DEA key logger docs in Ecstasy drug case posted online [priv]

[Declan McCullagh <declan () well com>]

I've placed two relevant documents from the DEA key logger use here:
http://politechbot.com/docs/forrester.alba.dea.investigation.report.070907.pdf
http://politechbot.com/docs/forrester.alba.dea.key.logger.070907.pdf

I remember writing this article for Wired in 2001 about how one 
antivirus company reportedly contacted the FBI and pledged not to detect 
malicious fedware:
http://www.wired.com/politics/law/news/2001/11/48648

It seems that spyware and key loggers are far more advanced and 
commonplace today than they were six years ago, as are anti-spyware 
tools. I wonder if the FBI could seek a court order requiring an 
anti-spyware company not to report fedware (as in, fedware would be 
whitelisted if detected and the customer would not be alerted).

Anyone worried about this could always run free software, where the risk 
to a user would be lower. (Yes, I know, the compiler could be 
compromised or a clever and subtle backdoor in the source not detected, 
but it's still less risky if that's the threat model.)

Previous Politech message:
http://www.politechbot.com/2007/07/11/dea-key-logger/

-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)