Slashdot Mirror

ummm, according to the keyghost page it costs $139.

http://www.keyghost.com is an example of a tiny & cheap hardware logger.

• You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
• You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
• If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
• If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
• The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.

• readme.txt, also on the floppy image
• The source code for files on the floppy
• The tinfoilhat linux floppy image plus disk signature file Transfer this image to disk using rawrite (on windows) , dd on unix (dd if=tinfoil.img of=/dev/floppy ), or Diskcopy on a MAC.

• Q: Why doesn't the floppy I got at codecon match the signature above?
  A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
• Q: How do I undo that horrible screen in paranoid mode?
  A: Type "contrast" at the command prompt, or play with ctheme.
• Q: Is this really a 1.0 stable release?
  A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
• Q: What sort of hardware is required to run tinfoil hat?
  A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
• Q: where do I send complaints, bugs & feature requests?
  A: anonymous AT nameless DOT cultists.net
• Q: What is the license for this distribution?
  A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license. Obviously, other people's software in this distribution retain their original licenses.

• Aluminum foil deflector beanie from zapatopi
• The man in the Tinfoil Hat . A good example for people confused by the tinfoil hat reference.
• http://www.gnupg.org
• Joelm's comprehensive TEMPEST site.
• Tempest for Eliza A fun tool for observing the radiation from your computer. If anybody ports this to Direct FB, I'll put it on tinfoil hat in a flash.
• Diceware a tool for generating very secure passphrases.

I've actually seen similar products for sale at $99 in consumer electronics catalogs as a way to catch your kids surfing porn.

While I have not (yet) seen equivalent products for USB on the market, sniffing USB is even easier than PS/2.

Don't worry folks, the gov't will always be a two steps behind the techies..
until you grow up and work for em'
Oh well.

Another possibility is that it was a hardware key logger. Someone posted a link to a commercial device called the KeyGhost that plugs inline on your PS/2 cable and looks like your ordinary cable bump.

Oops, wrong URL (points to a review). You can buy them here

And if you hide them inside the keyboard or inside the PC they are difficult to find.

When's the last time you looked at your keyboard cable? Or noticed if your keyboard got a little cleaner, almost like new?

This was mentioned on slashdot a year ago.

A company called Keyghost makes a small device that you place either inside a keyboard, or in between the keyboard and the computer that will log several kilobytes of keystrokes.

I would assume this is similar to the super secret technology that the FBI used.

The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device.

They could have swapped the keyboard with an identical model that had a keyghost or similar device installed. I'm sure that at least 99 out of 100 people wouldn't be able to tell the difference, as long as the keyboard is less than ~6 months old, and doesn't have any identifying cracks/marks. By doing this, they would greatly reduce the time needed to install the device.

The device they probably used is available commercially at Keyghost When was the last time you checked how your keyboard is plugged in?

According to german computer magazine c't (11/2001), about any cordless device can be sniffed - not only logitech. They had an article in the last issue discussing exactly this. Maybe I'll translate it a little later...

Just a summary, now: Cordless devices tend to use a 8 or 16 bit key for identifying (and authenticating) the connection to the base station. So all you need to sniff the keystrokes is another receiver, this code and something actually logging the characters... (i.e. keyghost.)

Here is an example of why they worry about keyboards :).

This is probably what they used to bug his keyboard.

--

In case you ever have the legitimate need for logging keystrokes you can purchase a plug and play device at www.keyghost.com . This device connects between the keyboard and computer and looks like a small keyboard adapter. They also sell versions where the device is integrated inside a keyboard. It can later be unplugged, activated via a password and then replay the keystrokes.

I don't condone the use of such a tool, but people should be aware that this stuff is readily available.

regards,

Heiko

Who's next? As someone else has mentioned, it will be the UKUSA countries (US,UK,Canada,Australia,NZ). And it won't stop with a change of government. These alliances and treaties have been going for 50+ years now, I hardly think a change of govt in one of the member countries will affect a change in the SIGINT treaties. For example here in NZ, this change is coming in under the Labour govt, the least likely to implement it. National are far more likely to keep the alliance running smoothly, as they are the more conservative country when it comes to international politics.

As to the SIS being thugs? Yeah well thats true. But remember that everyone makes mistakes and that we only hear about their mistakes. We often don't hear when they are successful, for that would advertise sources etc that they have. And odds are it won't be the SIS going through the offending computer, but the GCSB. And they will be pretty smart. They trade places with other UKUSA orgs to learn tips and tricks and this includes rotational trips to the NSA. Odds are you won't notice them.

Do we need this legislation? Probably, as long as we have trusted people to supervise the proper use of the granted powers. Currently there is little protection against cracking into computers - I think you'd only get caught on wire fraud - so the law does need to be updated. Pedophiles and terrorists don't deserve the right to hide behind technology. OTOH individuals are entitled to protect their information and communication. We know this arguement, and I'm not going to bring it up here. We do need good oversight and clear reporting and control by elected officals though to ensure proper use of this tool should it be implemented.

Re ISP/Telcos role. Remember that NZ is a fantastic testbed for new technology. We currently have one of the largest VoIP installations in the world completed by Cisco (outside of CSCO itself). With the potential for VoIP, don't you think we would also make a great testbed for signal analysis testing of this new tech? Also, everyone knows that the Internet is an untrusted medium and should be treated as such, you should already assume that your ISP/Telco is logging and analysing your traffic. You'd be foolish not too, which means that the ISP/Telco role potentially changes little. Your traffic is travelling over a commercial service, and they have control. Don't like it? Get off our pipes, they'll say. Oh, and the Southern Cross Cable? Half owned by New Zealand Telecom, and a quarter owned each by Optus Cable and MCI Worldcom, it is going to carry a large amount of data between Australasia and North America. Odds are it will carry much of the South Pacific data. Of course they want to legalise access to this bandwidth.

It comes down to this. Use a firewall. Use special machines to access the net. Dumb them down. Remove the services that aren't required. Companies should completely segregate their trade secrets and critical info anyway, so the excuse of crackers using the proposed systems to perform industrial espionage just doesn't cut it. The corporate secrets shouldn't be on Internet connected machines anyway. This mirrors to individuals also. Keyboard loggers are an easy way to get around encryption, and we've got a product of our own which apparently has been very popular with the US TLA's - KeyGhost.

But most of all, ensure accountability and responsibility of the organisations involved. They better not criminalise the tools though - that would be going way too far.

Cheers
rediguana

there are press releases talking about this on the Hi/fn press release page.

how long, do you suppose, before someone makes a keyboard that ssh's (or use some equivalent measure to encrypt all traffic between the keyboard and computer) to the computer, so that the truly paranoid can feel a little less worried about someone planting a KeyGhost on a machine when they're not looking? or is that way too paranoid?

You might notice a new keyboard but would you notice a new PS/2 DIN extension cable?

No amount of welding will prevent someone from doing this. If you don't have a PS/2 DIN then it can just be a normal extension cord.

Funnily enough I just started reading 1984 last night. I think that the only thing George Orwell got wrong was that big brother made it obvious to everyone that they where being watched.