This reminds me of another thing that occurred to me, but as I'm no computer engineer I can't tell how much of a defense it would be. (At the very least a nice stopgap for a while...) To get around keystroke loggers, it would be nice to have some fom of onscreen keyboard, perhaps available over the web. The keyboard would likely work only with the mouse (making it slow to use, of course), and each time the keyboard appears (and at periodic intervals) the keyboard scrambles its keys. I suspect it would be MUCH harder to figure out what has been typed. -TD
From: Tim May <timcmay@got.net> To: cypherpunks@lne.com Subject: Sealing wax Date: Tue, 15 Jul 2003 12:08:20 -0700
On Tuesday, July 15, 2003, at 09:05 AM, Major Variola (ret) wrote:
So, the best way to avoid that situation and not being able to reach
At 09:29 AM 7/15/03 -0400, Sunder wrote: the
big red switch, is simply not to attract their attention in the first place by not following the footsteps of Jim Bell. :)
Stego + broadcast is indeed your friend.
A more likely, and far more important, scenario to worry about is the black bag job whereby a hardware keystroke recorder can get installed without your knowledge...
There may be ways to prevent/detect this... Software (open or closed source) alone won't help very much.
Epoxy and other conformal coatings are also your friends.
Thinking about this brief comment, I assume MV means sealing a PC to make black bag opening more apparent.
But this suggest a return to _sealing wax_. Seriously.
A dab of sealing wax (available in most stationery stores, save for Staples, Office Depot, OfficeMax, Paper Barn, StaplerWorld, Nothing But Rubber Bands, and other warehouses masquerading as stationery stores) over the side panels and other access points, even over the floppy and CD-ROM ports (carefully!), and a distinctive signet ring or other such seal-making device could be quite easy to use.
(As we all know, CIA and other spook agency "flaps and seals" specialists are well-versed in duplicating such seals...but probably only after collecting good information. An FBI black bag job is likely to encounter the sealing wax and seal and be unable to duplicate it. There may be tools now to take a fairly good impression, perhaps with a fast-setting polymer, and then make a convincing duplicate of the seal. All crypto is economics, though, and simple seals probably work against most attackers.)
There are other methods:
-- keep key material on a USB or PCMCIA flash card dongle.
-- wear this around your neck or otherwise make it secure against girlfriends, wives, others who may try to copy it
-- use a small handheld PC (like the HP machines) or Palm OS device as the "front-end" for security apps: at the simplest level, use it to store very long keys which don't get typed-in, but instead are cut-and-pasted in a way to bypass the keyboard driver completely.
Note: It is common in military crypto for their to be different levels of "security tokens" to increase physical security. Rarely are the keys to the kingdom gotten merely by sitting down and typing stuff into a computer. For one thing, this encourages people to get lazy and write the passwords and keys down on Post-It notes or on pieces of tape stuck to the underside of paperclip holders or other entropically-obvious things. For another thing, it makes remote attacks or keystroke logging much more of an attack mode. Finally, the rigamarole or ritual of having physical tokens on chains around one's neck tends to make the process of security seem more serious, which can cause more care to be taken.
(All of this slows down the process. The rigamarole that a shipboard crypto shack will put up with is not the same as what Joe Sixpack will put up, as we all know. RSA-like crypto makes crypto a lot less expensive to deploy, but it's wrong to think it makes it a no-brainer, point-and-click process....except in things like SSL, where it does a specialized job without human involvement.)
-- the usual point about having a network with a secure machine locked up very well in a closet or safe (I have a large gun safe, which I usually run a small heating element into to prevent condensing conditions...I have toyed with the idea of putting a small PC running on 25-40 watts, or less, into this gun safe, with only a power cord and Ethernet wire coming out).
-- and the usual point about having cameras watching the areas where the PCs and keyboards are located.
(Yeah, maybe the black bag types can find and disable the cameras, but then Alice knows something unusual happened. But odds are pretty good they _can't_ find all of the cameras or microphones or sensors, especially in a building with many PCs and wires and other gadgets. They can cut the power, but smart folks have things on battery backups, or self-powered, or on laptops left plugged-in and able to run for 3-4 hours without AC power, etc.)
Were I setting up such a system, all sorts of inexpensive ideas suggest themselves.
By the way, I recommend the novels of Thomas Perry, especially "Pursuit," "Vanishing Act," and his others in the "Jane Whitefield" series. All four novels of his I have read so far deal centrally with issues of people trying to escape those tracking them, kind of a private version of the Witness Security Program (popularly called "Witness Protection"). The novels are filled with good ideas, and a few glaring misses, about changing identity, avoiding patterns, etc.
If there's a weakness in his novels, it's that not enough modern technology is used. I cringe when I see his characters not even using readily-available throwaway cellphones to stay in contact, or not even setting up Hotmail accounts to communicate. (He favors postal dead drops, which in at least one of the novels allows an attacker to find out the home and name of another....a determined opponent, like the government, would know the names and addresses quickly.)
Still, his series fits with the kind of security awareness and hypervigilance we often discuss.
--Tim May
_________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
On Wed, 16 Jul 2003, Tyler Durden wrote:
This reminds me of another thing that occurred to me, but as I'm no computer engineer I can't tell how much of a defense it would be. (At the very least a nice stopgap for a while...)
To get around keystroke loggers, it would be nice to have some fom of onscreen keyboard, perhaps available over the web. The keyboard would likely work only with the mouse (making it slow to use, of course), and each time the keyboard appears (and at periodic intervals) the keyboard scrambles its keys.
Been done. Something like that is included in Tinfoilhat Linux distribution, see http://tinfoilhat.shmoo.com/ Another thing for keyboard-based data input is Sneaky Pete, a Java app http://packetstorm.icx.fr/java/sneaky.tar.gz (from http://packetstorm.icx.fr/java/indexdate.shtml - original project homepage is dead). And I suppose there are more. However, this will work around the keyboard loggers, but will cause development of eg. programs saving the screenshots at the moment of a mouseclick. (Which is definitely more detectable - by storing bulk amounts of data - than just a plain keylogger, disadvantaging the adversary somehow.) Also won't protect against ceiling cams, if they'd have enough resolution to see the screen clearly enough. Couldn't there be some challenge-response device, eg. over IrDA or radio waves or direct contact (eg, iButton DS1955B or DS1957B), which would be unlocked by something like a PIN code? How to avoid the leakage of the PIN and subsequent seizure of the device then?
I suspect it would be MUCH harder to figure out what has been typed.
At least for a while, yes.
Geez! You guys have the DUMBEST ideas ever! For fuck's sake, go and RTFA! (For the dumb: READ THE FUCKING ARCHIVES!) Anything displayed on your screen is visible to the guy across the street with a TEMPEST detector unless you work in a Faraday cage. Failing that a hidden pinhole camera, or an RF transmitter attached to your cable -- hell these are available for hobbist use right now: x10.com has small devices that you can use to broadcast video from one room to another. Getting the same done for VGA, XVGA, etc. shouldn't be any harder. Using IR or RF is one of the stupidest things you could possibly do. Think! IR and RF are detectable from a distance! Ok, some IR auth is ok, provided it's in a sealed chamber and no photons leak out. i.e. think of a two cylinders, sealed at the ends where the cables go, where one fits inside the other... sort of like fiber optic cables and connectors. No leaks. Direct contact's obviously fine, so long as your alleged attacker can't tap into it. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 16 Jul 2003, Thomas Shaddack wrote:
However, this will work around the keyboard loggers, but will cause development of eg. programs saving the screenshots at the moment of a mouseclick. (Which is definitely more detectable - by storing bulk amounts of data - than just a plain keylogger, disadvantaging the adversary somehow.) Also won't protect against ceiling cams, if they'd have enough resolution to see the screen clearly enough.
Couldn't there be some challenge-response device, eg. over IrDA or radio waves or direct contact (eg, iButton DS1955B or DS1957B), which would be unlocked by something like a PIN code? How to avoid the leakage of the PIN and subsequent seizure of the device then?
And TEMPEST monitoring equipment (or again, a hidden pinhole camera behind you, or a transmitter hidden in your monitor) won't see what's on your screen because???? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 16 Jul 2003, Tyler Durden wrote:
To get around keystroke loggers, it would be nice to have some fom of onscreen keyboard, perhaps available over the web. The keyboard would likely work only with the mouse (making it slow to use, of course), and each time the keyboard appears (and at periodic intervals) the keyboard scrambles its keys.
participants (3)
-
Sunder
-
Thomas Shaddack
-
Tyler Durden