Slashdot Mirror
FBI Files Brief on Scarfo Keylogger
Firewort writes: "In an affidavit (warning, it's a PDF) filed with a federal court in New Jersey, the FBI has disclosed some of the details of a controversial "key logger system" used to obtain the encryption password of a criminal suspect. They go into great detail describing PGP and the different methods they might have used to keystroke-log Scarfo to get his encryption key." Interesting, and more technically sophisticated than the basic keyloggers which grab keystrokes indiscriminately.
I suspect it's only a matter of time before motherboards come equiped with a "blackbox" type of thing, similar to a flight data recorder. They could store, say, the last 10,000 keystrokes on any keyboard. Does such a thing exist?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Speaking of "if you are important enough" and "all is takes is application of resources", I was recently reading through some of the briefs in the US v. Scarfo case. It sounded to me like the FBI got frustrated with his use of PGP and went with the keylogger approach. I was under the impression that the government had the resources to actually break some of the encryption schemes that are lawfully available in the US. It takes them time and a lot of computer horsepower, but I thought they could do it. It seems that the FBI didn't want to have to use all these resources in the Scarfo case and take the time to do it that way, so they used a logger. The material I was reading came from www.epic.org. It was interesting.
Anybody out there know what it was? The affidavit implies that it was put into court records at some point in time (at least the output of the KLS was). Just curious, thinking its something like NickyS or BaddaBing.
Even if a keystroke logger recorded every single keystroke... if you were to copy and paste a password, say you put it in a text file on a floppy on a different computer.... wouldn't this render the keystroke logger useless? It would have to also record the contents of the "clipboard", no?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Maybe put a barcode on rice paper, then. *shrug*
Only the dead have seen the end of war.
Voice recognition.
True, but that does not mean that they are not going to break the rules. The knowledge that they couldn't use the evidence would in no way deter them from collecting it.
Unlike your local PD, the FBI risks a lot more harm than possible benefit from such a strategy. All it would take is one whistleblower to make the whole thing blow up in their faces. I suspect that if the FBI says they are using those communication restraints it is because they are. Even the political damage, much less the criminal liability of lying to the courts, would be overwhelmingly more costly than losing this relatively unimportant case.LibBT: BitTorrent for C - small - fast - clean (Now Versio
Did anyone read that whole thing? It seems that the FBI had a keystroke logger that only came on when the modem was off, with the belief, I assume, that the computer isn't a communication device unless the modem is on.
So then the wiretap laws wouldn't apply when the modem is off? Is my interpretation correct?
Strange loophole..
What is a key stroke reader, a device that is inserted between your keyboard and computer. You use the key stroke reader as a replay attack, replay their entered password. So just stick a finger print logger between the finger print scanner and the computer. Then used the captured and recorded digital handshake from the fingerprint scanner and the computer to replay a finger. A cdrom scanner could be configured in the same way.
Now how to be safer.
Use openbsd, with an encrypted filesystem and swap. Everytime the feds serve a search warrent. Sell your old computer, buy a new one keeping the hard drive. Use dd to copy over the hard drive information, destroy the old hard drive.
Other things you need to consider. The feds could install an video bug above your keyboard on the ceiling. Also the radiation eminating from your keyboard cable and monitor could be passively monitored and data recovered. I recomend using lap tops and conducting business from inside a limo using a wireless conection. Replace the limo if their is ever a possibility police involvement. If you are running a drugs/prostitution/gambling empire you should have more then enough money to make up for the extra expenses.
actually, from the looks of the brief, there are a few ways to circumvent their device. To me, it appears the key (no pun intended) to thwarting this lies in that the logger is only active while the modem is active, meaning you have to be online in order to be have your keys logged.
Option #1
Some have suggested saving that phrase in a text file and then copy/paste from there would work, except that your passphrase is now in clear text on your hard disk. Any search warrant against your machine would find that file, and your private key becomes compromised.
Solution there is to open a text editor before going online, entering the passphrase there. go online. Get the mail and then copy/paste the passphrase, close text editor w/o saving.
Option #2
download the email off the mail server (ie, POP it off the server). Go offline. Enter passphrase and read message.
Likewise, dont write emails while online. Write and encrpyt first, then go online to send. The keylogger appears to be able to pick up your typing of the message if you're online as you write it. (this also saves you $$$ if your ISP is cheap enough to still be charging per hour rates!)
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Until recently I had thought the hardware approach more likely. It's easy to install a bug in the keyboard cable, and such devices already exist on the market.
But one passage in this affidavit caught my attention:
A hardware device would have been easy to install even if the computer wasn't "operative" (as long as it was actually there). This strongly suggests that the logger consisted either of software modules hacked into Windows, or possibly a hack to the BIOS firmware.
The software/firmware approach does have the advantage of being less easily detected by a naive user. The average Windows user wouldn't have a clue as to how to look for cleverly hacked DLLs or system programs.
Still, once the threat is known the countermeasures are pretty obvious:
Use an open-source operating system that can easily be rebuilt from trusted sources
Use Tripwire to detect modifications to system programs
Improve physical security. Use a laptop and keep it in a safe when not in use. Use IR motion detectors, to quietly log any intrustions in the vicinity of the safe and/or computer.
Anybody have any other ideas?
> Interesting, and more technically sophisticated
// Keydown
> than the basic keyloggers which grab keystrokes
> indiscriminately.
If (PGP == RUNNING)
{
for (k = 0; k 256; k++)
{
if GetAsynchKeyState = -32767
log(key, time);
}
}
How sophisticated is that? Lame...
_____________________________________
Do YOU have "Nagelsvamp"?
www.nagelsvamp.nu