Slashdot Mirror
Judge Demands Details Of FBI's Keylogger
wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."
It occurs that a simple measure against a keylogger is to run a program which continuously polls the keyboard, making note of any occasion during which the keyboard is unavailable (or during which the computer has not been functioning, meaning it's been turned off), and which gives alarm to the user just before he begins work after having gone for some time. (Detection of this absence could be automated with a cheap fuzzy vision system that only checks for warmth in front of the monitor, and for motion indicative of a human and not a cat or very warm chair).
The electricity bill from leaving a computer on all the time (as would be necessary), and the cost of a reliable uninterruptable power system, would be a small price to pay in such cases where the owner has reason to worry about spying and the implantation of such sneaky devices.
The aim generally would be to make the computer an integrated, always-functioning system that "knows" when oddities occur, such as being turned off, or losing the keyboard, or being moved more than a few millimeters, or anything else that could be interpreted as tampering (when the authorized user is absent, obviously).
Naturally, this measure works against hardware spying only. Software spying is another matter, but the hardware is the first and most important line of defense.
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
Typical for the FBI to think they know more than everybody else does.
A hardware keylogger can be implemented by a student of electrical engineering or any gifted amateur in perhaps a week or so. Typically a PIC microcontroller would be used together with an external serial EEPROM. With e.g. 64KByte EEPROM this would cost about 10 Euro per device and be the size of a sugar cube. The programmer hardware would cost an additional 10 Euro, software is available for free. Larger EEPROMs require a bit more work (maybe an additional day), and are physically larger (2 sugar cubes). Price would be an additional 15 Euro for e.g. 512Kbyte.
And if you don't know how to build your own, you can buy them here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Since a keyboard scans all keys several times per second it generates a signal on a certain wavelength that can be picked up with a radio (try holding your shortwave radio near the keyboard with the monitor switched off). Analysis of this signal allows people sitting in a van outside your house to know what you're typing due to the interruptions in the 'buzzing' signal normally received, which only happens when keys are pressed. The time from the start of the scen identifies which key is pressed.
Its all very clever.
Weevil
ghaa.
According to the Wired article yesterday:
This would be impossible (or at least highly improbable) with a hardware device. With software, however, it could be done - log everything until you see PGP running and a passphrase being entered. Then stop logging.
I have a hunch it's software, not hardware, for another reason.
This whole case revolves around whether the FBI "placed a bug" (i.e. wiretapped) or not. "Bug" has traditionally meant a hardware device, which does not appear to be covered by the warrant. (If they had a warrant to place a bug, the defence wouldn't be arguing otherwise).
Even the most kl00less n00b of a judge would be able to see that a Keyghost or other hardware-based key-logging device is fundamentally the same as a microphone. One logs keystrokes. The other records voice. If the warrant didn't authorize the placement of an audio bug, it probably didn't authorize placement of a keylogging bug.
But if it's software, the Feebs can argue "Hey, it's not a device, it's just ones and zeroes on his hard drive. We left nothing, we just tweaked some magnetic lines of flux on a spinning piece of metal."
The funny part is that this is the same FBI whose lawyers are arguing (eg. DeCSS, Sklyarov, etc.) that even source code can be a "circumvention device". I guess code is a "device" when it serves the FBI's purpose, and "not-a-device" when it... well, serves the FBI's purpose.
The sad part is that it's going to take a pretty enclued judge to figure out that if DeCSS is a "device" for circumventing protection, then a keylogger -- even if it's just software -- is just as much a "device" for conducting a wiretap of the line between a keyboard and a computer.
Finally, doing it in software enables them to turn the logging off after they capture the PGP passphrase. I speculate that they realized they were treading on the outer fringes of what they could legally do under this warrant, and wanted to be able to make at least some claim that they minimized the amount of data to be captured.
All of this leads me to believe it was a software device, not a piece of hardware. "If we can't get a warrant to place a wiretap, let's do it with software, and then if the defence argues otherwise, we might at least have a shot at convincing the judge that software isn't a "bug" because it's made of bits, not atoms, and the wiretap law was written when the only technologies for wiretapping required atoms."
(The obvious argument for the defence: "In that case, Your Honor, we submit that the instant the software ran on the defendant's computer, the FBI had effectively installed a bug. Instead of it being the cute little ones you read about in Tom Clancy novels, it was a full-tower 1G Athlon bug. But it was still a bug.")
That said -- let's have an open mind. Maybe they're doing something more advanced than installing a Keyghost. Maybe they're using a new way of installing software known only to the 'l33t d00dz in the intelligence community.
Finally, maybe the technology is also in place now on real threats, and the bugs - hardware or software - weren't planted by "cops operating with a warrant", but by intelligence agents (or double agents), whose lives would be jeopardized by their targets' acquiring the knowledge to detect these bugs.
As much as I mistrust the FBI, if any of those scenarios is true (and they're all plausible), it doesn't matter how weak the FBI's case is in the case of this mobster, the tech should remain under wraps.
i remember watching a segment on discovery channel a couple years back about an experimental key logger. basically with standard keyboard, everytime you press a key you create a small EMP. using the hardware they had they could detect which key was pressed from several feet away and even through a wall. im sure the technology is much more refined and mature today.
It sounds to me like they just gave the judge a bunch of keycodes, and the judge doesn't understand how to go from keycodes to keys.
Once the FBI gives the judge a table of keycodes -> keys, I suspect the judge's "gobbledegook" comment will be answered. Now, the question is, will the judge accept the keystroke recorder as a part of a valid search warrent, or will the judge interpret the device to be a "listening device".
Remember, the whole danger of this device is not that it exists, it is that the FBI went in on a search warrent, and left a listening device behind which should require a wiretap order.
www.eFax.com are spammers
most likely. The FBI probably doesn't want to admit in open court that some guy walked a couple of blocks away to "Spys-R-Us" and bought an off-the-shelf keyboard logger at 5 X retail price. It would be laughable if they weren't dead serious to hide this....
The Government's penchant to hide everthing they do from the citizenry is insidious. How about requiring the President to personally sign each and every individual page of every single "National Security" classified document. That would certainly help cut down this effrontery of abuse, eventually. Classification by default is an insult to the intelligence and political franchise of the American people!
When are people going to get angry about being lied to and abused in the name of holy national security? The Cold War has been over for a long time now. Is this a police state or a republic? Can anyone tell the difference anymore? Please tell me; I really do care.
Step #1, Dvorak:
.. doesn't use any kind of adapter they have ever seen.
This would really annoy someone. At first glance, someone will say "this device just recorded garbage!". Of course, anyone who really wanted you bad would pass some statistical analysis through it, so if you suspect you are being tracked, do a lot of perl programming. The prevalence of %!(!@%$(!@*% will throw off the %'s
Step #2, USB!
Glad to use an Apple G4 at the moment (OS X!). Keyghost says:
* (MacOS & USB keyboards not currently supported).
Keep this in mind, though I'm sure it will be rectified in the near future. Of course, they could just stick a convertor behind your machine and hope you don't notice -- so buy a machine without a PS/2 or AT keyboard port.
Step #3, Kinesis
They sell a cute KeyGhost Security Keyboard, that looks like a natural keyboard of sorts. Insist on a Kinesis keyboard at work! Not only are these great keyboards, but when your boss (or FBI at home) see the keyboard, they will really say to themselves.. "huh?".
That, and you can get the QD model like I do with the dual dvorak/qwerty caps just to mess with their heads more.
Step #4, Run a less popular OS & Architecture
This one is primarily for software key loggers. If your in trouble with the law, the best way to play with them is to work harder. Like for firewalls, one of the best ways to keep yourself a little more secure is to use a less-common OS & architecture.
If you say, use a Sun Ultra at home (without USB), running preferably solaris, but insert any OS here. I'm sure they will have some choice swear words when they see that your mouse plugs into your keyboard, and your keyboard
That and, I'd be likely to say that they don't run into many Sun workstations to sniff via software either, but feel free to run NetBSD on your Sun just to make them recompile it anyways.
I myself ran on a Sun Ultra 10 at home till I sold it for this dual G4. They can be somewhat palatable workstations.
Step #5, serial:
If you really want to mess with their heads, set the machine up to have video output, but take serial input. Get an old dumb terminal out, put it on the other side of the desk, and pump in some text.
When they come in a few weeks later and wonder why the keyboard plugged into your PS/2 port didn't log anything, they may wonder what the heck is going on.
And somehow I doubt they've got a nise Wyse compatible keyboard logger anyways.
Enough silly ideas, time to go back to sleep.
Basically, tempest eavesdroppers exploit the electromagnetic radiation generated by things like your monitor, UTP Ethernet, serial cables... in some cases the radiation thrown into the shortwave band is broadcast fairly significant distances... also advanced techniques -- such as irraditing a building with a certain frequency of electromagnetic radition -- prove that it's been possible to pluck individual instructions of a CPU.
The most simple form of tempest eavesdropping is reconstructing the image displayed on your CRT, however, it would also be possible to grab keystrokes from a PS/2 cable (or your pin code from the serial cable that connects the keypad of an ATM)...
Actualy CRT eavesdropping is fairly simple... all you really need to get started is an old B&W TV with manual sync signal adjustment (the sync signal on a monitor usually isn't powerful enough for "home-made" [i.e. crude] eavesdropping devices to detect-- so in order to get a coherent picture you need to manually control sync.)
Do a search on Google for tempest radiation-- you'll find all sorts of interesting things... Check out also Tempest for Eliza -- it's a neat functional demonstration. With it, you can use your monitor to broadcast music on the shortwave spectrum. It's sort of eerie actually.
BRx.
Life after capitalism? The participatory economics project
As someone who used to be in the "industry", I can say that the FBI is either way behind the times or full of shit. Most keyboards generate a lot of tempest. Some rather basic test equipment, some software and some patients is all it takes. This is OLD technology. Why do you think there is such a thing as tempest free keyboards? Considering that many hobbiests should be able to handel doing this, any foriegn power, most certainly can do it. Back in the mid eighties, revieling the techniques might have degraded National Security, but I doubt it as most classified material should have been being processed on tempest secure equipment. Speaking of keyboards, mine is a piece of shit.
The way I see it, the keylogger could either be a software or hardware device. It may require that an agent break into the Bad Guy's premises to install the bug. Then again it may not...
If it was a software device, it would probably be some sort of virus or trojan horse that would sit silently & log keystrokes, and transmit them to the FBI at periodic intervals. There are the issues of compatibility - there are over a dozen different varieties of Windows in general use, as well as Linux, BeOS, BSD, etc. That would require multiple versions of the software, all carefully crafted to hide itself from anyone from a casual luser to an experienced computer security expert (what the FBI likes to refer to as a "hacker".) Somewhere along the line it would probably be detected and deactivated.
The hardware approach has the advantage of being OS neutral, and there are only a few varieties of keyboard interfaces that need to be handled. The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device. This would take a lot of time, and have several risks: The agent could be caught in the act, which is made more likely by the extra time taking the keyboard apart. Also, the agent could break the keyboard, which would make the Bad Guys aware that something suspicious was happening.
Putting the device inside the computer would be easier - most computers are designed to be opened & serviced with little more than a screwdriver. However, the agent still has to spend time disassembling & reassembling equipment, with risk of breaking the computer or being caught and subject to Great Unpleasantness. Putting the bug outside of the computer (glued to the underside of the desk or attached to a cable) would be too easy to detect, especially when dealing with Evil Russian Hackerz(TM).
The best way would be to use a bakery van full of TEMPEST gear to listen to the stray signals coming from the computer. The gear would be able to listen to keystrokes, as well as record everything that is displayed on the computer's screen. I suspect the feds don't want this revealed because then the Bad Guys could send thugs to kill the agents in the van, then they would be able to play with all the neat toys inside and come up with countermeasures.
Meldroc, Waster of Electrons
But I'm getting the impression that's not possible. Which should tell you a lot.
Ummm... At the last Vegas security expo, I picked up a keylogger (8k) offered by some company... Plug keylogger into computer, plug keyboard into keylogger...
It looks like a simple torroid RF blocker on a keyboard cable at first glance... Then again, given the amount of dust, mummified donuts, dead , cables, and cat hair - I never look at my keyboard port anyway...
On disassembling the keyboard to install the device: I can just about guarantee you that the FBI would know what type of keyboard this guy had, would buy one exactly like it - take it apart at their shop, install their junk, and then swap 'em so he wouldn't know... They don't take anything apart right there - that's the best way to get discovered and killed...
A while ago (mid 80's, I think), it was discovered that typewriters had been bugged by the Russians at the American Embassy in Moscow. Apparently, the KGB had managed to stick a low powered transmission device under each key of the typewriter. This allowed them to 'see' what the person using the machine wrote....
This is probably just a variation of that.
Chris.
-- I don't have a cool sig.
I don't know about the exact adapter the FBI was using, but I have researched keyboards for emulation projects (hacking a keyboard to get many possible inputs, etc).
Most keyboards have a "grid" made of two rows of wires, to simply put it, a horizontal row, and a vertical row (which isn't exactly true, but is very close to how it works). When you press a button, you close the circuit between one of the vertical rows and one of the horizontal rows. Now this is sent to a small circuit in the keyboard that is basically a decoder chip, that tranfers the specific horizontal row/vertical row combination into a key. This small circuit is usually on a circuit board, and is custom to each type of keyboard. So far, we are finding it difficult to put a keystroke logger into the keyboard. However, the decoder circuit is hooked up to the cable that sends it to the computer. There are either 5 or 6 wires used (I believe 5, one is extra), and there is enough space inside most motherboards that it would be possible to put a small circuit in it. All you need to do is to tap into the wires inside of the keyboard and you have a bug that can install in a few minutes, and is undetectable unless you take the keyboard apart.
Then again, I see other posters talking about an adapter that fits on the end of the plug, in the back of the computer, which would work, but is an inelegant, and very easily found solution. Inside the computer would work also, but would have to interface to the back of the ps/2 adapter, or to motherboard traces, and I'm guessing the grounded case would hinder transmissions of signals. OTOH, cases are easier to take apart, and there is usually a lot more space.