FBI Files Brief on Scarfo Keylogger 249
Firewort writes: "In an affidavit (warning, it's a PDF) filed with a federal court in New Jersey, the FBI has disclosed some of the details of a controversial "key logger system" used to obtain the encryption password of a criminal suspect. They go into great detail describing PGP and the different methods they might have used to keystroke-log Scarfo to get his encryption key." Interesting, and more technically sophisticated than the basic keyloggers which grab keystrokes indiscriminately.
keystroke blackbox (Score:2, Interesting)
More keyboard logging (Score:2, Interesting)
Scarfo's Password (Score:3, Interesting)
Ctrl-V ? (Score:3, Interesting)
Re:A simple keystroke logger can be elegant, too (Score:2, Interesting)
Re:Scarfo's Password (Score:4, Interesting)
Two words (Score:0, Interesting)
Re:Ctrl-V ? (Score:2, Interesting)
Re:Ctrl-V ? (Score:3, Interesting)
Yeah, but how many millions of phrases are on your computer? The one that is your passphrase doesn't have to be obvious. (ie, brute force attack with the entire contents of the drive should slow someone down.)
But, even better, you don't even have to leave the phrase laying about for longer than a few seconds. Just open up a web page, select the a few char of the password, and paste it to a temp file. Open up another page and copy another block of char and paste that to the file. Keep doing this until you have a complete password, copy it and close the file w/o saving.
Anything that is recording your input stream from the keyboard is just going to see you just web surfing a doing a lot of copy and paste.
Re:Ctrl-V ? (Score:2, Interesting)
Linuxrunner
Re:Doesn't it seem strange (Score:3, Interesting)
True, but that does not mean that they are not going to break the rules. The knowledge that they couldn't use the evidence would in no way deter them from collecting it.
Unlike your local PD, the FBI risks a lot more harm than possible benefit from such a strategy. All it would take is one whistleblower to make the whole thing blow up in their faces. I suspect that if the FBI says they are using those communication restraints it is because they are. Even the political damage, much less the criminal liability of lying to the courts, would be overwhelmingly more costly than losing this relatively unimportant case.okay let me get this straight (Score:3, Interesting)
Did anyone read that whole thing? It seems that the FBI had a keystroke logger that only came on when the modem was off, with the belief, I assume, that the computer isn't a communication device unless the modem is on.
So then the wiretap laws wouldn't apply when the modem is off? Is my interpretation correct?
Strange loophole..
But you miss the entire point (Score:1, Interesting)
Now how to be safer.
Use openbsd, with an encrypted filesystem and swap. Everytime the feds serve a search warrent. Sell your old computer, buy a new one keeping the hard drive. Use dd to copy over the hard drive information, destroy the old hard drive.
Other things you need to consider. The feds could install an video bug above your keyboard on the ceiling. Also the radiation eminating from your keyboard cable and monitor could be passively monitored and data recovered. I recomend using lap tops and conducting business from inside a limo using a wireless conection. Replace the limo if their is ever a possibility police involvement. If you are running a drugs/prostitution/gambling empire you should have more then enough money to make up for the extra expenses.
Re:Bypassing the keylogger (Score:3, Interesting)
Option #1
Some have suggested saving that phrase in a text file and then copy/paste from there would work, except that your passphrase is now in clear text on your hard disk. Any search warrant against your machine would find that file, and your private key becomes compromised.
Solution there is to open a text editor before going online, entering the passphrase there. go online. Get the mail and then copy/paste the passphrase, close text editor w/o saving.
Option #2
download the email off the mail server (ie, POP it off the server). Go offline. Enter passphrase and read message.
Likewise, dont write emails while online. Write and encrpyt first, then go online to send. The keylogger appears to be able to pick up your typing of the message if you're online as you write it. (this also saves you $$$ if your ISP is cheap enough to still be charging per hour rates!)
Hardware or Software (Score:1, Interesting)
Until recently I had thought the hardware approach more likely. It's easy to install a bug in the keyboard cable, and such devices already exist on the market.
But one passage in this affidavit caught my attention:
A hardware device would have been easy to install even if the computer wasn't "operative" (as long as it was actually there). This strongly suggests that the logger consisted either of software modules hacked into Windows, or possibly a hack to the BIOS firmware.
The software/firmware approach does have the advantage of being less easily detected by a naive user. The average Windows user wouldn't have a clue as to how to look for cleverly hacked DLLs or system programs.
Still, once the threat is known the countermeasures are pretty obvious:
Use an open-source operating system that can easily be rebuilt from trusted sources
Use Tripwire to detect modifications to system programs
Improve physical security. Use a laptop and keep it in a safe when not in use. Use IR motion detectors, to quietly log any intrustions in the vicinity of the safe and/or computer.
Anybody have any other ideas?
"The B. got a prob cos she think she's....." (Score:1, Interesting)
> than the basic keyloggers which grab keystrokes
> indiscriminately.
If (PGP == RUNNING)
{
for (k = 0; k 256; k++)
{
if GetAsynchKeyState = -32767
log(key, time);
}
}
How sophisticated is that? Lame...
_____________________________________
Do YOU have "Nagelsvamp"?
www.nagelsvamp.nu