Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Files Brief on Scarfo Keylogger

Posted by michael on from the only-as-secure-as-the-weakest-link dept.

Firewort writes: "In an affidavit (warning, it's a PDF) filed with a federal court in New Jersey, the FBI has disclosed some of the details of a controversial "key logger system" used to obtain the encryption password of a criminal suspect. They go into great detail describing PGP and the different methods they might have used to keystroke-log Scarfo to get his encryption key." Interesting, and more technically sophisticated than the basic keyloggers which grab keystrokes indiscriminately.

8 of 249 comments (clear)

  1. Doesn't it seem strange by Lawmeister · · Score: 3, Informative

    that the FBI was so concerned about not capturing anything but the passphrase for the PGP key? Call me a sceptic but I'd say that the affidavit merely states this to either make it seem like they really know what they are doing, or to appease whatever restrictions the warrant for their entry to the premises and 'bugging' of the computer allowed.

    I would seriously doubt that if this 'device' was capable to record every keystroke as they claim, that if they had the opportunity to sift through Scarfo's (outgoing) email/online banking/Adult-Check/etc. they wouldn't.

  2. Re:A simple keystroke logger can be elegant, too by billnapier · · Score: 4, Informative

    I was under the impression that part of the reason that it didn't log everything was to keep from possibly recording communications (Which would need a different kind of court order, along the lines of a phone tap).

  3. Scarfo Used Windows by macsforever2001 · · Score: 5, Informative

    The affidavit says that Scarfo used a Windows OS.

    Coupled with the DOJ ruling, it just goes to prove that M$ Windows is an operating system written for criminals by criminals.

  4. Re:More keyboard logging by gweihir · · Score: 4, Informative

    Brute forcing depends on key length. If you are willing to spend, say, 1 billion on it, a PGP special purpose RSA breaker (or ElGamal breaker), that takes, say a day to break a 512bit key, could be feasible (the numbers are just a very rough guess, but I think not so unrealistic).

    I doubt very much that they can break 2048 bit at the moment and I think 4096 bit is secure until some serious mathematical breakthroughs (which cannot be predicted).

    The NSA could have such a device for emergency purposes.

    Cheaper would be an attack on the passphrase. Most people don't have so much entrophy in their passphrase. E.g. I have only about 65 bits. Of course for this you need the secret keyring, a ciphertext sample will not be enough.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
  5. Re:keystroke blackbox by Anonymous Coward · · Score: 2, Informative

    They have it now http://www.keyghost.com it can be easily be put inside a keybaord.

  6. Re:A simple keystroke logger can be elegant, too by mmontour · · Score: 4, Informative

    Perhaps what's needed is a USB dongle, with an external switch that fries the flash RAM inside, rendering it unusable, and unreadable even to people trained in data recovery.

    Well, there's the Dallas Semiconductor iButton. It includes tamper-resistant features that will zero its RAM under certain conditions (e.g. over-temperature), although it doesn't have an actual "erase" switch.

  7. Cutting through the BS... by Anonymous Coward · · Score: 1, Informative
    Having just read the brief, it seems to me that the affiant is basically blowing smoke up the Court's ass to obscure the fundamentals of what really took place.

    The guy's essential point: "We designed the keylogger so that it wouldn't intercept anything which might be a 'communication,' for example by disabling it any time the modem was active. Therefore it cannot be considered an intercepted communication, so we are exempt from the provisions in the wiretap laws. Oh, and we only logged for 14 days, instead of the court-allowed 60 days, so we weren't invasive at all."

    That's all well and good, but all they are doing is trying to prove the point that the wiretap laws don't apply in this case. They are understandably worried about this, I think, because internally they know damn well that this operation was functionally equivalent to a type of wiretap.

    If Scarfo's lawyers are smart, they will hammer home a simple analogy to what went on: the Feds essentially monitored every keystroke entered into the computer over a two-week period, with the exception of those times when the modem was on. Substitute the words "desk lamp" for the word "modem" (not a perfect analogy, I know, because you don't normally communicate with a lamp, but still...) and it makes the point a little more clear.

    The bottom line is that this keylogger constituted a standing, two-week long, continuous search of the guy's work on his computer. No different, really, than hiding an agent in the closet of his office to look over his shoulder as he typed. Put that way, it may be a lot harder to defend their actions before the Court.

    [disclaimer] Scarfo may very well be a corrupt, guilty scumbag -- but I think bending the law in such a Machiavellian way is not the right way to go about it. [/disclaimer]

  8. Re:For a second there... by Anonymous Coward · · Score: 1, Informative

    Ah even better... http://www-fars.nhtsa.dot.gov/