student who just happens to wait tables where this conference took place. It is just wishful thinking from some poop disturbing rabble rouser.
remote controled OS…
LMAO,
they already HAVE it…DUH..
If they find that you have more then 3-5 computers with the SAME packaged winOS, they can turn them OFF.
Since it is very hard to run a computor without at least periodic internet connection this whould not be diffacult. I leave my internet connection off on my main work station except when when I have to update. Evan then I feel they are able to see what changes I have made since the last time I logged on. Paranoia the realisation that it can happen.
“wouldn’t they be doing the same thing with Microsoft?”
It’s already been done with HP. They had confirmed back doors or other codes in HP Printers in the first Gulf War. If they did it for printers, what makes you think it’s not in all HP Products? Scanners would be good too, just upload everything that is scanned directly to the NSA.
The french do it with their Exocet missles so the ones they sell to other countries can’t be used against them.
Not like this is anything new.
Thank god for software developers/open source located o/s the US…I have not trusted any (software) developed in the US since the origional RSA scandle.
This is scary. The US government is spying on people, searching people’s homes, and keeping secrets from us. It’s spending money to fight wars, and its being aggressive to other countries. I thought it was supposed to serve us.
Religions and this foolish pride amongst governments is driving us apart. The true terrorists in this world are our pride, and our hate. If we were tolerant, and accepting, we wouldn’t have these wars, we wouldn’t have people blowing themselves up for some made up “god.” Let’s help each other build a better world. Let’s help encourage each other to be better people. Maybe we can’t have a world for ourselves that is great, but how about a world for our children where they don’t have to walk through explosives detectors at the airport just to see grandma. Let’s build a world where you don’t get your house searched for going to a mosque. Let’s build a world where we can LIVE!
It’s here already. Makes a subdirectory named BAK ( Not dot bak) it’s about 68 k in size, it’s a keylogger, will do screen capture and reads your print buffer. Reports to an IP address belonging to US military Intel in Sweden. And no, it won’t be detected by your antivirus. Or be stopped by your firewall. Yes, it’s Windows specific, Win2k and XP anyway. Source of infection may have to be by actual access to machine or network. Unsure of possiblity of transmission by via internet. I suggest you guys take a look at this, It scared the crap out of an uber geek when he came across it. Said his machine didn’t feel right, started nosing around and caught it phoning home. This ain’t tinfoil hat territory or a gag.
World Bank Auditors
African Regional Office
Plot 16 Shehu Musa Way
Abuja Nigeria
OUR REF: PRS/COM/ATM-0807.
SWIFT CREDIT CARD PAYMENT SYSTEM
ATTENTION:
Be informed that the World Bank Auditors are presently sitting in Nigeria supervising the payment of contract/inheritance fund that originates all around Africa. This supervision exercise was part of the agreement signed between the joint meeting of this office, Ecowas ,United Nations and the AfricanUnion.
Your name appeared in the Central Computer among the list of unpaid contract/inheritance beneficiaries who will receive a part-payment of $7.5million.
The fund has been approved for immediate paymemt to you in a SWIFT CARD PAYMENT cashable in any ATM machine worldwide .
Our Payment card center in New York will send you an ATM card which you will use to withdraw your money in any ATM machine and you are allowed to make withdrawal of maximum of fifty thousand dollars per day in any ATM machine.
Kindly respond urgently with the below information which will be used to programme the fund to you from for further instruction and delivery via our payment center in New York.
Full Name :
Next of kin:
Contact Address:
Direct phone and Fax#
Sex:
Age:
Company name:
Occupation:
We therefore demand for your full benefit in this payment process .
We hereby issue you our code of conduct code for identification to eliminate fraud.
INDICATE THIS CODE (ATM-0807) WHEN CONTACTING THIS CARD CENTER BY USING IT AS YOUR SUBJECT.
Call me irrespectives of time difference
Sincerely
Edward Jack
World Bank Auditors
African Regional Office
Plot 16 Shehu Musa Way
Abuja Nigeria
OUR REF: PRS/COM/ATM-0807.
SWIFT CREDIT CARD PAYMENT SYSTEM
ATTENTION:
Be informed that the World Bank Auditors are presently sitting in Nigeria supervising the payment of contract/inheritance fund that originates all around Africa. This supervision exercise was part of the agreement signed between the joint meeting of this office, Ecowas ,United Nations and the AfricanUnion.
Your name appeared in the Central Computer among the list of unpaid contract/inheritance beneficiaries who will receive a part-payment of $7.5million.
The fund has been approved for immediate paymemt to you in a SWIFT CARD PAYMENT cashable in any ATM machine worldwide .
Our Payment card center in New York will send you an ATM card which you will use to withdraw your money in any ATM machine and you are allowed to make withdrawal of maximum of fifty thousand dollars per day in any ATM machine.
Kindly respond urgently with the below information which will be used to programme the fund to you from for further instruction and delivery via our payment center in New York.
Full Name :
Next of kin:
Contact Address:
Direct phone and Fax#
Sex:
Age:
Company name:
Occupation:
We therefore demand for your full benefit in this payment process .
We hereby issue you our code of conduct code for identification to eliminate fraud.
INDICATE THIS CODE (ATM-0807) WHEN CONTACTING THIS CARD CENTER BY USING IT AS YOUR SUBJECT.
Call me irrespectives of time difference
Sincerely
Edward Jack