Slashdot Mirror
Judge Demands Details Of FBI's Keylogger
wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."
Oops, wrong URL (points to a review). You can buy them here
And if you hide them inside the keyboard or inside the PC they are difficult to find.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
The issue here is not, Are there any circumstances under which the government has a compelling issue in obtaining evidence by wiretap, bug, or whatever? The issue is, how high should the bar be set? How hard should it be for the government to show such need?
The FBI argues that this is not a wiretap and so it meets low standards. The defendant holds that it was a wiretap and hence needed a specific warrant to be placed.
People like to cast these things as black-and-white: Either the government can't bug us, and we are totally free; or the government can, and we are entirely enslaved. Unfortunately for such extremists, history has always been more nuanced: The American judicial system always works on the principle of balances and tensions. What's important is to set the price of such invasions so high that they be used only in the most extreme, most justifiable conditions.
This case is, in large part, not about the technology that is used but about the accountability of those who use it.
The Mongrel Dogs Who Teach
It occurs that a simple measure against a keylogger is to run a program which continuously polls the keyboard, making note of any occasion during which the keyboard is unavailable (or during which the computer has not been functioning, meaning it's been turned off), and which gives alarm to the user just before he begins work after having gone for some time. (Detection of this absence could be automated with a cheap fuzzy vision system that only checks for warmth in front of the monitor, and for motion indicative of a human and not a cat or very warm chair).
The electricity bill from leaving a computer on all the time (as would be necessary), and the cost of a reliable uninterruptable power system, would be a small price to pay in such cases where the owner has reason to worry about spying and the implantation of such sneaky devices.
The aim generally would be to make the computer an integrated, always-functioning system that "knows" when oddities occur, such as being turned off, or losing the keyboard, or being moved more than a few millimeters, or anything else that could be interpreted as tampering (when the authorized user is absent, obviously).
Naturally, this measure works against hardware spying only. Software spying is another matter, but the hardware is the first and most important line of defense.
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
I don't think there's necessarily a connection between being able to describe it and whether or not it violates our constitutional rights. What it also implies is that their method, once known, is easily defeatible -- "security through obscurity" rearing its ugly head.
It seems to me possible that the FBI is using a device that can actually monitor a keyboard without touching it. If you ever turn the volume on your soundcard way up, you'll notice that you can hear in the static different notes depending on which keys on the keyboard you press.
This isn't something the average shmuck could defeat easily if he knew about it, but the larger fish which make and break FBI agents' careers do have the resources to install jammers for such occasions. So it is quite possible that the FBI has a point here.
Typical for the FBI to think they know more than everybody else does.
A hardware keylogger can be implemented by a student of electrical engineering or any gifted amateur in perhaps a week or so. Typically a PIC microcontroller would be used together with an external serial EEPROM. With e.g. 64KByte EEPROM this would cost about 10 Euro per device and be the size of a sugar cube. The programmer hardware would cost an additional 10 Euro, software is available for free. Larger EEPROMs require a bit more work (maybe an additional day), and are physically larger (2 sugar cubes). Price would be an additional 15 Euro for e.g. 512Kbyte.
And if you don't know how to build your own, you can buy them here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Since a keyboard scans all keys several times per second it generates a signal on a certain wavelength that can be picked up with a radio (try holding your shortwave radio near the keyboard with the monitor switched off). Analysis of this signal allows people sitting in a van outside your house to know what you're typing due to the interruptions in the 'buzzing' signal normally received, which only happens when keys are pressed. The time from the start of the scen identifies which key is pressed.
Its all very clever.
Weevil
ghaa.
Embed a bit of non-volatile RAM in the keyboard controller chip. To retrieve the data, seize the keyboard, desolder the chip, and apply TTL to pins that are grounded when the keyboard controller chip is still soldered to the keyboard. Totally undetectable, and it could be done at the factory to every keyboard shipped.
The privacy of Joe Average is "maintained" the the fact that Joe's keyboard is rarely seized. Just make sure NSA doesn't use these keyboards.
I dub the idea "bugboards", and anyone who patents it has to deal with this Slashdot post constituting prior art.)
To the tinfoil hat crowd: With a suitably large clandestine payment to Winbond, "they" could have been doing this to a good 30-40% (if not higher) of the keyboards in existence for the past 3-4 years. Save your original PC/AT keyboards!
My personal speculation: If it's a hardware device, it's a Keyghost, possibly installed inside the keyboard. (Yes, if I were a Mafioso, I would check the keyboard port as part of a daily sweep for bugs. But I probably wouldn't grab a screwdriver and inspect the keyboard's guts.)
According to the Wired article yesterday:
This would be impossible (or at least highly improbable) with a hardware device. With software, however, it could be done - log everything until you see PGP running and a passphrase being entered. Then stop logging.
I have a hunch it's software, not hardware, for another reason.
This whole case revolves around whether the FBI "placed a bug" (i.e. wiretapped) or not. "Bug" has traditionally meant a hardware device, which does not appear to be covered by the warrant. (If they had a warrant to place a bug, the defence wouldn't be arguing otherwise).
Even the most kl00less n00b of a judge would be able to see that a Keyghost or other hardware-based key-logging device is fundamentally the same as a microphone. One logs keystrokes. The other records voice. If the warrant didn't authorize the placement of an audio bug, it probably didn't authorize placement of a keylogging bug.
But if it's software, the Feebs can argue "Hey, it's not a device, it's just ones and zeroes on his hard drive. We left nothing, we just tweaked some magnetic lines of flux on a spinning piece of metal."
The funny part is that this is the same FBI whose lawyers are arguing (eg. DeCSS, Sklyarov, etc.) that even source code can be a "circumvention device". I guess code is a "device" when it serves the FBI's purpose, and "not-a-device" when it... well, serves the FBI's purpose.
The sad part is that it's going to take a pretty enclued judge to figure out that if DeCSS is a "device" for circumventing protection, then a keylogger -- even if it's just software -- is just as much a "device" for conducting a wiretap of the line between a keyboard and a computer.
Finally, doing it in software enables them to turn the logging off after they capture the PGP passphrase. I speculate that they realized they were treading on the outer fringes of what they could legally do under this warrant, and wanted to be able to make at least some claim that they minimized the amount of data to be captured.
All of this leads me to believe it was a software device, not a piece of hardware. "If we can't get a warrant to place a wiretap, let's do it with software, and then if the defence argues otherwise, we might at least have a shot at convincing the judge that software isn't a "bug" because it's made of bits, not atoms, and the wiretap law was written when the only technologies for wiretapping required atoms."
(The obvious argument for the defence: "In that case, Your Honor, we submit that the instant the software ran on the defendant's computer, the FBI had effectively installed a bug. Instead of it being the cute little ones you read about in Tom Clancy novels, it was a full-tower 1G Athlon bug. But it was still a bug.")
That said -- let's have an open mind. Maybe they're doing something more advanced than installing a Keyghost. Maybe they're using a new way of installing software known only to the 'l33t d00dz in the intelligence community.
Finally, maybe the technology is also in place now on real threats, and the bugs - hardware or software - weren't planted by "cops operating with a warrant", but by intelligence agents (or double agents), whose lives would be jeopardized by their targets' acquiring the knowledge to detect these bugs.
As much as I mistrust the FBI, if any of those scenarios is true (and they're all plausible), it doesn't matter how weak the FBI's case is in the case of this mobster, the tech should remain under wraps.
What happened at Roswell?
Who killed Kennedy?
How many licks does it take to get to the middle of a tootsie pop?
etc...
i remember watching a segment on discovery channel a couple years back about an experimental key logger. basically with standard keyboard, everytime you press a key you create a small EMP. using the hardware they had they could detect which key was pressed from several feet away and even through a wall. im sure the technology is much more refined and mature today.
But we knew that already
Well, *you* might not have known that already, but I did. It's also possible (with appropriately advanced equiptment) to recreate what is on a regular monitor (I'm unsure of LCDs) by the frequencies it bleeds as well.
It's just rather technologically difficult. But we already knew it was possible.
Certainly the FBI doesn't think everyone is that stupid (um..never mind)
It sounds to me like they just gave the judge a bunch of keycodes, and the judge doesn't understand how to go from keycodes to keys.
Once the FBI gives the judge a table of keycodes -> keys, I suspect the judge's "gobbledegook" comment will be answered. Now, the question is, will the judge accept the keystroke recorder as a part of a valid search warrent, or will the judge interpret the device to be a "listening device".
Remember, the whole danger of this device is not that it exists, it is that the FBI went in on a search warrent, and left a listening device behind which should require a wiretap order.
www.eFax.com are spammers
Threat to national security, right.
Somewhere in the heavens... they are waiting.
most likely. The FBI probably doesn't want to admit in open court that some guy walked a couple of blocks away to "Spys-R-Us" and bought an off-the-shelf keyboard logger at 5 X retail price. It would be laughable if they weren't dead serious to hide this....
The Government's penchant to hide everthing they do from the citizenry is insidious. How about requiring the President to personally sign each and every individual page of every single "National Security" classified document. That would certainly help cut down this effrontery of abuse, eventually. Classification by default is an insult to the intelligence and political franchise of the American people!
When are people going to get angry about being lied to and abused in the name of holy national security? The Cold War has been over for a long time now. Is this a police state or a republic? Can anyone tell the difference anymore? Please tell me; I really do care.
I think I would recommend the FBI installed BO2K on these computers. That would certainly give them the kind of offsite surveillance needed. And - best part - it's free. No taxpayer dollars wasted on an expensive program. Heck - the crime lord would probably go bustin' hacker ass looking for the guy that hacked him...
Oh no. Did I give away FBI's secret?!
Hmm. This was supposed to be funny. I guess it actually makes a limited amount of sense. How sad.
Stop the brainwash
Step #1, Dvorak:
.. doesn't use any kind of adapter they have ever seen.
This would really annoy someone. At first glance, someone will say "this device just recorded garbage!". Of course, anyone who really wanted you bad would pass some statistical analysis through it, so if you suspect you are being tracked, do a lot of perl programming. The prevalence of %!(!@%$(!@*% will throw off the %'s
Step #2, USB!
Glad to use an Apple G4 at the moment (OS X!). Keyghost says:
* (MacOS & USB keyboards not currently supported).
Keep this in mind, though I'm sure it will be rectified in the near future. Of course, they could just stick a convertor behind your machine and hope you don't notice -- so buy a machine without a PS/2 or AT keyboard port.
Step #3, Kinesis
They sell a cute KeyGhost Security Keyboard, that looks like a natural keyboard of sorts. Insist on a Kinesis keyboard at work! Not only are these great keyboards, but when your boss (or FBI at home) see the keyboard, they will really say to themselves.. "huh?".
That, and you can get the QD model like I do with the dual dvorak/qwerty caps just to mess with their heads more.
Step #4, Run a less popular OS & Architecture
This one is primarily for software key loggers. If your in trouble with the law, the best way to play with them is to work harder. Like for firewalls, one of the best ways to keep yourself a little more secure is to use a less-common OS & architecture.
If you say, use a Sun Ultra at home (without USB), running preferably solaris, but insert any OS here. I'm sure they will have some choice swear words when they see that your mouse plugs into your keyboard, and your keyboard
That and, I'd be likely to say that they don't run into many Sun workstations to sniff via software either, but feel free to run NetBSD on your Sun just to make them recompile it anyways.
I myself ran on a Sun Ultra 10 at home till I sold it for this dual G4. They can be somewhat palatable workstations.
Step #5, serial:
If you really want to mess with their heads, set the machine up to have video output, but take serial input. Get an old dumb terminal out, put it on the other side of the desk, and pump in some text.
When they come in a few weeks later and wonder why the keyboard plugged into your PS/2 port didn't log anything, they may wonder what the heck is going on.
And somehow I doubt they've got a nise Wyse compatible keyboard logger anyways.
Enough silly ideas, time to go back to sleep.
2m keystrokes? Well, how many times do you hit space while paging through the alt.binaries.erotica.* groups? :)
Could it not be some way of trapping the electronic signals remotely? I remember hearing about this somewhere, not sure if was a conspircy theory, a movie, a book, or what....
Theoretically though, your keyboard emits a signal (albeit through a cable) back to your computer. If you had something sensitive enough, could you not trap those signals and record them? No encryption to worry about, no sniffing on the network or packets to deal with, just pure, raw data from the source!
Basically, tempest eavesdroppers exploit the electromagnetic radiation generated by things like your monitor, UTP Ethernet, serial cables... in some cases the radiation thrown into the shortwave band is broadcast fairly significant distances... also advanced techniques -- such as irraditing a building with a certain frequency of electromagnetic radition -- prove that it's been possible to pluck individual instructions of a CPU.
The most simple form of tempest eavesdropping is reconstructing the image displayed on your CRT, however, it would also be possible to grab keystrokes from a PS/2 cable (or your pin code from the serial cable that connects the keypad of an ATM)...
Actualy CRT eavesdropping is fairly simple... all you really need to get started is an old B&W TV with manual sync signal adjustment (the sync signal on a monitor usually isn't powerful enough for "home-made" [i.e. crude] eavesdropping devices to detect-- so in order to get a coherent picture you need to manually control sync.)
Do a search on Google for tempest radiation-- you'll find all sorts of interesting things... Check out also Tempest for Eliza -- it's a neat functional demonstration. With it, you can use your monitor to broadcast music on the shortwave spectrum. It's sort of eerie actually.
BRx.
Life after capitalism? The participatory economics project
No sh*t. If I were to come home and find someone breaking my computer--or really, just in my home--he'd be subjected to Great Unpleasantness to the nth degree. Where nth degree is defined as multiple .22 in. holes in his head. When did the US sink so low as to allow pigs to break into a man's home--his castle--and listen to his private conversations? I know that it's been going on for a long time; I just wish it were legal to retaliate. If we could issue pigs speeding tickets, or fire on them, or even scream obscenities at them without being arrested, it'd be nice. They are such despicable uentermenschen.
The Russians, the Chinese, and every other country that routinely run 'agents' against the US of A. As the chief counter-intelligence of the USA, the FBI is probably using these things against all sort of confirmed and suspected foreign agents. And now the FBI'll be forced to explain exactly what the thing is, how it works, what it looks like, and a lot of 'spies' are going to check their computers....
Vintage computer games and RPG books available. Email me if you're interested.
Its rather unlikely. Chances are good that while they're breaking into your house, someone else is following you and can easily warn whoever is there to get out if you choose to come home earlier.
Of course, someone ELSE could come by and surprise them all.
-Restil
Play with my webcams and lights here
This means that the Judge wants to see for himself exactly how the FBI device thing works. (The original government description was "gobbledegook".) From the rest of the order, however, it sounds to me like that the Judge does not believe a communications intercept has occured unless the FBI overheard Scarfo talking via a modem or other Internet connection.
In other words, IMHO it appears that the Judge is actually leaning against Scarfo, but doesn't quite understand the technology enough to make a decision. Remember, the law very narrowly defines a "communication" when talking about wiretapping...
On the very FIRST PAGE is this link to what appears to be what we're talking about.
3 Minutes, $80, how much did we pay for the FBI version?
-Ben
PS: Is it just me or has /. gotten SLOOOWW these past few weeks?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Scarfo: "Shit, what's this little icon in the corner...I've never seen that before."
FBI #1: "Damnit, he's onto us! Pull the plug!"
FBI #2: "No! It's okay. We embedded it into the Virtual Vixen (tm?) EXE. He'll play with it all day and never figure it out."
Scarfo: "Oh wow, when did I get this? This is great!"
FBI #1 and #2 simultaneously: "MUA HA HA HA"
The way I see it, the keylogger could either be a software or hardware device. It may require that an agent break into the Bad Guy's premises to install the bug. Then again it may not...
If it was a software device, it would probably be some sort of virus or trojan horse that would sit silently & log keystrokes, and transmit them to the FBI at periodic intervals. There are the issues of compatibility - there are over a dozen different varieties of Windows in general use, as well as Linux, BeOS, BSD, etc. That would require multiple versions of the software, all carefully crafted to hide itself from anyone from a casual luser to an experienced computer security expert (what the FBI likes to refer to as a "hacker".) Somewhere along the line it would probably be detected and deactivated.
The hardware approach has the advantage of being OS neutral, and there are only a few varieties of keyboard interfaces that need to be handled. The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device. This would take a lot of time, and have several risks: The agent could be caught in the act, which is made more likely by the extra time taking the keyboard apart. Also, the agent could break the keyboard, which would make the Bad Guys aware that something suspicious was happening.
Putting the device inside the computer would be easier - most computers are designed to be opened & serviced with little more than a screwdriver. However, the agent still has to spend time disassembling & reassembling equipment, with risk of breaking the computer or being caught and subject to Great Unpleasantness. Putting the bug outside of the computer (glued to the underside of the desk or attached to a cable) would be too easy to detect, especially when dealing with Evil Russian Hackerz(TM).
The best way would be to use a bakery van full of TEMPEST gear to listen to the stray signals coming from the computer. The gear would be able to listen to keystrokes, as well as record everything that is displayed on the computer's screen. I suspect the feds don't want this revealed because then the Bad Guys could send thugs to kill the agents in the van, then they would be able to play with all the neat toys inside and come up with countermeasures.
Meldroc, Waster of Electrons
I'm glad to see that this judge isn;t buying into the FBI's lies. No matter that involves the internal police actions of a country should be secret. The FBI, ATF, etc., should not have any right to claim national security.
Hopefully, this judge's courageous ruling will slow America's descent into a police state. The very idea that the FBI is conducting warrantless searches is contrary to everything Americans have fought and died for.
No comment at this time
the FBI sent the keylogger to him in an e-mail message along the lines of "I send you this file in order to have your advice." They couldn't be held accountable as he willingly opened it.
But I'm getting the impression that's not possible. Which should tell you a lot.
This was mentioned on slashdot a year ago.
A company called Keyghost makes a small device that you place either inside a keyboard, or in between the keyboard and the computer that will log several kilobytes of keystrokes.
I would assume this is similar to the super secret technology that the FBI used.
The system that the FBI typically uses attaches between the keyboard connector and the computer. It is out of sight, at the back of the computer.
/. article on it a little while back. The site linked would only sell to approved governmental organizations.
There was a
A while ago (mid 80's, I think), it was discovered that typewriters had been bugged by the Russians at the American Embassy in Moscow. Apparently, the KGB had managed to stick a low powered transmission device under each key of the typewriter. This allowed them to 'see' what the person using the machine wrote....
This is probably just a variation of that.
Chris.
-- I don't have a cool sig.
"Certainly, your honor, that information is right here on my laptop...somewhere...hey, anybody seen..."
Be part of the world's largest collaborative work of art: http://www.paintthemoon.org
They could get away with an older keyboard if they've already scanned the room with a video camera and bodged up a replacement keyboard.
They did it with the desk lamp in the opener of Season 3 of The Soprano's and I believe everything I see on TV...
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
I don't know about the exact adapter the FBI was using, but I have researched keyboards for emulation projects (hacking a keyboard to get many possible inputs, etc).
Most keyboards have a "grid" made of two rows of wires, to simply put it, a horizontal row, and a vertical row (which isn't exactly true, but is very close to how it works). When you press a button, you close the circuit between one of the vertical rows and one of the horizontal rows. Now this is sent to a small circuit in the keyboard that is basically a decoder chip, that tranfers the specific horizontal row/vertical row combination into a key. This small circuit is usually on a circuit board, and is custom to each type of keyboard. So far, we are finding it difficult to put a keystroke logger into the keyboard. However, the decoder circuit is hooked up to the cable that sends it to the computer. There are either 5 or 6 wires used (I believe 5, one is extra), and there is enough space inside most motherboards that it would be possible to put a small circuit in it. All you need to do is to tap into the wires inside of the keyboard and you have a bug that can install in a few minutes, and is undetectable unless you take the keyboard apart.
Then again, I see other posters talking about an adapter that fits on the end of the plug, in the back of the computer, which would work, but is an inelegant, and very easily found solution. Inside the computer would work also, but would have to interface to the back of the ps/2 adapter, or to motherboard traces, and I'm guessing the grounded case would hinder transmissions of signals. OTOH, cases are easier to take apart, and there is usually a lot more space.