Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Judge Demands Details Of FBI's Keylogger 148

Posted by timothy from the butchyer-honor-it's-a-secret dept.
wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."
This discussion has been archived. No new comments can be posted.

Judge Demands Details Of FBI's Keylogger More

Judge Demands Details Of FBI's Keylogger

Comments Filter:
  • It seems to me (from what others have said) that this surveillance does not meet the criteria for a wiretap (no interception of communication etc.). So, are there any special rules about the authorities going into your home and installing a tiny surveillance camera? That wouldn't be a wiretap either. The Bill of Rights seems pretty clear: a warrant only allows them to enter your home looking for some particular and prespecified stuff. Installing surveillance equipment of any kind seems a pretty long stretch.

  • Simple Measure Against Physical Keylogger (Score:3, Interesting)

    by resistant ( 221968 ) on Wednesday August 08, 2001 @01:25AM (#2114277) Homepage Journal

    It occurs that a simple measure against a keylogger is to run a program which continuously polls the keyboard, making note of any occasion during which the keyboard is unavailable (or during which the computer has not been functioning, meaning it's been turned off), and which gives alarm to the user just before he begins work after having gone for some time. (Detection of this absence could be automated with a cheap fuzzy vision system that only checks for warmth in front of the monitor, and for motion indicative of a human and not a cat or very warm chair).

    The electricity bill from leaving a computer on all the time (as would be necessary), and the cost of a reliable uninterruptable power system, would be a small price to pay in such cases where the owner has reason to worry about spying and the implantation of such sneaky devices.

    The aim generally would be to make the computer an integrated, always-functioning system that "knows" when oddities occur, such as being turned off, or losing the keyboard, or being moved more than a few millimeters, or anything else that could be interpreted as tampering (when the authorized user is absent, obviously).

    Naturally, this measure works against hardware spying only. Software spying is another matter, but the hardware is the first and most important line of defense.

    • Re:Simple Measure Against Physical Keylogger (Score:2, Interesting)

      by Anonymous Coward
      Wouldn't have to do this the hard way. Simply fight fire with fire. Install a small hardware device similiar in size to a keylogger, except that it logs any occurance of a keyboard being disconnected. Explicit logging would not even be necessary, just a simple yes no would be sufficient.

      Example functionality:
      Install internally to computer case (as most bugs will be placed externally to reduce risk of being caught)

      When you start typing on the keyboard the device will indicate whether or not the keyboard was detached since you last typed.

      It could give warning in several ways:
      eg: audiable alarm when it has been detached.
      OR output "WARNING KEYBOARD DETACHED" to the ps/2 interface (so it gets typed on screen). This would be a good time to check out your keyboard and/or cable.

      You can monitor the cable by checking the voltage can flow through the +5v and GND lines of the port.

      You could power the monitor continuously via the WakeOnLAN power connectors on modern motherboards, and a backup battery if necessary (Though I'd just make it default to a warning if power lost).

      This can be easily achieved with PIC microcontroller or similiar, and easily fit inside a matchbox.

      Obviously there are counter tactics that can be used against it, and counter-counter-tactics, hmm since I was already building a computer alarm (functionality similiar to a car alarm) I think I might add this feature.

      NB: This is a detector only, not prevention.
      • Does not work. It is not so difficult to attach this thing to a running computer without removing the keyboard. It takes steady hands, but at least my keyboard (Chery G80-3000) can be opened when the power is on. If you clip the wires on carefully, no detector in the computer it likely to register anything. Some small additional circuitry can even make a active (i.e. requiring to cut wires in the installation) device installable without any signal interruption.

    • Re:Simple Measure Against Physical Keylogger (Score:1, Informative)

      by Anonymous Coward
      You assume a keyboard needs to be disconnected to be bugged. One post above mentions taking the case apart and finding five distinct little wires running from the internal board together to the outgoing line. There is space enough there, the post continues, to put a small circuit with five 'vampire lines' (ones with ends that you can poke through a normal line, thereby draining it enough to get its signals, without draining it so much that the signals don't go through largely unaltered) which said circuit then records the keystrokes for later retrieval. Once you screw the case back on, it's there pat, undetected, and unseen by any software.

      The physical methods you mention for securing a computer while absent on the other hand are much more fascinating.

      You can, in fact, make the whole thing provably secure by having your computer send constant image data to an off-shore server, where you have a second means of connecting to the server and ensuring that THE SERVER thinks there has never been any interruption in the broadcast, nor movement of any kind. [Needless to say, although perhaps I ought to anyhow, there is a secure connection between your computer and the server, which means that any man-in-the-middle attack would have to sniff out the session key from RAM, and you can't do that without getting physically near the machine, by which time it has seen you...or else noticed a lack of transmission.]Of course, you don't keep the passphrased private key on premises, and of course it's not in memory at the time that your computer is running in your absence. (There is, let us say a GPG'd/pgp'd partition that, when you get home, you expect to access by putting in your private key on disk, typing your passphrase, and thereby activating your 'secret' partition). If you have any reason to suspect your computer has been tampered with, then you simply remove the encrypted hard-drive and move it to a clean machine. You're a mafioso, you have plenty of new machines. Thereby, you circumvent any possible hardware and software pre-installed sniffers.
  • What exactly is the big deal of writing a keyboard driver?
    • If you read the first couple of posts, a software based keylogger would be problematic because of multiple O/S's - are you (the FBI) going to install one per boot partition? Plus, the other problem is they would be pretty easy to detect to a computer user with half a brain: . Snippet of "New" CONFIG.SYS: . blah; DEVICE=C:\FBI.SYS blah; . . assuming DOS... Which most anti-virus software would choke on... No, it's gotta be a hardware logger, or radio transponder in the keyboard/CPU. No doubt, They went out to Best Buy and got a duplicate, embedded the bug, then painted it with fake Chee-to's (TM) orange dust, Pizza Sauce and Jolt Cola (TM) stains, and surreptitiously replaced it with the original - Didn't anybody see The Soprano's Lamp Episode?
      • Well, I dont know. First find out what OS Bad Guy is using (let us assume Windows for a second). Now go and exchange (!) the existing low level keyboard driver to log (send?) the data in an unsispicious location. But you are correct, the hardware device might be more feasible. But again I guess it is small enough to be implanted within the keyboard itself. I am not sure how much it can record, but memory is getting smaller. WAY smaller ...
  • I never thought I would ever see the expression "gobbledygook" explained, in a court document, and in a footnote too!

    Isn't The Law great? I have to look into publishing legal documents for their entertainment value...

  • Hardware Keylogger secret??? (Score:3, Interesting)

    by gweihir ( 88907 ) on Wednesday August 08, 2001 @08:13AM (#2129665)
    Typical for the FBI to think they know more than everybody else does.

    A hardware keylogger can be implemented by a student of electrical engineering or any gifted amateur in perhaps a week or so. Typically a PIC microcontroller would be used together with an external serial EEPROM. With e.g. 64KByte EEPROM this would cost about 10 Euro per device and be the size of a sugar cube. The programmer hardware would cost an additional 10 Euro, software is available for free. Larger EEPROMs require a bit more work (maybe an additional day), and are physically larger (2 sugar cubes). Price would be an additional 15 Euro for e.g. 512Kbyte.

    And if you don't know how to build your own, you can buy them here [dansdata.com].

  • Scanner (Score:3, Interesting)

    by The_Weevil ( 448754 ) <weevil@nospaM.baxpace.com> on Wednesday August 08, 2001 @06:09AM (#2129841) Homepage
    Since a keyboard scans all keys several times per second it generates a signal on a certain wavelength that can be picked up with a radio (try holding your shortwave radio near the keyboard with the monitor switched off). Analysis of this signal allows people sitting in a van outside your house to know what you're typing due to the interruptions in the 'buzzing' signal normally received, which only happens when keys are pressed. The time from the start of the scen identifies which key is pressed.

    Its all very clever.

    Weevil

  • hardware key loggers (Score:2, Interesting)

    by Anonymous Coward
    i remember watching a segment on discovery channel a couple years back about an experimental key logger. basically with standard keyboard, everytime you press a key you create a small EMP. using the hardware they had they could detect which key was pressed from several feet away and even through a wall. im sure the technology is much more refined and mature today.
  • They just don't want to admit it.

    I've actually caught one attempt to hit that port by a .mil domain... but that could be anyone, and not the actual military trying to take me out.

  • They gave the judge a bunch of keycodes.... (Score:4, Interesting)

    by wowbagger ( 69688 ) on Wednesday August 08, 2001 @07:49AM (#2142629) Homepage Journal
    It sounds to me like they just gave the judge a bunch of keycodes, and the judge doesn't understand how to go from keycodes to keys.

    Once the FBI gives the judge a table of keycodes -> keys, I suspect the judge's "gobbledegook" comment will be answered. Now, the question is, will the judge accept the keystroke recorder as a part of a valid search warrent, or will the judge interpret the device to be a "listening device".

    Remember, the whole danger of this device is not that it exists, it is that the FBI went in on a search warrent, and left a listening device behind which should require a wiretap order.
  • Get yours here! [spyworld.com] (Scroll down to the Computer Snooper)

    Threat to national security, right.

  • Classified to avoid embarrassment... (Score:4, Interesting)

    by s390 ( 33540 ) on Wednesday August 08, 2001 @02:23AM (#2147810) Homepage
    most likely. The FBI probably doesn't want to admit in open court that some guy walked a couple of blocks away to "Spys-R-Us" and bought an off-the-shelf keyboard logger at 5 X retail price. It would be laughable if they weren't dead serious to hide this....

    The Government's penchant to hide everthing they do from the citizenry is insidious. How about requiring the President to personally sign each and every individual page of every single "National Security" classified document. That would certainly help cut down this effrontery of abuse, eventually. Classification by default is an insult to the intelligence and political franchise of the American people!

    When are people going to get angry about being lied to and abused in the name of holy national security? The Cold War has been over for a long time now. Is this a police state or a republic? Can anyone tell the difference anymore? Please tell me; I really do care.
  • It seems that whatever it is and however it works its basically like a wire tap or a planted microphone in terms of legal issues. And since the Court Order [epic.org] just says that they can get any information from the office including all information residing ont he computer's hard drive or removable media, but says nothing about leaving recording devices or wiretaps...It seems like this is a pretty straight forward violation of the law. Maybe I'm missing something.

  • BO2K for the FBI (Score:3, Funny)

    by Jeppe Salvesen ( 101622 ) on Wednesday August 08, 2001 @05:22AM (#2147945)
    I think I would recommend the FBI installed BO2K on these computers. That would certainly give them the kind of offsite surveillance needed. And - best part - it's free. No taxpayer dollars wasted on an expensive program. Heck - the crime lord would probably go bustin' hacker ass looking for the guy that hacked him...

    Oh no. Did I give away FBI's secret?!

    Hmm. This was supposed to be funny. I guess it actually makes a limited amount of sense. How sad.

  • How to annoy people keylogging you (keyghost) (Score:3, Interesting)

    by helixblue ( 231601 ) on Wednesday August 08, 2001 @08:42AM (#2148090) Homepage
    Step #1, Dvorak:

    This would really annoy someone. At first glance, someone will say "this device just recorded garbage!". Of course, anyone who really wanted you bad would pass some statistical analysis through it, so if you suspect you are being tracked, do a lot of perl programming. The prevalence of %!(!@%$(!@*% will throw off the %'s

    Step #2, USB!

    Glad to use an Apple G4 at the moment (OS X!). Keyghost says:

    * (MacOS & USB keyboards not currently supported).

    Keep this in mind, though I'm sure it will be rectified in the near future. Of course, they could just stick a convertor behind your machine and hope you don't notice -- so buy a machine without a PS/2 or AT keyboard port.

    Step #3, Kinesis

    They sell a cute KeyGhost Security Keyboard, that looks like a natural keyboard of sorts. Insist on a Kinesis keyboard at work! Not only are these great keyboards, but when your boss (or FBI at home) see the keyboard, they will really say to themselves.. "huh?".

    That, and you can get the QD model like I do with the dual dvorak/qwerty caps just to mess with their heads more.

    Step #4, Run a less popular OS & Architecture

    This one is primarily for software key loggers. If your in trouble with the law, the best way to play with them is to work harder. Like for firewalls, one of the best ways to keep yourself a little more secure is to use a less-common OS & architecture.

    If you say, use a Sun Ultra at home (without USB), running preferably solaris, but insert any OS here. I'm sure they will have some choice swear words when they see that your mouse plugs into your keyboard, and your keyboard .. doesn't use any kind of adapter they have ever seen.

    That and, I'd be likely to say that they don't run into many Sun workstations to sniff via software either, but feel free to run NetBSD on your Sun just to make them recompile it anyways.

    I myself ran on a Sun Ultra 10 at home till I sold it for this dual G4. They can be somewhat palatable workstations.

    Step #5, serial:

    If you really want to mess with their heads, set the machine up to have video output, but take serial input. Get an old dumb terminal out, put it on the other side of the desk, and pump in some text.

    When they come in a few weeks later and wonder why the keyboard plugged into your PS/2 port didn't log anything, they may wonder what the heck is going on.

    And somehow I doubt they've got a nise Wyse compatible keyboard logger anyways.

    Enough silly ideas, time to go back to sleep.
  • if you're not interested in nytimes registration, this story is also available here [yahoo.com].
  • To complement this fabulous new key spying technology, the FBI is now actively using special tracking devices to find the locations of certain computers. Although the FBI was unavailable for comment, keylogs of sensitive FBI laptops were obtained from an anonymous source.

    In analyzing the data received from the laptops, it is obvious that some sort of high-tech encryption has been used, since none of the information obtained contains any human-readable content. A snippet of the data used to control this high-tech tracking mechanism was released to the press earlier today. The following line from the logs seems to control this amazing new tracking technology:

    c:\msdos\tracert.exe
  • We used some similar SW on some labs I used to look after at university. It could log keystrokes, and also give the master operator control of the desktop remotely.

    We just used to set it on scan to see if any of the kids were looking at porn, if they were, we'd pop up a message on their screen and freak them out!

    It would also tell you how many WPM the admin staff were doing, so we'd place bets on who was doing the most. Stopped this when we started deliberatly messing with them to try and win!

  • Not so fast (Score:4, Insightful)

    by agentZ ( 210674 ) on Wednesday August 08, 2001 @12:33AM (#2152412)
    Before everybody gets too excited, the general public isn't going to see how the FBI did it just yet. From the Judge's Order [epic.org] regarding what the Government has to submit: "This material shall be submitted in camera and under seal. Upon review of the government's submission, the Court will then determine whether to reconsider the procedure for disclosure as outlined in this Letter Opinion and Order."

    This means that the Judge wants to see for himself exactly how the FBI device thing works. (The original government description was "gobbledegook".) From the rest of the order, however, it sounds to me like that the Judge does not believe a communications intercept has occured unless the FBI overheard Scarfo talking via a modem or other Internet connection.

    In other words, IMHO it appears that the Judge is actually leaning against Scarfo, but doesn't quite understand the technology enough to make a decision. Remember, the law very narrowly defines a "communication" when talking about wiretapping...

    • More than likely the judge is a closet geek going "man, I wish I knew where they got all those wonderful toys". Hell, I'd consider going into the military (or wherever) just for the opportunity to get into the NSA/CIA/Some other TLA just to find out all those questions I've always wanted to know:

      What happened at Roswell?

      Who killed Kennedy?

      How many licks does it take to get to the middle of a tootsie pop?

      etc...

      • What happened at Roswell?

        Who killed Kennedy?

        How many licks does it take to get to the middle of a tootsie pop?

        The last one I can answer: 311 (Yes, I was bored enough one day to count them...:-) )

      • Who killed Kennedy?

        Mayor Daley of Chicago, who created thousands of votes to give him the White House. Sorta like Jeb and Shrub.

        (Hey, it's as logical as anything Oliver Stone ever proposed)

  • Oh brother! (Score:4, Informative)

    by mcrbids ( 148650 ) on Wednesday August 08, 2001 @02:40AM (#2153202) Journal
    Go to google. Type "Key Logger", press enter.

    On the very FIRST PAGE is this link [amecisco.com] to what appears to be what we're talking about.

    3 Minutes, $80, how much did we pay for the FBI version?

    -Ben

    PS: Is it just me or has /. gotten SLOOOWW these past few weeks?

  • super secret keylogger indeed (Score:5, Funny)

    by punkrider ( 176796 ) on Tuesday August 07, 2001 @08:49PM (#2167951) Homepage

    Scarfo: "Shit, what's this little icon in the corner...I've never seen that before."

    FBI #1: "Damnit, he's onto us! Pull the plug!"

    FBI #2: "No! It's okay. We embedded it into the Virtual Vixen (tm?) EXE. He'll play with it all day and never figure it out."

    Scarfo: "Oh wow, when did I get this? This is great!"

    FBI #1 and #2 simultaneously: "MUA HA HA HA"


  • Speculation time. How does it work? (Score:5, Interesting)

    by meldroc ( 21783 ) <{moc.iirf} {ta} {cordlem}> on Tuesday August 07, 2001 @10:24PM (#2168377) Homepage Journal

    The way I see it, the keylogger could either be a software or hardware device. It may require that an agent break into the Bad Guy's premises to install the bug. Then again it may not...

    If it was a software device, it would probably be some sort of virus or trojan horse that would sit silently & log keystrokes, and transmit them to the FBI at periodic intervals. There are the issues of compatibility - there are over a dozen different varieties of Windows in general use, as well as Linux, BeOS, BSD, etc. That would require multiple versions of the software, all carefully crafted to hide itself from anyone from a casual luser to an experienced computer security expert (what the FBI likes to refer to as a "hacker".) Somewhere along the line it would probably be detected and deactivated.

    The hardware approach has the advantage of being OS neutral, and there are only a few varieties of keyboard interfaces that need to be handled. The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device. This would take a lot of time, and have several risks: The agent could be caught in the act, which is made more likely by the extra time taking the keyboard apart. Also, the agent could break the keyboard, which would make the Bad Guys aware that something suspicious was happening.

    Putting the device inside the computer would be easier - most computers are designed to be opened & serviced with little more than a screwdriver. However, the agent still has to spend time disassembling & reassembling equipment, with risk of breaking the computer or being caught and subject to Great Unpleasantness. Putting the bug outside of the computer (glued to the underside of the desk or attached to a cable) would be too easy to detect, especially when dealing with Evil Russian Hackerz(TM).

    The best way would be to use a bakery van full of TEMPEST gear to listen to the stray signals coming from the computer. The gear would be able to listen to keystrokes, as well as record everything that is displayed on the computer's screen. I suspect the feds don't want this revealed because then the Bad Guys could send thugs to kill the agents in the van, then they would be able to play with all the neat toys inside and come up with countermeasures.

    • I think FBI just turned on "secret feature" in Windows - you know, that little NSA thingie ...

      Well, this is supposed to be funny, but now I wonder whether it's joke or paranoia.

    • With all the speculation on hardware devices... as an extension of the c00lest idea I've heard so far, I offer the following:

      Embed a bit of non-volatile RAM in the keyboard controller chip. To retrieve the data, seize the keyboard, desolder the chip, and apply TTL to pins that are grounded when the keyboard controller chip is still soldered to the keyboard. Totally undetectable, and it could be done at the factory to every keyboard shipped.

      The privacy of Joe Average is "maintained" the the fact that Joe's keyboard is rarely seized. Just make sure NSA doesn't use these keyboards.

      I dub the idea "bugboards", and anyone who patents it has to deal with this Slashdot post constituting prior art.)

      To the tinfoil hat crowd: With a suitably large clandestine payment to Winbond, "they" could have been doing this to a good 30-40% (if not higher) of the keyboards in existence for the past 3-4 years. Save your original PC/AT keyboards!

      My personal speculation: If it's a hardware device, it's a Keyghost, possibly installed inside the keyboard. (Yes, if I were a Mafioso, I would check the keyboard port as part of a daily sweep for bugs. But I probably wouldn't grab a screwdriver and inspect the keyboard's guts.)

    • The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device.

      So use a Sun. Unpleasant and obvious things happen if a keyboard's pulled and reconnected...

      • So use a Sun. Unpleasant and obvious things happen if a keyboard's pulled and reconnected...

        You assume the Sun is running while the keyboard is modified. There is acertain risk in disconnecting a keyboard from a running PC as well (but it is doable). The main difference is that a Sun will usually be continously running (and might have a long boot time), while the PC is usually switched off. The problem of disassembling a PC keyboard (or a Sun keyboard) while it is still plugged into a running system however is pretty small and this is an option for installation on a running Sun :-)=)
    • Could it not be some way of trapping the electronic signals remotely? I remember hearing about this somewhere, not sure if was a conspircy theory, a movie, a book, or what....

      Theoretically though, your keyboard emits a signal (albeit through a cable) back to your computer. If you had something sensitive enough, could you not trap those signals and record them? No encryption to worry about, no sniffing on the network or packets to deal with, just pure, raw data from the source!
    • ...with risk of breaking the computer or being caught and subject to Great Unpleasantness.

      No sh*t. If I were to come home and find someone breaking my computer--or really, just in my home--he'd be subjected to Great Unpleasantness to the nth degree. Where nth degree is defined as multiple .22 in. holes in his head. When did the US sink so low as to allow pigs to break into a man's home--his castle--and listen to his private conversations? I know that it's been going on for a long time; I just wish it were legal to retaliate. If we could issue pigs speeding tickets, or fire on them, or even scream obscenities at them without being arrested, it'd be nice. They are such despicable uentermenschen.

      • Blockquoth the poster:
        When did the US sink so low as to allow pigs to break into a man's home--his castle--and listen to his private conversations?
        Um, since about 1928 (the first rulings on wiretapping from the Supreme Court). But since 1967 or so, the Court has ruled that gathering evidence by wiretap (or bug) is essentially the same as gathering it in person; that is, a warrant is needed.

        The issue here is not, Are there any circumstances under which the government has a compelling issue in obtaining evidence by wiretap, bug, or whatever? The issue is, how high should the bar be set? How hard should it be for the government to show such need?

        The FBI argues that this is not a wiretap and so it meets low standards. The defendant holds that it was a wiretap and hence needed a specific warrant to be placed.

        People like to cast these things as black-and-white: Either the government can't bug us, and we are totally free; or the government can, and we are entirely enslaved. Unfortunately for such extremists, history has always been more nuanced: The American judicial system always works on the principle of balances and tensions. What's important is to set the price of such invasions so high that they be used only in the most extreme, most justifiable conditions.

        This case is, in large part, not about the technology that is used but about the accountability of those who use it.

      • I do believe that you can legally scream obscenities at authorities, just be damned sure that you don't do anything illegal while you're in their sight. While they can't arrest you for talking at them, if you piss them off they'll follow you until you do do something illegal. (No, I don't know this from experience)

    • Re:Speculation time. How does it work? (Score:1, Interesting)

      by Anonymous Coward
      As someone who used to be in the "industry", I can say that the FBI is either way behind the times or full of shit. Most keyboards generate a lot of tempest. Some rather basic test equipment, some software and some patients is all it takes. This is OLD technology. Why do you think there is such a thing as tempest free keyboards? Considering that many hobbiests should be able to handel doing this, any foriegn power, most certainly can do it. Back in the mid eighties, revieling the techniques might have degraded National Security, but I doubt it as most classified material should have been being processed on tempest secure equipment. Speaking of keyboards, mine is a piece of shit.
    • Nah.. the FBI embed web cams in the monitors at manufacturing time. This is quite a common trick that no-one knows about, and they use it in TV's and computer monitors all over the world. They lose everything as soon as people find out and start disabling them, or typing with the keyboard out of sight of the monitor.
    • The obvious solution is to create a very small keyboard wedge, similar to the KeyGhost, but much thinner. Obviously anyone who pulls out their keyboard plug to check would find it easily (unless it were made truely tiny, maybe <1mm thick), BUT, unless the target hacker happened to be dissassembling his computer, he probably would not notice it for quite some time.

      Hell, even a regular keyghost would probably go unnoticed until he happened to look behind the computer. I'm fairly security aware, and I strip and rebuild my systems as often as a typical hacker, but I don't go checking for key loggers every time I type in my pass phrase.
    • The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device.

      They could have swapped the keyboard with an identical model that had a keyghost [keyghost.com] or similar device installed. I'm sure that at least 99 out of 100 people wouldn't be able to tell the difference, as long as the keyboard is less than ~6 months old, and doesn't have any identifying cracks/marks. By doing this, they would greatly reduce the time needed to install the device.
      • SWAPPED THE KEYBOARD ?!?

        I dare anyone reading this to tip their keyboard on its side and give the back of it a few whacks. If it isn't unnaturally clean or been recently cleaned, your keyboard hasn't been swapped. Of course this doesn't mean your harddrive is free from SnoopWare.
        • I'm just imagining the FBI guy who's job it is to eat cheesy puffs and drink coke while making as much mess as possible over the new keyboard to be 'conditioned', plus adding the requisite assortment of hair (human and cat), plus a layer of dust. What a job. :>

          Hmm... my keyboard is a mess.
      • The device could be hidden inside the keyboard, which would require the agent to physically disassemble the keyboard to install the device.

        Yes, so what? It is easy to open keyboards. On the other hand there is usually no need to so and nobody (except the curious, like me) does it. With portable soldering equipment the installation of a bug like this takes 5 minutes, just attach 5 (or was it 4?) wires.

        This is not difficult! If the keyboard type is knowen in advance the agent doing the installation can practice before and get the time down even further. The wires can also be clipped on for a traceless later removal.

        However the best job would be to hide the additional components so that they are not easy to find. This could be done by mounting the additional SMD EEPROM and, e.g., PIC microcontroller, below the original microprocessor, maybe even in holes cut into its case. This would need a very careful inspection to detect it.

        Of course the perfect job would be to get some hardware manufacturer to hide the additional chips in the casing of the keyboard microcontroller. Then only destructive search would have a chance of detecting it. Or relable a microcontroller with the same casing and the additional functionality to resemble the keyboard controller.
      • They could get away with an older keyboard if they've already scanned the room with a video camera and bodged up a replacement keyboard.

        They did it with the desk lamp in the opener of Season 3 of The Soprano's and I believe everything I see on TV...
    • You are assuming that any outside hardware logger would [keyghost.com] be [codexdatasystems.com] noticeable.

      When's the last time you looked at your keyboard cable? Or noticed if your keyboard got a little cleaner, almost like new?

    • The system that the FBI typically uses attaches between the keyboard connector and the computer. It is out of sight, at the back of the computer.

      There was a /. article on it a little while back. The site linked would only sell to approved governmental organizations.

    • Re:Speculation time. How does it work? (Score:4, Interesting)

      by dasunt ( 249686 ) on Wednesday August 08, 2001 @12:23AM (#2168857)

      I don't know about the exact adapter the FBI was using, but I have researched keyboards for emulation projects (hacking a keyboard to get many possible inputs, etc).

      Most keyboards have a "grid" made of two rows of wires, to simply put it, a horizontal row, and a vertical row (which isn't exactly true, but is very close to how it works). When you press a button, you close the circuit between one of the vertical rows and one of the horizontal rows. Now this is sent to a small circuit in the keyboard that is basically a decoder chip, that tranfers the specific horizontal row/vertical row combination into a key. This small circuit is usually on a circuit board, and is custom to each type of keyboard. So far, we are finding it difficult to put a keystroke logger into the keyboard. However, the decoder circuit is hooked up to the cable that sends it to the computer. There are either 5 or 6 wires used (I believe 5, one is extra), and there is enough space inside most motherboards that it would be possible to put a small circuit in it. All you need to do is to tap into the wires inside of the keyboard and you have a bug that can install in a few minutes, and is undetectable unless you take the keyboard apart.

      Then again, I see other posters talking about an adapter that fits on the end of the plug, in the back of the computer, which would work, but is an inelegant, and very easily found solution. Inside the computer would work also, but would have to interface to the back of the ps/2 adapter, or to motherboard traces, and I'm guessing the grounded case would hinder transmissions of signals. OTOH, cases are easier to take apart, and there is usually a lot more space.

      • A PC keyboard, be it PS/2 or AT, only uses 4 wires. Donno about mac, and it seems to me that doing this to a USB kb would be a serious pain in the ass.

        • My bad. I haven't looked at them for awhile, I was recalling this entirely from memory.

          USB Keyboards would only have 4 wires, ground, hot, data+ and data-. If USB Keyboards all work in the same way (which I'm assuming, since BIOSes have an USB Keyboard option, so it doesn't appear as if they need seperate drivers) then what I said about AT and PS/2 keyboards also holds true for USB keyboards.

          Now, for the off-topic part of this:

          What my plans are to do (probably over this boring Minnesota winter) is to get an old cocktail style arcade machine, gut it, throw in a stripped computer monitor and a hacked case to support a motherboard, and then take a keyboard splitting circuit (available on the net), and plug a regular keyboard in it, for maintainance, and the other end will go to a specially made circuit, home-etched, created by stealing the design/encoder from an existing keyboard, so I don't have to pay $100+ for Happ's solution. Since the keyboards I've examined have a small (about 2" x 4") circuit board, and runs the input grid on two sheets of plastic, I can examine the circuit board to remake the circuits, and trace the grid for the button press info. Other fun parts of this project include hacking a mouse to be a trackball (arcade style), and breaking apart a cheap joystick for an analog controller, or else making one from scratch. Oh, and probably going with DOS for the OS, since its MAME friendly, although Linux would work, with a few patches for a journelling filesystem. :)

      • I looked at the bottom of my keyboard, and it has 6 screws holding it together. You'd need a fair amount of time to install it, plus you always leave scratches on the screw heads.

        My guess it that its software.

        A probably a replacement for the windows keyboard driver. If you run BSD, I think the spooks are out of luck.
  • Hey, you got a F-i-r-s-t P-o-s-t and didn't even put the obligatory f/p at the bottom of your message!
    Since when is /. mature?
    Your comment is really funny tho. Here, let me continue it:

    Scarfo's 9 year old son: Hey, daddy, what's that icon with the FBI logo on it?
    Scarfo: Uh, it's a buisiness spreadsheet database locator accessory. Don't touch it.
    Kid: You mean it's where you keep your porn?
    Scarfo *thwaps head* Damn kids. Only bad people look at porn, son. I'm not a bad person.
    FBI Agents (together): Yeeaahhh riiighhht....
    Kid: Oh, ok, so it's just the keylogger the FBI put on your machine?
    Scarfo: Of course, what did I say it was? *mutters* Kids are so funny these days...
    • For some reason, this article appeared in the YRO section a few hours before it appeared on the main page. This explains how the 1st post could go to a non-troll, as YRO has a very low viewing population.
  • I'm glad to see that this judge isn;t buying into the FBI's lies. No matter that involves the internal police actions of a country should be secret. The FBI, ATF, etc., should not have any right to claim national security.

    Hopefully, this judge's courageous ruling will slow America's descent into a police state. The very idea that the FBI is conducting warrantless searches is contrary to everything Americans have fought and died for.
    • From USAToday [usatoday.com]:

      FBI agents installed the key logger system on Scarfo's computer after getting a search warrant allowing them to break into his Essex County business and look for a password that would unlock files they believed contained records of the illegal enterprise.

      The defense argument is that the FBI should have gotten a warrant for a wire-tap instead (apparently much harder to obtain). In other words, either the FBI was simply lazy, or they didn't have enough evidence to begin with. The judge is probably wondering whether this "device" should properly be called a wire-tap in which case all the evidence from the computer will be tossed (note that IANAL).
      • > The judge is probably wondering whether this "device" should properly be called a wire-tap in which case all the evidence from the computer will be tossed (note that IANAL).

        According to the Wired [wired.com] article yesterday:

        Another thing that's suspicious, says the defense, is that the log from the program ended as soon as it shows Scarfo's PGP passphrase: "The odds of someone subject to a 60-day period of observation via keystroke recording providing what was sought on the very last typed entries are alarmingly high."

        This would be impossible (or at least highly improbable) with a hardware device. With software, however, it could be done - log everything until you see PGP running and a passphrase being entered. Then stop logging.

        I have a hunch it's software, not hardware, for another reason.

        This whole case revolves around whether the FBI "placed a bug" (i.e. wiretapped) or not. "Bug" has traditionally meant a hardware device, which does not appear to be covered by the warrant. (If they had a warrant to place a bug, the defence wouldn't be arguing otherwise).

        Even the most kl00less n00b of a judge would be able to see that a Keyghost or other hardware-based key-logging device is fundamentally the same as a microphone. One logs keystrokes. The other records voice. If the warrant didn't authorize the placement of an audio bug, it probably didn't authorize placement of a keylogging bug.

        But if it's software, the Feebs can argue "Hey, it's not a device, it's just ones and zeroes on his hard drive. We left nothing, we just tweaked some magnetic lines of flux on a spinning piece of metal."

        The funny part is that this is the same FBI whose lawyers are arguing (eg. DeCSS, Sklyarov, etc.) that even source code can be a "circumvention device". I guess code is a "device" when it serves the FBI's purpose, and "not-a-device" when it... well, serves the FBI's purpose.

        The sad part is that it's going to take a pretty enclued judge to figure out that if DeCSS is a "device" for circumventing protection, then a keylogger -- even if it's just software -- is just as much a "device" for conducting a wiretap of the line between a keyboard and a computer.

        Finally, doing it in software enables them to turn the logging off after they capture the PGP passphrase. I speculate that they realized they were treading on the outer fringes of what they could legally do under this warrant, and wanted to be able to make at least some claim that they minimized the amount of data to be captured.

        All of this leads me to believe it was a software device, not a piece of hardware. "If we can't get a warrant to place a wiretap, let's do it with software, and then if the defence argues otherwise, we might at least have a shot at convincing the judge that software isn't a "bug" because it's made of bits, not atoms, and the wiretap law was written when the only technologies for wiretapping required atoms."

        (The obvious argument for the defence: "In that case, Your Honor, we submit that the instant the software ran on the defendant's computer, the FBI had effectively installed a bug. Instead of it being the cute little ones you read about in Tom Clancy novels, it was a full-tower 1G Athlon bug. But it was still a bug.")

        That said -- let's have an open mind. Maybe they're doing something more advanced than installing a Keyghost. Maybe they're using a new way of installing software known only to the 'l33t d00dz in the intelligence community.

        Finally, maybe the technology is also in place now on real threats, and the bugs - hardware or software - weren't planted by "cops operating with a warrant", but by intelligence agents (or double agents), whose lives would be jeopardized by their targets' acquiring the knowledge to detect these bugs.

        As much as I mistrust the FBI, if any of those scenarios is true (and they're all plausible), it doesn't matter how weak the FBI's case is in the case of this mobster, the tech should remain under wraps.

  • What if... (Score:4, Funny)

    by Scorchmon ( 305172 ) on Tuesday August 07, 2001 @11:10PM (#2168564)
    the FBI sent the keylogger to him in an e-mail message along the lines of "I send you this file in order to have your advice." They couldn't be held accountable as he willingly opened it.
  • Good God! Stop the presses! Does a member of the legal community (and in this case a judge) perhaps understand true legal implications of arguably abusive technological practices by the government? I would truly be interested in reading a bio of this judge. After searching through google, I could not find any relevant information. Anyone?
  • give me a break, give me 10 min, a C compiler and a text editor and I'll make you one, lol.

  • What are they afraid of? (Score:4, Interesting)

    by r_j_prahad ( 309298 ) <r_j_prahad@@@hotmail...com> on Tuesday August 07, 2001 @11:23PM (#2168607)
    If this new bugging critter from the FBI is not a violation of our constitutional rights, then they should be able to describe it to the judge in such a manner that they will be able to keep using it.

    But I'm getting the impression that's not possible. Which should tell you a lot.

    • I don't think there's necessarily a connection between being able to describe it and whether or not it violates our constitutional rights. What it also implies is that their method, once known, is easily defeatible -- "security through obscurity" rearing its ugly head.

      It seems to me possible that the FBI is using a device that can actually monitor a keyboard without touching it. If you ever turn the volume on your soundcard way up, you'll notice that you can hear in the static different notes depending on which keys on the keyboard you press.

      This isn't something the average shmuck could defeat easily if he knew about it, but the larger fish which make and break FBI agents' careers do have the resources to install jammers for such occasions. So it is quite possible that the FBI has a point here.

      • But we knew that already

        Well, *you* might not have known that already, but I did. It's also possible (with appropriately advanced equiptment) to recreate what is on a regular monitor (I'm unsure of LCDs) by the frequencies it bleeds as well.

        It's just rather technologically difficult. But we already knew it was possible.

        Certainly the FBI doesn't think everyone is that stupid (um..never mind)

    • > If this new bugging critter from the FBI is not a violation of our constitutional rights, then they should be able to describe it to the judge in such a manner that they will be able to keep using it.

      Maybe the judge should just have one installed at the FBI HQ, so he can see for himself what the FBI are saying about it.
  • just that the judge is taking submissions.

  • Revealing the FBI's secret... (Score:4, Informative)

    by sheldon ( 2322 ) on Tuesday August 07, 2001 @11:26PM (#2168631)

    This [slashdot.org] was mentioned on slashdot a year ago.

    A company called Keyghost [keyghost.com] makes a small device that you place either inside a keyboard, or in between the keyboard and the computer that will log several kilobytes of keystrokes.

    I would assume this is similar to the super secret technology that the FBI used.

    • Geez - you can buy them on ebaY for $50.

      Perhaps the fbi should hurry to quash:
      http://www.keykatcher.com/howitworks.htm ???

      Maybe they're not willing to admit that they squandered millions of our tax $$$ to reinvent something that has been available from china for years?

      Shit - if you have physical access to the guy's keyboard, any sixth-grade kid should be able to snag the keystrokes with a PIC or SBC?

      ;)

    • Re:Revealing the FBI's secret... (Score:4, Informative)

      by ckm ( 87462 ) on Tuesday August 07, 2001 @11:51PM (#2168740) Homepage

      Yes, and they even advertise it as such.

      From their homepage:

      KeyGhost II Professional Special Edition: This model stores up to 2,000,000 keystrokes with 128-bit encryption. It is recommended for long-term monitoring and computer security control. This model is designed for government agencies, such as the police or drug enforcement, which are engaged in long-term computer investigations. A 'Turbo Download Adaptor' is highly recommended when using this model, as using 'Ghosting' to retrieve the keystrokes may take several days. Retail Price: $US 349.00

  • National security - yeah right... (Score:1, Interesting)

    by Anonymous Coward
    Ummm... At the last Vegas security expo, I picked up a keylogger (8k) offered by some company... Plug keylogger into computer, plug keyboard into keylogger...

    It looks like a simple torroid RF blocker on a keyboard cable at first glance... Then again, given the amount of dust, mummified donuts, dead , cables, and cat hair - I never look at my keyboard port anyway...

    On disassembling the keyboard to install the device: I can just about guarantee you that the FBI would know what type of keyboard this guy had, would buy one exactly like it - take it apart at their shop, install their junk, and then swap 'em so he wouldn't know... They don't take anything apart right there - that's the best way to get discovered and killed...
    • Nobody could ever swap my keyboard without me noticing. It's far too dirty; last time I turned it upside down and shook it, you won't believe how many breadcrumbs fell out.

      This is what comes from eating at your desk :)
    • so, if they did that with my keyboard, would they vacuum out all the crumbs from between the keys of my old keyboard and insert them in the new one? Then they'd of course have to add cat hair stuck to it by coca cola fizz residue... oh and don't forget the various websites written down in clear spots.. and of course they better make sure that "M" key is sticky..
      • You're keyboard sounds like mine! .. maybe the FBI swapped them? :>

        The one currently in place on my home computer has a UK keymap too (since I moved from the UK to the US) .. I wonder just how many keyboards the FBI would need to buy in order to have every make and model in every keymap available .. hmm...
      • My particular keyboard is about 7 years old. It has the "Packard Bell" logo on it. Its had the gloss from the oil on your fingers removed with a few runs of sandpaper. Its fairly dirty. Can this keyboard be replicated? Probably not. Plus, my computer is mounted so looking to my left shows the back of it (its in a "stack" of 2 computers sitting next to each other, raised off the floor by an old Mac Quadra). The front of computers are boring anyway. I can be semi-relaxed for now!

  • Been around for years.... (Score:3, Interesting)

    by ckm ( 87462 ) on Tuesday August 07, 2001 @11:38PM (#2168683) Homepage
    A while ago (mid 80's, I think), it was discovered that typewriters had been bugged by the Russians at the American Embassy in Moscow. Apparently, the KGB had managed to stick a low powered transmission device under each key of the typewriter. This allowed them to 'see' what the person using the machine wrote....

    This is probably just a variation of that.

    Chris.
    • Actually, they dident need to bug the typewriters at all. They just needed an audio feed of people doing the typing on the old "ball" stye of IBM Selectric typewriters. The Selectrics had a round ball that had all the type one it and it returned home after each key press. The KGB was able to determin the what letter the typist pressed buy measuring the amount of time between a key-press and the 'thunk' of the ball hitting the ribbon and paper.
    • I think it's more likely that the FBI has made use of so-called "tempest radiation." It's an interesting field of espionage because it allows you to pluck information directly off a wire-- such as the PS/2 or USB cable that connects your keyboard to the computer (though more likely, your very noisy UTP LAN).

      Basically, tempest eavesdroppers exploit the electromagnetic radiation generated by things like your monitor, UTP Ethernet, serial cables... in some cases the radiation thrown into the shortwave band is broadcast fairly significant distances... also advanced techniques -- such as irraditing a building with a certain frequency of electromagnetic radition -- prove that it's been possible to pluck individual instructions of a CPU.

      The most simple form of tempest eavesdropping is reconstructing the image displayed on your CRT, however, it would also be possible to grab keystrokes from a PS/2 cable (or your pin code from the serial cable that connects the keypad of an ATM)...

      Actualy CRT eavesdropping is fairly simple... all you really need to get started is an old B&W TV with manual sync signal adjustment (the sync signal on a monitor usually isn't powerful enough for "home-made" [i.e. crude] eavesdropping devices to detect-- so in order to get a coherent picture you need to manually control sync.)

      Do a search on Google for tempest radiation [google.com]-- you'll find all sorts of interesting things... Check out also Tempest for Eliza [erikyyy.de] -- it's a neat functional demonstration. With it, you can use your monitor to broadcast music on the shortwave spectrum. It's sort of eerie actually.

      BRx.

    • I heard a similar story, only it was a microphone in the typewriting device (an IBM model?). The trick was to identify the distinct sound made each time the mechanism made selecting the letters. I seem to remember that it was one of those ball type or something where it had to manipulate some mechanics to bring the correct letter around to the paper, so they had enough mechanical sound to work with. Pretty clever if its true.
  • how their toy works. ze germans?
    • The Russians, the Chinese, and every other country that routinely run 'agents' against the US of A. As the chief counter-intelligence of the USA, the FBI is probably using these things against all sort of confirmed and suspected foreign agents. And now the FBI'll be forced to explain exactly what the thing is, how it works, what it looks like, and a lot of 'spies' are going to check their computers....

Slashdot Top Deals

An authority is a person who can tell you more about something than you really care to know.

Close