On Monday, January 7, 2002, at 07:31 PM, Dr. Evil wrote:
...
Yeah, that proposal (snipped above) would definitely defeat the plain old BIOS keyloggers. How sophisticated is the FBI stuff? Let's make some reasoned speculation.
Most of their targets aren't going to be super-sophisticated hackers who will do those kind of things. The FBI has a whole bunch of tools which they use to achieve their goal (get the conviction, etc). Generally, they don't need any one of those tools to be perfect. The plain old keystroke logger would work in most cases, probably. However, that is not the end of the story...
All security is economics. Move-countermove, defense-offense, etc. That basic keystroker loggers is "good enough" to get "most" of what they want is not surprising. Pareto tradeoffs apply. Higher security costs. Comments to follow.
Selecting letters with a mouse on the screen also bypasses the keyboard.
Ouch! That might work for occasional short messages, but for daily use?
I mostly meant for PGP passphrases, to decrypt a series of incoming messages. Though if they can keystroke log, all messages written by the target are vulnerable. No, I wouldn't suggest composing long messages one letter at a time. (Though the most sensitive of all messages are likely to be brief, a la the cononical "Attack at dawn.") A sufficiently worried person could use a scanner, either typing a message on a typewriter and then OCRing it, presumably beyond the ability of keystroke loggers to see, or just doing an image scan of a handwritten note and then PGPing that. At this level of worry, there are probably easier technological solutions, such as: using a Palm or other handheld for critical typing, using a second machine kept locked up (*), putting a laptop in a bag and then sealing it with sealing wax (hard for black baggers to duplicate on the spot), the dongle idea, removable disk drives, etc. All security is economics. When the U.S. Navy uses secure communications to communicate with a ship, they don't just have a guy sit down at a laptop and fire up PGP. They have nested security layers, including controls on access to the "crypto shack," layers of keyed access to crypto materials, and air gaps between machines and other parts of the system. All of this takes time to set up, training for the personnel (my condolences to them, as this is often drone work), and lots of bureaucracy. Almost everyone here is smart enough to realize that a lot of the jive about RSA taking all the computer power in the universe to crack (and then some, for large enough numbers) means nothing if key material has been compromised, if Van Eck radiation is being used to monitor equipment, and so on. The graph I always like to use is with "value of thing being protected" on the X-axis and "costs to use protection" on the Y-axis. Something that could land one in prison for 10 years, or worse, clearly jusitfies using very good crypto hygiene, that is, spending a fair amount of time and effort to ensure good security. Getting all traffic in PGP form, including mattd's and Choate's forwarded articles, clearly cannot justify the same level of care. The "one size fits all" approach of a "1024-bit key" is misleading. (I'm not saying that the important thing is to vary key lengths. In fact, may as well just standardize on 2048-bit keys or even larger. What I _am_ saying is that the whole PGP approach encourages people to think in terms of just using PGP...instead of using a layered approach. Seen this way, RSA/PGP is just one particular component of a larger system. Of course, selling this to the world is tough, as people want immediate gratification and ease-of-use. This is where "rolling your own" makes some sense, as the underlying mathematics is solid, but the crypto hygiene of using dongles, locking up laptops in safes, etc. is enough to stop many of the "sneak and peek" attacks.
Bottom line: I don't have any knowledge of what the FBI actually does, but there are off-the-shelf commercial things out there which defeat what you described, so it's safe to assume that the FBI has something like that if they feel they need it.
Meta-bottom line has always been: if the adversary can get access to your hardware, all bets are off. Morris showed this many years ago with compilers. Hence the approach of using PDAs or removable disk drives (flash, iPod, Dallas Semiconductor buttons) which make it much tougher for the FBI to compromise.
Bottom line 2: You need to have a tamper resistant system if you are faced with an attack from the FBI hacker team. Fortunately, in this case tamper resistance is pretty easy. Get yourself a webcam. I don't think many Mafiosos are sophisticated enough for this, or they probably would have found some other line of work.
We've talked a bit about deploying Webcams (with offsite or well-locked storage) for logging entries, etc. A cluster of several of them, some of them monitoring a system, some of them doing conventional burglar work, could be very useful. X10 wireless cams are down to just $50 each. Various strategies are obvious for how to use them: 1. Just leave them on and logging. Very tough for the guys in black to reproduce a plausible sequence which erases themselves from the archive. Just seeing the webcams aimed at the computer, with wires going off into a closet, may be enough to scare them off. (Have a pinhole webcam monitoring the entire room, too.) 2. Send the signals to a computer in a locked room, or just the archived images to a small disk drive inside a vault or safe. (One of my Firewire drives inside my gun vault, for example.) 3. Offsite storage is possible. Or a machine hidden in a closet or crawlspace and communicating via 802.11b. (On a battery backup in case they cut the power first.) (This is a variation on Brin's camcorder and escrow system.) The point is not to get too cute. Start talking about storing the images on an offshore platform and the scheme gets too complicated to use. A simple X10 camera system feeding a bottom-end PC and then 802.11b-broadcasting to another PC seems quite feasible. And if you do it yourself, with no "security consultants" involved, pretty hard for the FBI to bypass. Again, all security is economics. Having an unsecured machine sitting around in an office with PGP installed on it is at one extreme (regardless of the strength of RSA qua RSA), having a machine inside a secured room with webcams aimed at it and with removable disk drives and "mouse entry" methods to obscure keystrokes, all inside a Faraday cage, is nearly at the other extreme. How much one wants to spend depends on what one is protecting. --Tim May "That government is best which governs not at all." --Henry David Thoreau