trojan hardware (keyboard black bag implant) circa 2003

coderman coderman@gmail.com
Mon Dec 30 07:21:26 PST 2013


out of time, barest gist til next year: back when doing wifi security
research and other interests [trunc.] received an FBI black bag job;
presumably physical focus due to non standard OSes and FDE.  IBM
keyboard internal chip replaced with identical logging variant; note
that this is not as sophisticated as the more recent TAO toys with
covert RF channels and active, on-demand capabilities...

the keyboard tampering:
https://peertech.org/dist/baghw04.jpg
https://peertech.org/dist/baghw05.jpg
https://peertech.org/dist/baghw06.jpg
 which is for all intents and purposes otherwise visually undetectable
using this trojan chip technique, tailored for every common
manufacturer.

while that was not bad, aside from leaking tamper event, the FDE was
so sad/funny. a screw amuck, replacement drive significantly different
(when compared to identical lot mate purchased with original that got
yanked for offline attack)
https://peertech.org/dist/baghw01.jpg
https://peertech.org/dist/baghw02.jpg
https://peertech.org/dist/baghw03.jpg


---


in a round about manner this was all instigated in part by wifi
research done at the time which put various powerful entities into a
tiff.  here's what the pacNW sample looked like back in early 2003:
https://peertech.org/archives/wifi-scan/
"Cleartext Nodes: 8755 (62.59%)
  , WEP Nodes: 5232 (37.40%)"
 ... ah, memories :)


---


one last fun learning by example: consider that you thwart direct
physical access black bag type attempts, and are not running a
vulnerable router/CPE, and present a sufficiently compelling target,
you may encounter a clever "just outside the property line" isolation
and active attack on DOCSIS uplink. (a broadcast medium is hard to
mess with in a covert manner, unless you're able to isolate target
from the local broadcast loop itself.)

https://peertech.org/dist/docsis-mitm.jpg
(circa 2007 - make note of image comments and also single "Comcast
tech" shielding self behind door...)



More information about the cypherpunks mailing list