Slashdot Mirror
Judge Demands Details Of FBI's Keylogger
wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."
Oops, wrong URL (points to a review). You can buy them here
And if you hide them inside the keyboard or inside the PC they are difficult to find.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
You assume a keyboard needs to be disconnected to be bugged. One post above mentions taking the case apart and finding five distinct little wires running from the internal board together to the outgoing line. There is space enough there, the post continues, to put a small circuit with five 'vampire lines' (ones with ends that you can poke through a normal line, thereby draining it enough to get its signals, without draining it so much that the signals don't go through largely unaltered) which said circuit then records the keystrokes for later retrieval. Once you screw the case back on, it's there pat, undetected, and unseen by any software.
The physical methods you mention for securing a computer while absent on the other hand are much more fascinating.
You can, in fact, make the whole thing provably secure by having your computer send constant image data to an off-shore server, where you have a second means of connecting to the server and ensuring that THE SERVER thinks there has never been any interruption in the broadcast, nor movement of any kind. [Needless to say, although perhaps I ought to anyhow, there is a secure connection between your computer and the server, which means that any man-in-the-middle attack would have to sniff out the session key from RAM, and you can't do that without getting physically near the machine, by which time it has seen you...or else noticed a lack of transmission.]Of course, you don't keep the passphrased private key on premises, and of course it's not in memory at the time that your computer is running in your absence. (There is, let us say a GPG'd/pgp'd partition that, when you get home, you expect to access by putting in your private key on disk, typing your passphrase, and thereby activating your 'secret' partition). If you have any reason to suspect your computer has been tampered with, then you simply remove the encrypted hard-drive and move it to a clean machine. You're a mafioso, you have plenty of new machines. Thereby, you circumvent any possible hardware and software pre-installed sniffers.
Does not work. It is not so difficult to attach this thing to a running computer without removing the keyboard. It takes steady hands, but at least my keyboard (Chery G80-3000) can be opened when the power is on. If you clip the wires on carefully, no detector in the computer it likely to register anything. Some small additional circuitry can even make a active (i.e. requiring to cut wires in the installation) device installable without any signal interruption.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Threat to national security, right.
Somewhere in the heavens... they are waiting.
On the very FIRST PAGE is this link to what appears to be what we're talking about.
3 Minutes, $80, how much did we pay for the FBI version?
-Ben
PS: Is it just me or has /. gotten SLOOOWW these past few weeks?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
This was mentioned on slashdot a year ago.
A company called Keyghost makes a small device that you place either inside a keyboard, or in between the keyboard and the computer that will log several kilobytes of keystrokes.
I would assume this is similar to the super secret technology that the FBI used.