Sophos voices concern about FBI's Magic Lantern e-bug

Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is today reassuring its customers that it has not been asked to allow the alleged FBI Trojan horse - codenamed Magic Lantern - slip past undetected. Sophos believes that using 'e-bugs' to spy on suspected criminals and terrorists is fraught with dangers, as there is no way of ensuring that the code will not be adapted by its recipients for illegal use.

"Malicious code is malicious code," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "There's no reason why organisations targeted by Magic Lantern could not write a variant of the e-bug for their own use. Before we know it, we'll all be spied on by every Tom, Dick and Harry - the FBI could even become a victim of its own code!"

Sophos also doubts whether the concept of Magic Lantern could ever work as a successful way of observing suspected criminal and terrorist activity.

"If a customer suspects they may be under surveillance and sends a Trojan horse to us, we're going to provide protection against it," continued Cluley. "We have no way of knowing if it was written by the FBI and, even if we did, we wouldn't know whether it was being used by the FBI or if it had been commandeered by a third party wishing to spy on our customer - it's a totally unworkable situation."

Following media stories that other anti-virus vendors would overlook the Trojan horse if asked to do so by the FBI, Sophos has received many enquiries from customers concerned Sophos may deliberately compromise the quality of its malware detection.

Sophos would like to reassure customers that it has not been asked to turn off detection of any viruses, worms or Trojan horses by any intelligence agency around the world and continues to believe that detection of all such malware is important to our users.


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.