Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keystroke Logger Faces Federal Wiretap Charges

Posted by CowboyNeal on from the watching-the-watchmen dept.

securitas writes "In what prosecutors say is the first case of its kind, a former insurance claims manager was indicted on federal wiretapping charges for allegedly installing a keystroke logger on another employee's computer. The device was secretly installed 'on a PC used by a secretary to senior executives at Bristol West Insurance Group.' Reuters reports that the man, who had been fired, was gathering information for a class action lawsuit against his former employer. SecurityFocus interviews would-be keystroke logger user Larry Lee Ropp who reportedly installed the KEYKatcher device on the PC."

38 of 346 comments (clear)

  1. Just slightly OT by The-Bus · · Score: 5, Interesting

    From http://www.keykatcher.com/testimonials/index.html

    "I must thank you for this great invention. Early this year, I discovered my 14-year-old daughter was on the ICQ with a person with a name of "P****". I was shocked and did not know what to do. I then e-mailed the editor of Parent and Child and they reccommended me to do a search on the internet. I was very fortunate to have purchased a KEYKatcher. The ability to read my daughter's e-mail has helped us to make the right decision about the school she would attend last September..."

    I mean, is there any useful use for this device at all?

    --

    Small potatoes make the steak look bigger.

    1. Re:Just slightly OT by REBloomfield · · Score: 4, Interesting
      we actually use something similar in the school i work at. Students are monitored by the logger, if it finds a word or phrase in our database, then a screenshot is sent to us, and we can then watch the student in real time over VNC.

      eg. student types in http://192.168.0.1/admin then we know about it (ficticious example: idea is that the kid is going somewhere he shouldn't).

    2. Re:Just slightly OT by Liselle · · Score: 4, Interesting

      I can't think of anything that's terribly legal. I knew there was a reason I never do anything important on publically-accessible terminals. I guess it's a nice device to own if you're a bad parent with a tinfoil hat.

      The question in the back of my mind on this article though: what would they have done if it was a software keylogger, instead of a hardware one? Do the wiretap laws still apply in the same capacity? I understand from TFA that the fact that it logged emails made him a target for it.

      --
      Auto-reply to ACs: "Truly, you have a dizzying intellect."
    3. Re:Just slightly OT by mirko · · Score: 5, Funny

      So, they'll begin typ1ng l1k3 w4r3z m0f035 t0 /\v01d b31ng tr4x0rr3d by n4z1s ?

      --
      Trolling using another account since 2005.
    4. Re:Just slightly OT by Chess_the_cat · · Score: 4, Interesting
      I mean, is there any useful use for this device at all?

      Definitely. If you're a writer of some kind, install a KeyKatcher and you've got an instant backup of everything you've written. If your word processor crashes, no problem; fire up KeyKatcher and cut and paste everything you've lost. Beautiful stuff.

      --
      Support the First Amendment. Read at -1
    5. Re:Just slightly OT by REBloomfield · · Score: 4, Informative

      we're not trying to read what they're doing, it's frankly of no interest, we're more concerned with *what* they're doing. For example (again) They have no need to ever run a .com file, so if it comes up in the log, i can find out why, and deal with it. Typ1ng l1k3 7h15 will achieve bugger all if they actually want to use the system...

    6. Re:Just slightly OT by Vellmont · · Score: 4, Insightful

      Good to hear that Big Brother is alive and well in our schools. This kind of thing just makes me sick. Is it appropriate to have computers monitor the phone line in a school for keywords or phrases, and then listen in when they're detected?

      --
      AccountKiller
    7. Re:Just slightly OT by Anonymous Coward · · Score: 5, Insightful

      I mean, is there any useful use for this device at all?

      No. Not unless you think like this:

      Dear god, think of the children. WON'T SOMEBODY THINK OF THE CHILDREN?

      The correct solution is called parenting. There is no substitute for parental supervision and being involved with your children's activities. You wouldn't let a child watch whatever TV station they want, completely unsupervised - so why would you do the same with an internet-enabled computer? Call me old fashioned, but I don't even think a child should be allowed access to a net-connected computer unless it's in a shared, plainly visible family room environment.

      Using tricks to snoop on your kids like this will breed an attitude of distrust and paranoia. You'll also only find out what they're up to after the event. Instead of working against them, you should actively work with them.

      Plus, with a software solution - you actually have to check the logs from time to time. If you care so little that you'd rather a piece of software babysat your child, eventually you'll stop reading the logs because that involves effort.

    8. Re:Just slightly OT by eclectro · · Score: 4, Insightful


      Actually, kids in schools can not prevent the search of their lockers, as the school owns the lockers. I imagine it is this same logic that is extended to computers owned by the school.

      The same unfortunately is applicable to many places of employment. Owning the equipment gives employers the right to monitor it. I believe that this was decided in the supreme court.

      You should never assume that you have privacy on equipment you do not own.

      --
      Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
    9. Re:Just slightly OT by Mose250 · · Score: 4, Interesting

      Not really - what's the difference between this and just having a teacher walk around and glance over the kids' shoulders? The fact that VNC is used instead of a pair of eyes? Computers in schools have never been a place for completely anonymous internet access.

    10. Re:Just slightly OT by Vellmont · · Score: 4, Insightful

      So if the school owns a phone they can listen in on all calls? It may be legal for the school to do the monitoring, but that doesn't mean it's the right thing to do. I find it frightening that a generation can grow up with the expectation of being monitored constantly.

      --
      AccountKiller
    11. Re:Just slightly OT by orthogonal · · Score: 4, Interesting

      I can't think of anything that's terribly legal

      Well, there are very few cases, but... I installed a (software) key logger on my own box in order to get the raw data needed to figure out my personal letter frequency in typing -- the standard English frequency wouldn't apply, as I do a lot of C and C++ coding. (How often do you see semi-colons, let alone curly braces, in standard English writing?)

      A nice side benefit is that I could review the key log -- to see if anyone else had been using my computer.

      --
      Opinions on the Twiddler2 hand-held keyboard?
    12. Re:Just slightly OT by Slamtilt · · Score: 5, Insightful

      I take it you're not a parent. Find one who wouldn't be concerned that we offered filter free, non-monitored use of the internet.

      I'm a parent, and I wouldn't send my kids to a school with a policy like yours. That policy is not, by the way, the same as offering "filter-free, non-monitored use of the internet". There are ways of achieving a safe and humane environment without logging every keystroke, and it's disingenuous to imply that there aren't.

    13. Re:Just slightly OT by maximilln · · Score: 4, Insightful

      Just because you sign a policy agreeing to slavery doesn't make it legal or ethical.

      Every single person who uses the excuse "I can play God because you signed the policy agreement" should be bludgeoned to a pulp with wet noodles.

      Why wet noodles? It'll take longer to achieve the pulp stage and sting more.

      --
      +++ATHZ 99:5:80
    14. Re:Just slightly OT by Vellmont · · Score: 4, Insightful

      No.

      If you're talking to a trusted friend/family member about something personal (traumatic event in your life for instance) and someone walks in the room, do you modify your behavior? Of course. Does that mean you shouldn't have been talking about it? Of course not. People do have legitimate reasons to keep secrets. Doing so isn't evidence that what you were talking about or doing is wrong.

      --
      AccountKiller
    15. Re:Just slightly OT by Cr3d3nd0 · · Score: 5, Interesting

      As a matter of fact I just found a maybe not so much legal, as a justifiable use for a keylogger. My girfriend lives at home with her mom, 6 year old brother, and her mom's boyfriend. Being the geek I am I took the time to help clean their system of spyware and the like when I ran into a few child pornography pictures in the recycle bin. Seeing as they have a 6 year old child living there I wanted to keep an eye on their system to find out where the pictures had come from. Sure enough three days later I got a log in the email of the boyfriend chatting with a young child online. I informed the mother, and the police and now the asshole is up on child porn charges. Obviously they couldn't use the keylog information but the fact that the pictures were on there was enough.

      --
      This is not a sig
    16. Re:Just slightly OT by Huogo · · Score: 4, Interesting

      I've found that booting to a Knoppix CD, then connecting to a proxy on my webserver through an SSH tunnel is a very good way to avoid being monitored. NetOp (basically VNC) won't work, VNC won't work, watching my history won't work, and the server logs won't work. All the data is encrypted, with nothing running client side to monitor me. Only way is for someone to look over my shoulder.

    17. Re:Just slightly OT by maximilln · · Score: 5, Insightful

      Why does everyone use Columbine as an excuse to increase Big Brotherism?

      Anyone with an ounce of honest thought realizes that watchful Big Brother wouldn't have prevented Columbine. Watchful Big Brother always sides with the majority popular clique. If anything watchful Big Brother would've helped the priveleged students antagonize their scapegoat prey and would've brought the whole situation to a head much earlier.

      Which isn't a bad thing. Armchair parents and water-cooler gossips needed a wakeup call. I don't condone the end result of those actions but, in all honesty, the clique nature of our social system is just begging for it.

      --
      +++ATHZ 99:5:80
    18. Re:Just slightly OT by maximilln · · Score: 4, Interesting

      If you're relying on a keystroke logger to clue you in to children who have problems with any of these issues then let it go. You're already too late.

      If parents and mentors were even close to taking responsibility for their children they'd pick up on these issues long before a keylogger alerts them to it.

      Ode to a generation that is completely self-absorbed until the last possible moment when "DANGER WILL ROBINSON" is blaring over loudspeakers.

      --
      +++ATHZ 99:5:80
    19. Re:Just slightly OT by Catbeller · · Score: 5, Funny

      MEMO: Privacy and Intellectual Property Protection Policy of NorthByNorthwestern University

      Anyone (hereafter referred to as "we") in the employ of NBNWU designated by appropriate management can monitor any activities of any student, employee, or casual visitor to to your dorm at any time. We reserve the right to record any activities, up to and including really gymnastic-quality sex. We reserve the right to distribute said information and cool tapes if we want to. Get over it.

      If you (student/employee/casual sex encounter) do not like this, we suggest therapy for your sad case of paranoia.

      If you (student) do not like this, you are free to quit this institution and become free to obtain any employment you desire in the fast-growing field of janitorial work.

      We reserve the right to give your ass up to the Feds on command. Or even if we feel they may be interested. Or if you seem suspicious to us in any way.

      We feel that you (student/employee/casual encounter) should feel safer in the hands of a benevolent power such as We; what are you complaining about, hippy? Something to hide? Hmm?

      We are broke, and are of necessity closing down Student Health Services for lack of funds. This will not deter us from investing 23 million dollars in an all-campus surveillance system necessitiated by the vicious attack on one of our coeds by Millie the pit-poodle.

      All independent ad-hoc "dark" networks, and of course independently created wireless networks are forbidden as they violate the purpose of maintaining the public safety of NBNWU; unmonitored communications are sadly reliquated to the distant past. 9-11 9-11 9-11, and of course, 9-11.

      We at NBNWU also feel that consistent with our finest traditions of preparing our graduates for the rigors of the working world, our students should acclimate themselves to the weekly anal examinations, virginity and drug tests, and loyalty oaths prepared by your loving administration. We love our President, our God, and our Alumni Association.

      Your tuition will be raised by 15% this year. If you have a problem with this, take it up with the 10,000 people waiting to get in behind your expelled butt.

    20. Re:Just slightly OT by elmegil · · Score: 4, Interesting
      You've never had to deal with rule breakers, have you? It's not a matter of "playing God" in most cases, it's a matter of making sure that the rules are adhered to. If all you do is sit back and repeat the rules, and are only able to do anything about the most flagrant rulebreakers, all you end up doing is pushing the real troublesome ones underground. Policies should not only say "you agree to be monitored" but also what you can do if you think you've been mistreated, and provide real relief if you are.

      As a former university sysadmin, there were times when we would find out someone was breaking the rules, but to enforce them we had to have real evidence. This involved surveillance, usually electronic/email. We then made our case to the dean of students, and if they agreed that the rules were broken, punishment was handed out. The student always had the ability to appeal to higher authorities if they thought they'd been mistreated or the punishment was too harsh. Enough checks and balances that it was never abused; we didn't snoop on students who had not done anything to arouse suspicion, and I can't recall any cases where we went to any great depths investigating anyone who wasn't found to be guilty of enough of an infraction to justify our time.

      That said, I think continuous keystroke logging is excessive and likely more prone to abuse, but still, there is NOT any absolute guarantee of privacy, even if I'm using my own equipment. That's why the FBI can go to a judge and get permission to wiretap a suspect (let's leave aside the fact that I believe that PATRIOT has gutted a lot of the appropriate checks and balances in this system). The other side of that is that you can't just wiretap someone because you want to, and getting back OT, that's what happened here. Regardless of how noble the cause, the means was illegal.

      --
      7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
  2. Federal wiretapping charges? by pinkUZI · · Score: 5, Interesting

    When is the last time you remember hearing about an indictment for actual wiretapping? Doesn't it seem like people get away with wiretapping regularly? I'm thinking about things like the illegally recorded phone conversations with Monica Lewinsky. Or does the law specify exemption if it is done for a good cause?

    --
    You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
  3. This is why by lxs · · Score: 4, Funny

    This is why you should always check your keyboard cable on your work-PC.

    Not only does it keep you secure, but you might score a brand-new keylogger for free.

  4. What a contradiction! by windex · · Score: 4, Insightful

    According to this politech posting by bernieS, it appears that the feds are going to be doing a little bit of double backing.

    It raises an important question, I think: are keyloggers wiretapping devices? They don't involve telecommunications lines directly, so can they be considered in the same class?

    Some food for thought.

    1. Re:What a contradiction! by _LORAX_ · · Score: 4, Insightful

      Obviously you missed the parent posting's point.

      In New York federal investigators used a search warrant ( sneek and peek ) to install a keylogger on a mob boss's computer to steal his pgp keys. They DID NOT HAVE A WIRETAP WARRANT. You can now see the contradiction inherent in this prosecution. Go after this guy and possibly let a mob boss off on appeal because the information they used to convict him is now tainted.

      Of course if they had gotten a wiretap warrant in the first place this would not have been a problem, but they did not have the evidence to get wiretap only a search warrant they have differnt levels of proof of illegal doings

  5. Wiretap law - 18 USC Section 2511 by sczimme · · Score: 4, Informative


    Read all about it here.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  6. Certainly contravenes EU law by heironymouscoward · · Score: 4, Informative

    The EU convention on cybercrime, which is law in most (all?) EU countries since 2000 prohibits the interception of private electronic communications. A key logger would certainly fall into this category.

    However, there have been very few convictions under these laws, only a couple of "hacking" cases in the UK afaiaa.

    It's not only about domestic/workplace espionage. Spyware vendors (a species that rates somewhere between slimemolds and spammers) use similar techniques to spy on and report back on people's use of their computer.

    --
    Ceci n'est pas une signature
  7. This guy is an idiot..... by Doc+Squidly · · Score: 4, Insightful

    ....He got busted when he call the company to get the device back!
    Not the smartest thing to do. He deservse whatever he gets.

    --
    I think I think, therefore I think I am.
  8. What if... by RandoMBU · · Score: 5, Insightful

    They were to apply federal wiretapping laws to spyware? If an unauthorized piece of software transmits information about my activities to a third party without my knowledge... that sounds like wiretapping to me.

  9. I've used a keyboard logger by spidergoat2 · · Score: 5, Interesting

    We had a consultant (former employee) work at a branch office. The owner said to keep an eye on them. I want to the branch office and told every employee that I was installing a keyboard logger and why. When the consultant (former employee) logged on, they had no idea they were being tracked. I discovered they had a back door account and were logging into a supervisor account. Good or bad, I discovered the holes in my system.

  10. Lessons learned... by Anonymous Coward · · Score: 5, Insightful

    I have to agree that this sort of behaviour is absolutely inevitable in nowadays everyday life. In the past it was called "social control" where small communities monitored each other's behaviour to see if somebody wasn't stepping out of line. If they would, due psychological force could be executed to get them in line again ("gossip"). Now this practice has mainly gone away simply because there are less and less small communities, and thus we need to monitor other people by different means. Ofcourse, in due time virtual communities will take over the "social control" thing in a comparable way, but it's not there yet.

    In the meantime, we shall have to rely on the usual methods of camera's, microphones, keyloggers and traitors. I think we can learn a lot from former Soviet-Russia and sortlike countries that have executed this behaviour in great practical ways...

  11. thinkgeek disclaimer? by circletimessquare · · Score: 5, Interesting

    so when is the disclaimer going up at thinkgeek?

    http://www.thinkgeek.com/gadgets/electronic/5a05/

    disclaimer: please do not buy this product and use it for what you think you were going to use it for, thank you... same with that x10 camera you were thinking about too, while we're at it

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  12. Consent by Detritus · · Score: 4, Insightful
    While they may have consented, did they really have a choice about the matter? They have to be in school. They may not be able to pass their classes without the use of the computer.

    As adults, they may be presented with similar policies. Only this time, they have the "choice" of consenting or losing their job.

    The law, in its majestic equality, forbids rich and poor alike to sleep under bridges, beg in the streets or steal bread.

    -- Anatole France

    --
    Mea navis aericumbens anguillis abundat
  13. My keylogger experience by kwandar · · Score: 4, Interesting

    I was working for the President of a company who seemed to have information about others that left me wondering. So, I ran a program, (I believe it was Spycop), to scan for anything nefarious on my computer. Nothing found, fortunately.

    However I shared this program with a colleague and she ran it and found a keylogger that would send emails from her company laptop, to a blind email account. He apparently had a thing for her roomate, a former employee, and was using this to spy.

    My colleague was shocked that this would happen, but as it appeared to have been non-functional for a while due to internet login issues, she didn't say anything, and I told her what to delete to kill the program from running.

    That way, any deletion of the software could at least appear to be accidental.

  14. Almost .... there ... by Jahf · · Score: 5, Insightful

    Should keylogging a co-worked be illegal? Yes (though if it is done by your employer and you signed consent then no, just like phone monitoring ... free will works both ways).

    Should keylogging be considered wiretapping? NO. It is a distinctly different technology and all lumping things together does is make it easier to confuse the issue the next time someone wants a warrant to do something -similar-.

    Keylogging, network interception and a whole host of other things are still quite different from basic phone taps. They should be given a distinct category that can be properly defined.

    If anything, the expectation of privacy on the line between your computer and your keyboard is MUCH higher than any expectation people have today for phones (when was the last time you started typing and realized someone else was typing on your computer as well ... VNC not included :).

    Plus, you can't expect that by listening in on a phone you are going to regularly hear someone's social security # (my bank uses it for my login id ... idiots), their credit card # (amazon), or their root password. Keylogging is far more invasive.

    In the end I think the guy should be penalized more than wiretapping, but not -as- a wiretapper.

    --
    It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
  15. Does this contradict the Scarfo case? by Dr.+Blue · · Score: 5, Informative

    Seems like the feds are contradicting themselves (I guess that's not a huge surprise). In the Scarfo case, the FBI claimed they didn't need a wiretap approval to put a keystroke logger on Scarfo's computer because they were only monitoring internal communications between the keyboard and the computer. Thus it wasn't a wiretap.

    Now the government is prosecuting someone for doing the exact same thing. Has anyone else noticed this contradiction, or am I missing some important distinction?

    1. Re:Does this contradict the Scarfo case? by _LORAX_ · · Score: 4, Interesting

      Yes,

      For those that don't know...

      In New York federal investigators used a search warrant to physically alter Scarfo's computer to install a hardware keyboard logger so that they could retrieve his pgp passwords This search warrant was a sneek and peek. They then went back in a month and took the computer on another search warrant.

      At no time did they have a wiretap warrant, they claimed that they didn't need one. This case seems like they are contradicting themselves in several ways. By prosecuting this grey hat, they may be giving Scarfo grounds for an appeal of his conviction based on the fact that the evidence was tainted.

      The reason this is important is that the requirements are more stringent for a wiretap warrant then for a search warrant, if they had had proper evidence they would have use it to get a wiretap, but they didn't.

    2. Re:Does this contradict the Scarfo case? by evilviper · · Score: 4, Insightful
      In the Scarfo case, the FBI claimed they didn't need a wiretap approval to put a keystroke logger on Scarfo's computer because they were only monitoring internal communications between the keyboard and the computer. Thus it wasn't a wiretap.

      Sorry, but you missed the boat. In that case, the key logger was designed so that it would be DISABLED when it detected an internet connection. A keylogger that doesn't disable itself will capture keystrokes being sent over the internet, which then becomes a wire-tap.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant