Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy

Judge Upholds FBI Keyboard Sniffing 285

Posted by michael from the black-bag-job dept.
mshiltonj writes: "Wired is reporting that keyboard sniffing can be used to catch "mobsters." I feel safer already. You can read the ruling. Here's a snippet: "This case presents an interesting issue of first impression dealing with the ever-present tension between individual privacy and liberty rights and law enforcement's use of new and advanced technology to vigorously investigate criminal activity. It appears that no district court in the country has addressed a similar issue. Of course, the matter takes on added importance in light of recent events and potential national security implications." Translation: Don't deny us this tool or you'll be blamed for us not catching terrorists." See also an Infoworld article. We have several previous stories on the Scarfo case.
This discussion has been archived. No new comments can be posted.

Judge Upholds FBI Keyboard Sniffing More

Judge Upholds FBI Keyboard Sniffing

Comments Filter:
  • I'm glad to see the courts upholding our rights to have unusual fetishes such as sniffing other people's keyboards.

    If I remember correctly, J Edgar Hoover was the FBI's original keyboard sniffer.

  • how do we protect ourselves? (Score:3, Interesting)

    by Sebastopol ( 189276 ) on Friday January 04, 2002 @03:51PM (#2787220) Homepage
    so we know they can now break in and install a device as well as slip in a trojan.

    what solutions are there? as for software, i've seen one site about free-ware antivirus, but it was linux only (like linux needs av software!). it would be nice if there was open-source AV for windows. any pointers?

    as for hardware, other than having intimate knowledge of your own hardware (always checking your keyboard cable connection and keeping your chassis open for inspection), i can only think of sealed, tamper proof computer chassis.
    • Zdnet, of all places, actually just put out an article [zdnet.com] covering how to protect yourself against hardware keystroke loggers.


      The author, David Coursey, has been hit and miss with his articles, but when he gets it right, he's pretty good.

  • Important point (Score:3)

    by wiredog ( 43288 ) on Friday January 04, 2002 @03:51PM (#2787221) Journal
    armed with a court order

    I don't see anything wrong with the police searching, or spying on, someone if they first get a warrant.

    • Are the police allowed to break into your home and plant "bugs"? Are they allowed to sneak in, read your snail mail, without your permission or knowledge? Can they pop the lock on your car trunk, riffle through its contents, all without you knowing?

      If they're already granted rights like this, then I suppose the keyboard bug isn't much different.
    • It would be ok if the judges are actually limiting the warrents they approve. Unfortunatly it's seeming like judges are just rubberstamping anything put in front of them. If the reason for the search is 'an informer told me', then it should be rejected.
    • "I don't see anything wrong with the police searching, or spying on, someone if they first get a warrant."

      That's all nice and good, but just to clarify, you quoted text about the FBI being armed with a "court order" as opposed to a "search warrant". It's my understanding that a search warrant has a higher standard of justification that must be met before a judge may issue it.

  • In my mind the real question isn't about the keystroke recorder, but the fact that the govt. let them essentially break-in and secretly install it. Yea yea, he's a "known criminal" in our innocent until proven guilty state, but this mean that they can use the same tactics on *anyone* not just criminals.

    It definitely bothers me.

    • Re:They had a court approval, but... (Score:4, Insightful)

      by agentZ ( 210674 ) on Friday January 04, 2002 @03:59PM (#2787303)
      The FBI still had to obtain a search warrant. That means they have to go before a judge and show that there is probable cause (i.e. enough information available to convince a reasonable person) to believe that such a search will yield evidence of a crime. The FBI can't just do this willy-nilly. They have to get a judge's approval first.
      • Of course, it's more or less an open secret that wiretaps are often done without a wiretap order, and the order is either gained after the fact, or just never at all. And with a sympathetic judge (and don't think that the FBI doesn't know which ones to call), you can get a search warrant on vanishingly little evidence. Of course, the evidence from the search may get tossed in trial, but trial evidence isn't neccesarily what they need, either.
        • it's more or less an open secret that wiretaps are often done without a wiretap order

          Really? If an agent runs an intercept without court authorization, they are personally liable for civil damages for running an illegal wiretap. If you know of this happening, you should contact your local US Attorney's office. For more information, check out 18 USC 2520 [cornell.edu], which says, in part, "any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity which engaged in that violation such relief as may be appropriate" and then goes on to spell out civil penalties of "the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation; or statutory damages of whichever is the greater of $100 a day for each day of violation or $10,000."
          • Blockquoth the poster:

            Really? If an agent runs an intercept without court authorization, they are personally liable for civil damages for running an illegal wiretap

            Does anyone have any stats or stories about law enforcement people being busted under this? I'm not being argumentative -- believe it or not -- but it'd be handy to see if this sort of legal protection is actually effective.
  • What are you worried about? I doubt they were cluefull enough to make a Linux version of the sniffer. ;-)

    -Pete
    • For example, the KeyGhost [keyghost.com] is a hardware dongle that records keystrokes. Requires physical access to install.

      I've actually seen similar products for sale at $99 in consumer electronics catalogs as a way to catch your kids surfing porn.

      While I have not (yet) seen equivalent products for USB on the market, sniffing USB is even easier than PS/2.

      • While I have not (yet) seen equivalent products for USB on the market, sniffing USB is even easier than PS/2.

        I'm sorry, I just get annoyed when people say things about which they have no idea. What part of sniffing USB is easier? The hardware would be much more complex. You have to identify which frames belong to the keyboard and not the printer, scanner, mouse etc. if you are using a hub. There's a lot more information to process and if you want to process it later, then you have to store a lot more. I don't see how it's any easier, actually its harder. PS/2 on the other hand is a very simple protocol, very simple hardware can process it.

        If you were perhaps talking about the software level, you still have to hook into the keyboard drivers, the USB or PS/2 stuff is abstracted to the keyboard driver, so on that level they are about the same degree of difficulty. And actually, sniffing linux is pretty easy too, I'm sure the FBI could do it, granted they would have to recompile the kernel since the keyboard stuff is usually not a module, but very do-able...

  • Installation (Score:5, Interesting)

    by syrupMatt ( 248267 ) on Friday January 04, 2002 @03:56PM (#2787271) Homepage Journal
    I'm sure others will notice this, but how exactly does the installation of the sniffer take place? Since there is no warrant, and only a court order, do the authorities have the legal backing to "break and enter" a computer to install the sniffer? Is a computer awarded the same rights as a physical place (i.e. apt, home, etc...)?.

    Also, if the sniffer is sent as a trojan'd email or program, could this lead to entrapment defenses based on the enticement used in the delivery method?

    • Re:Installation (Score:3, Interesting)

      by RobertGraham ( 28990 )
      In the Scarfo case, the FBI entered in a "black-bag" operation (breaking-and-entering the building) and found the encrypted file when they physically accessed the computer. They broke in a second time to install the keylogger. They had valid warrants under current U.S. law in order to do this.

      In the Magic Lantern system, they propose either hacking into the machine from the Internet, or more likely, install a transparent proxy at the ISP that attaches a trojan to any .exe the user downloads from the Internet.

    • 1) The court order authorized them to use "intrusive methods" to place the device.

      2) As I understand entrapment, the action the defendant has been enticed into has to be (or lead to) what they are being charged for.

  • System Security (Score:3, Insightful)

    by Wanker ( 17907 ) on Friday January 04, 2002 @03:56PM (#2787272)
    Sounds like another good reason to make sure your systems are secure if both the white and black hats are trying to break into our systems.

    Here are some excellent step-by-step instructions on securing Linux [enteract.com], Solaris [enteract.com], and NT [enteract.com].

  • I don't see what all the fuss is about (Score:3, Funny)

    by mr_gerbik ( 122036 ) on Friday January 04, 2002 @03:58PM (#2787286)
    Who cares is the FBI smells my keyboard? It prolly just smells like sweat and doritos.

  • Active and passive wiretapping (Score:5, Insightful)

    by 2Flower ( 216318 ) on Friday January 04, 2002 @03:58PM (#2787293) Homepage

    The real danger here lies in how wiretapping is shifting from being an activity you need to actively monitor via an external resource, and is becoming a self-contained object you drop into the suspect's house and fetch later. The latter you only need a court order. The former you need a full warrant.

    Until a judge figures out that loggers and tappers are basically the same thing with two different methods of planting and unplanting, this ruling will stick, unfortunately. And once voice recorders are small enough to be plantable devices without any active collection needed (or video recorders, or combination video and audio and keystroke and data packet sniffer and so on) then little black boxes can sneak into anyone's home on thin suspicion.

  • Smart card readers (for your key), and voice dictation software. A keyboard logger can't work, if you don't user the keyboard.
    • They have that really cool one where they shine a laser through your window and it lets you listen in on conversations in the room with the vibrations sounds make in the glass of the window. There are other options for video, too.

      Of course, the trick is not to plant the bug, the trick is to plant the bug in such a way that your intrusion is not discovered. I suspect that the brighter folks in the criminal world will be focussing on detecting such intrusions more than they will be focussing on preventing them.

  • Making the details known to the populace (Score:5, Insightful)

    by adamy ( 78406 ) on Friday January 04, 2002 @04:00PM (#2787312) Homepage Journal
    The US has the concept of the citizen/soldier. Basically, the average citizen is required, when called, to provide for the common defense.

    While police are not the military, they are still providing for that common defense. Why should anything be reserved to a government agency, and kep away from the people at alarge? Isn't this a government of the people, by the people, for the people? A lifetime membership oin the public beauraucracy [sorry for my spelling] is a frightening thing.

    I'm starting to think the ancient Athenians had it right.
    Public service there was should be involuntary, random , and short.

    I am a former Military officer, so no need to tell me about military secrets and stuff like that. Far more of our offensive ability comes from our advanced manufacturing power than scientific advances on the US has. I've served my time, and have now returned to the (server) farm.

  • The 4th Amendment is alive and well (Score:4, Informative)

    by alen ( 225700 ) on Friday January 04, 2002 @04:00PM (#2787313)
    contrary to /. belief. It specifically states that law enforcement needs a search warrant before searching your property or person. Now since they didn't have tcp/ip or telephones in those days it's up to the court system to update the meaning of our constitution as times and technology changes. That's how it has always worked. If you're a suspect and a search warrant is issued our law enforcement agencies have been able to search your property for the last few hundred years.

  • This is the same as wiretapping (Score:4, Insightful)

    by Binx Bolling ( 60970 ) on Friday January 04, 2002 @04:03PM (#2787339)
    Come on. There is absolutely nothing wrong with this. This is exactly how police surveillance should happen. A court order is still required. It is difficult to do on a large scale, at least when a physical key logger is used. It does not require people to use broken encryption. The problem starts when people are forbidden from verifying the integrity of their own computers.

    bb
    • Now all those real sys admins can start earning some nice kickbacks from shady ISP customers for bug(as in wire tapping not GPF) free browsing and from your local SS/FBI office for ratting out the ones that wouldn't pay you. Its creating organized crime oppertunity not preventing it. Hey at least I would be able to afford housing in CA for once.

  • dudes, (Score:2, Funny)

    by cosmo7 ( 325616 )
    they probably won't shut down mobster - they'll just have a long string of court dates and then make them switch to a subscription model.

  • Proper procedures were followed (Score:5, Informative)

    by libertynews ( 304820 ) on Friday January 04, 2002 @04:07PM (#2787376) Homepage
    Here's the relavent part of the decision:

    "Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named ?Factors.?
    Suspecting the ?Factors? file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a ?Key Logger System? (?KLS?) on the computer and/or computer keyboard in order to decipher the passphrase to the encrypted file, thereby gaining entry to the file."

    Note that the FBI has a warrent for the first entry, and returned with new warrents to install the KLS. I'm as paranoid as the next guy about government intrusion (hence my Libertynews.org [libertynews.org] website) but the FBI followed the rules here. And as detailed in previous articles they actually bent over backwards to make sure the KLS did not record any of his online keystrokes.

    This is the kind of thing that civil libertarians should be applauding, proper use of warrents and use of technology to limit the scope of thier intrusion.
    • Well, I could still see a number of problems. One is that (arguably, and the judge obviously disagrees) they should have gotten a wiretap order, not a search warrant. Second, I would question whether or not the first warrant applied to his computer. Third, how did they decide that a file name "factors" had anything illegal in it? I'll give you 10 to 1 odds that the "probable cause" was simply the fact that it was encrypted.
    • they actually bent over backwards to make sure the KLS did not record any of his online keystrokes.

      Wiretap warrants require more probable cause, because they will capture _everything_, not just the particular conversation the cops are after. So, instead of getting a wiretap warrant, they got a warrant to go after the encryption key and configured the KLS to discard keystrokes when the modem was active, therefore it didn't catch any keystrokes that were being _directly_ transmitted.

      That's highly Jesuitical reasoning. Quite obviously if Scarpo typed e-mail off-line, then dialed in to send it, the KLS would capture that. Sounds like a wiretap to me. More to the principle of the laws, KLS captures everything typed in whenever the modem is off, not just the item specified in the warrant.

      Note that although the FBI insisted and finally convinced the judge that the KLS system was "secret" and so the court and Scarfo's lawyers could only see an edited version of the specs, they did let out how to beat it. Keep that modem running! (Wouldn't an ethernet connection also do this? It's continually active on an external cable, and so under their definition of "wiretapping" KLS would have to stay off.)

      To me, it looks like the courts are going nuts over tiny technical details, which they hardly understand, while missing the big picture. The FBI has lied and concealed evidence about Waco, protected one of their agents who turned out to be spying for many years (Hansen), and at least one field office (Boston organized crime task force) has become difficult to distinguish from the mobsters. And it's pretty clear by now that if anyone is ever disciplined for Waco, it will be a letter of reprimand sent to their retirement home, and I have no reason to expect any significant firings over the other misdeeds, let alone agents going to jail. Yet, the judge will take the FBI's word for it that the KLS has to be secret and the sanitized description released is sufficiently accurate.

      If I could trust the cops to obey the laws and their procedures, I wouldn't worry much about technicalities...
      • How many people here would LOVE to catch someone in the act of futzing with their boxes? If they try this on someone who is halfway awake then the cat is out of the bag. One way or another, the software and physical devices involved are going to be revealed. If they're lucky, it will be "HA! HA!" cypherpunk style messages posted loudly to the net. If they're unlucky then organized crime types are going to have a joyous time feeding them misinformation. Mafiosi can employ good IT and security people too. If enough of this sort of thing happens then they certainly will.
        • Blockquoth the poster:

          Mafiosi can employ good IT and security people too.


          Of course they can, like Cosmo [imdb.com]. :)


          Martin Bishop: Organized crime?

          Cosmo: Hah. Don't kid yourself. It's not that organized.

  • Do they really think...? (Score:2, Interesting)

    by KC7GR ( 473279 )
    ...that this will be at all effective? Think about this:

    First off, how many people are NOT running Lookout Distress or similar Gatesian Bloatware for their E-mail? Those who fall into this category WILL see the 'Magic Lantern' worm as an unexecuted file attachment, one that is likely to be quickly deleted.

    Second: How long is it going to take the computing community "At Large" to dissect how ML or any other keyboard logger works, and come up with a very effective countermeasure?

    Third: How long will it take seasoned criminals to grab said countermeasure? The ones that are computer-savvy can download and install just as well as any techie.

    This whole exercise seems to be little more than useless window dressing to me. It almost looks like a (somewhat desperate) attempt by the FBI to fool the public into thinking they're effectively fighting terrorists when they may not have the slightest hint of a clue.

    I don't pretend to have all the answers, but I really don't see what good monitoring Lord only knows how many computer keyboards will do. And how is a typical consumer, who can barely find their system's power switch, going to know if they're being monitored?

    • Third: How long will it take seasoned criminals to grab said countermeasure? The ones that are computer-savvy can download and install just as well as any techie.

      No, smart criminals will not remove this, they will sabatoge it. That is it will still be there, and appear to function correctly, except it will only log legal activity. (ie posts to /., irc sessions, email to mom.) The things that you don't want known won't be loged.

    • How long is it going to take the computing community "At Large" to dissect how ML or any other keyboard logger works, and come up with a very effective countermeasure?

      (Assuming we're talking about the software loggers...)

      At first, I thought FBI probably has a good thing going. It's not like this thing is a virus. Only the suspect's computer will be compromised, so it might take a long time for the security community to get a copy of FBI's malware. And they can't look at it, if they can't get their hands on it.

      Except... someone who "practices unsafe computing" enough to be vulnerable to FBI software attacks, is vulnerable to other attacks as well(*). So the next year's Sircam will eventually mass-mail the FBI software out to everyone in some suspected criminal's MS Outlook address book. "Don Corleone, I include this file for your advice..."

      (*) That's the whole problem with FBI's attitude that they must have a way to gather evidence this way. If FBI even has the capability (warrant or not) to do this, then computers are vulnerable to criminal attacks as well. A world where the cops require that everyone leave their front door unlocked, is Burglar Paradise.

  • Key points (Score:5, Informative)

    by RobertGraham ( 28990 ) on Friday January 04, 2002 @04:09PM (#2787390) Homepage
    The ruling centers around the question whether this was a wiretap of the phone line. The FBI had search warrants to obtain the passwords, but they did not have a wiretap order for his phone (Scarfo used AOL dialup). Thus, if the keystroke monitor was active while he was chatting on IRC, then it would be the equivalent to a phone wiretap of his AOL communications.

    In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.

    Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".

    The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).

    Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com [robertgraham.com]).

    • I feel the wheight of many wedges.

      Isn't some kind of bizare expectation of privacy [google.com] principle at work here as well? That so many people are denying such a thing for all things internet is very disturbing and in sharp contrast to laws for now obsolete communications methods, phone and post. How the bastards decide that the government can look into my private communications without reason is much less important than the fact that they will do so. The fourth amendment is going away.

      What's to keep them from putting cameras into your house? That have worked just as well to get the passwords.

    • I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.

      An interesting point, but remember that only the actual communication itself is protected under the wiretap statute, 18 USC 2518. That is, the actual bits you sent as e-mail are protected by this law. Any drafts or other documents you make on your computer are protected as stored communications, which are discussed in 18 USC 2703, also called the Electronic Communications Privacy Act.
    • This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode.

      I found that out the hard way, and the buggers made the upgrade to the power-management-friendly version (7.x) a paid upgrade. It did include a bit of new functionality (the ability to create self-decrypting archives), though.

  • This is a Double Edged Sword... (Score:3, Insightful)

    by Freija Crescent ( 452135 ) on Friday January 04, 2002 @04:25PM (#2787520) Homepage Journal
    that I don't want the government brandishing.

    Don't get me wrong, I'm not one of the types that thinks everytime the government makes a new law or whatever that it is a bad thing. I simply feel that privacy is one of our most sacred freedoms.

    If the government taps me accidentally instead of their intended target, and they discover me doing something that violates a law in a minor way, they are going to pursue getting a warrant so that they can use the information legitimately next time it happens. Point is they didn't have the right to tap me in the first place.

    Second point is this. If I get tapped by accident (net-criminal spoofed my IP/connection details) and a third party hacker (i'm simplifying this.. i know i'll catch heat for using hacker)intercepts the signal, he may learn of information that puts me, my career, or my life in danger.. information that would not have leaked had it not been for the government adding a hole to my system. I doubt the government would compensate me if I lost my job for leaking trusted information to the web.

    I'm all for anything that aids our law-enforcement officials, as long as they are responsible and take ownership of the consequences.

    Making it mandatory for the government to notify you that you are being snooped defeats the purpose of the monitoring in the first place. A more suitable method would be allow concerned individuals email or call to request whether or not they are being snooped. Then if they ARE snooping you, and they have reason, they can ask you to see a local court to discuss the matter without actually stating that they ARE monitoring you. That is one faster way of getting the criminals into court, if they are foolish enough. It also protects the innocent. Of course if the government is 'accidentally' snooping you, they will just tell you "no, we aren't monitoring you" because they think they are monitoring the person spoofing your connection.

    A better solution is a time-passworded utility that you can install and call to request the current password. The utility would check your system for the trojan. If that is the case, I'm all for this course of action against cyber-crime.

    -fc
    .
    • If the government taps me accidentally instead of their intended target, and they discover me doing something that violates a law in a minor way, they are going to pursue getting a warrant so that they can use the information legitimately next time it happens. Point is they didn't have the right to tap me in the first place.

      Well, in that case, the charges they bring against you will be dropped (assuming your lawyer is decent) because of exactly what you said: they didn't have the right to tap you in the first place. Then you can sue them for your time.
  • Won't be long before the makers of privacy tools will change their GUI front ends so that a keyboard is no longer used to authenticate. The simplest method would be to display a virtual keyboard and have the user mouse over to each character. It would be difficult, though not impossible, to construct a "mouse sniffer" that gathers enough data to reconstruct the password based on movement history. Defeating that would simply require randomly moving the virtual keyboard between each click. A bit of a pain, but if you really want to avoid the rubber hoses, you may have to do it.

    The only problem after that is evading the "looking over your shoulder" that no-echo keyboard password prompts are so good at avoiding. Maybe a very low contrast virtual keyboard and cursor...
    • So the FBI implements a system of screen capture to know when you are entering your password and what the "virtual keyboard" or other interface looks like. Tracking the mouse is no more difficult either. Hell if they can capture your screen, then they can just look at your files before/after they've been decrypted.

      If your computer has been turned against you then there is no hope of using it protect your secrets.

  • How to avoid keyloggers (Score:5, Funny)

    by 3ryon ( 415000 ) on Friday January 04, 2002 @04:37PM (#2787603)
    B r o w s e t o a w e b p a g e w i t h l o t s o f w o r d s o n i t a n d t h e n c u t a n d p a s t e e a c h l e t t e r y o u n e e d.
  • Is there any reliable way to detect the characteristic activities of a keylogger? Rather than trusting a virus scanner, or trying to keep every possible back door fixed, I would like a utility that would look for suspicious activity indicative of such a key logging attack. I am assuming though that this would be relatively operating system dependent.

    Beyond this, are there ways of making the operating system itself immune to keylogging? In windows this might be a custom keyboard driver. In Linux perhaps a kernel module.

    No matter what you do they can always log at the hardware level (essentially bug your keyboard), but it'd be nice to make it as hard as possible for them.

    -josh

  • Quantum Keyboards (Score:3, Interesting)

    by argoff ( 142580 ) on Friday January 04, 2002 @05:29PM (#2787944)

    There is a theoretical solution to this, using quantum diodes and open source software it is possible to create an untapable system. The quantum diodes would be part of an optical based keyboard. When any photons are prematurely observed, the whole thing errors out.

    The nature of open source software would make it difficult to add flaws that couldn't be detected if wanted. In fact, the encription program could do MD5 sums on the kernel and all parts of the OS that grap keystrokes making that impossible too.

    Other ways like a video grab of the keyboard, or biometrics on the individual typing could be done too. But I think the simplest way would be with a smart card that had a mini ATM keyboard on it. The user would keep it in his wallet at all times, and key in a pin before using it - too many guesses would permanently disable it.

  • Good for crypto (Score:3, Insightful)

    by Elvis Maximus ( 193433 ) on Friday January 04, 2002 @06:36PM (#2788302) Homepage

    I actually think the Scarfo case is a good thing. The logger was used in accordance with a court order, and the whole thing gives lie to the argument that we can't have readily available crypto because it makes the actual bad guys invulnerable to law enforcement.

  • April 1, 2002, Wilmington, Delaware: The FBI's plans to install keyboard sniffing programs on "mobsters'" computers was dealt a serious setback last month when it was revealed that some old crotchity hacker named Zorch revealed he had a patent on "keyboard sniffers." The patent describes a program that covertly installs itself onto an unsuspecting individual's computer and records keystrokes for later examination.

    Zorch released a statement two weeks ago saying that he was not interested in licensing his invention to the United States government at any cost.

    Neither friends nor family have heard from Zorch for the past two weeks. His whereabouts are unknown.

  • I fear the forces of "law enforcement" far more than I do their new boogie man of choice, terrorists. I fear them more than I do drug dealers, kiddie porn perverts, communists, or any of the other boogie men used in the past to justify increased powers and decreased accountability or oversight.

    What the government fears the people there is freedom. When the people fear the government there is tyrrany. Guess which scenario we live in?

    Lee
  • Of course the whole case is bogus, and allowing cops to exercise warrants on people in secret rather than to their face are bogus, and laws against gambling are bogus, especially in states that run lotteries themselves, and racketeering laws that make conspiracy to repeatedly run gambling games into Federal crimes are bogus (yer winnings, governor!), and bogus laws like that encourage gambling to be run by thugs like Scarfo, and the idea that Feds should be able to call technology like this "classified information" when you can buy products that do this on the street and when they're lobbying Congress to let them develop better ones is bogus, but leaving all of that aside....
    There's a difference between the Feds sniffing the passphrase, which is indirect evidence, and sniffing the contents of the file as he typed it, which would have been more direct evidence had they done that. The Feds are trying to hide how they stole the passphrase, and they're arguing about exactly what kind of warrant is needed for stealing it (wiretap vs. search warrant), but once they've stolen the passphrase and legally obtained the encrypted file, they can use it to show a jury that the passphrase they stole decrypts the file into the text they're alleging that Scarfo typed which allegedly shows that he's a mobster. And if they'd simply guessed the passphrase (hint, don't use simple words or your father's prison ID # as your passphrase) they could have done the same. By contrast, if they'd used the SEEKRIT keyboardsniffer to snarf up the file itself, they'd have to tell the jury "Nicky really typed this incriminating letter, trust us, we can't tell you how we know that, cuz it's RILLY SEEKRIT, but we're the FBI and we'd never lie to you, so he's GUILTY GUILTY GUILTY", they'd have a much weaker case. (Any self-respecting jury would throw them out on their expletive-deleted for even trying that, but American juries often fall for that sort of thing, and judges fall for it even more often.)


    US rules of evidence, since the early-1960s Supreme Court decisions which promulgated the "Exclusionary Rule", say that you can't use illegally obtained evidence, and there's a doctrine called "Fruit of the Poisoned Tree" which says that if you illegally obtain information that you use to obtain other information, you can't use that as evidence either. So if they'd beaten or tortured the information out of Scarfo, or if they hadn't had a warrant when they first searched his computer, they'd be unable to use it legally, which is part of why Scarfo's lawyers were arguing about the precise type of warrant they needed before stealing his passphrase.

    On the other hand, if they'd gone asking around the mobster social club if anybody wanted to call in an anonymous tip with Nicky's usual passwords or offering get-out-of-jail-free cards to temporarily-retired mobsters in return for the passphrase, that'd be legal, and unlike the cases where stool pigeons give false testimony about people in return for reduced jail time, a passphrase is demonstrably either correct or incorrect. (And of course, an "anonymous tip" is often nearly indistinguishable from illegally gathered evidence used to obtain a search warrant.)

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close