December 18, 2000


sfbg.com

 

Quick Clicks


PROMOS| PERSONALS| CLASSIFIEDS | MOVIE CLUB | SEARCH
MOVIE CLOCK | REP CLOCK

Directing traffic
A look at the FBI's computer surveillance scheme.

By A.C. Thompson

FROM A CLUTTERED warehouse on Third Street in San Francisco, Rudy Rucker Jr. runs Monkeybrains.net, a tiny dial-up Internet service provider and Web-hosting service – and on Nov. 25 his servers were moving at a seriously sluggish pace. "My first thought was, 'This sucks, my mail's not going fast enough,' " Rucker Jr. tells me.

Some quick detective work revealed that a worm called Badtrans was transmitting data stolen from more than 100,000 computers to an address at IJustGotFired.com, a Web site Rucker Jr. hosts. The Badtrans traffic – 100 e-mails a minute – was the source of the slowdown. He promptly disabled the account.

Hacker attacks are old news. What's fascinating about Rucker Jr.'s run-in with Badtrans is that it offers a glimpse at the kind of personal information the Federal Bureau of Investigation has publicly acknowledged it intends to collect. And it has thrust Rucker Jr., the son of acclaimed sci-fi author Rudy Rucker, into a cyber-standoff with the FBI.

Badtrans seems to be similar to an FBI project dubbed Magic Lantern, a new "spy virus" first revealed in news reports by MSNBC on Nov. 20 (see "Wartime Profiteers of the Digital Age," page 22). Magic Lantern, reportedly, can record every keystroke a suspect makes and then transmit the information – e-mail messages, passwords, what Web sites the suspect has visited, etc. – back to the bureau.

The Badtrans worm is "almost exactly like Magic Lantern," security consultant and software designer Jesse Burns says. Like Magic Lantern, Badtrans logs keystrokes and funnels the data back to the worm's creator. In this case the info was routed to 22 e-mail addresses, mostly free Yahoo! and Excite accounts. Experts at tech security firm Symantec labeled Badtrans a worst-case hacker attack – a level-four threat – and quickly posted an antidote to the virus.

The massive flow of Badtrans bytes to Rucker Jr.'s servers caught the eye of the FBI's computer crimes unit, and on Dec. 3 an agent gave him a ring. "I helped them with some information," Rucker Jr. says. "I gave them information I thought might be pertinent to catching the people who were victimizing my server."

But the bureau wanted something else. "They asked me if I could store the data [harvested by the worm] for them and burn it on a CD-ROM," he says. Rucker Jr. balked. "The data I have is juicy. It's good for Big Brother surveillance, but it's not going to help them solve their case." So he stalled, telling the agents to mail a written request for the material.

Rucker Jr. shows me e-mail correspondence with David Freyman of the FBI's National Infrastructure Protection Center in Newark, N.J., that seems to back up his story. "Thanks for the update on the saving [of] the information," a Dec. 12 message from Freyman reads. Contacted by the Bay Guardian, Freyman declined to comment on the probe.

Rucker Jr. says he won't give up the info, now up to 303,000 messages, or two gigabytes, without a court order. "If a judge tells me to release it, I'll hand it over. I'm not going to jail over this."

Seth Schoen is a staff technologist at the Electronic Frontier Foundation, a digital civil liberties group that often butts heads with the federal government. Schoen figures the FBI may have valid reasons for requesting the data Rucker Jr. is holding. "Presumably it will help their investigation – if they want to know who is being victimized and what kind of information is being collected," Schoen says.

However, Schoen is skeptical of the FBI's Magic Lantern scheme. He says the bureau may find it difficult to target specific – suspect – computers. "It's very tricky to collect information on one individual," Schoen tells me.

On a computer monitor in his bedroom-office, Rucker Jr. gives me a look at some of the stuff gathered by Badtrans – and, at least theoretically, by Magic Lantern. I check out some e-mail missives, searching on the word "anarchy." Sixty-six messages pop up. One is by a high school student who started an "anarchy club." Another is by a guy who thinks anarchy is a variant of satanism.

Next I scroll through a few hundred Web site urls. I can see who's been surfing for porn (blowyourload.com, yourpenis.com, iloveporno.com), who's been applying for loans (freddiemac.com, equityloansnow.com), who's been looking for jobs (fairfieldcountyjobs.com, museumjobs.com).

I can see why the feds would be enamored with this kind of technology: in terms of surveillance, this program makes phone-tapping look like a laughable anachronism. It also gives me the very creepy feeling of reading someone's diary. Scratch that – it's more like having access to the diaries of thousands of people.

"My instinct says not to give this information to the FBI," Rucker Jr. muses. "Thinking that Big Brother is right all the time is bad for our country, it's bad for people's rights, it's bad for people who want to live in little hellholes like this running their own computer companies."

E-mail A.C. Thompson at ac_thompson@sfbg.com.