IP: KeyGhost

[Dave Farber <farber () cis upenn edu>]

> Subject: fyi: KeyGhost
> To: Dave Farber <farber () cis upenn edu>
> From: Jeff.Hodges () stanford edu
> Date: Mon, 19 Jun 2000 00:42:21 -0700
>
>
> For IP..
>
> ------- Forwarded Messages
>
> Date: Sun, 18 Jun 2000 12:53:17 -0700
> From: Steve Reid <sreid () sea-to-sky net>
> To: cryptography () c2 net
> Subject: KeyGhost
>
> We all know hardware keyboard loggers are possible. Now there is a
> commercial product called KeyGhost: http://www.keyghost.com/
>
> Here is an independant review: http://www.dansdata.com/keyghost.htm
>
> Several forms are available or planned, each capable of storing 97k or
> 500k (Pro version) of keystrokes:
>
> - - Keyboard cable extension with a bump in the wire.
>
> - - PS2-to-AT / AT-to-PS2 adapter or cable extender with no visible bump
>   in the wire. The hardware is concealed within the connecter.
>
> - - Regular computer keyboard or Microsoft Natural keyboard with the
>   hardware concealed within the keyboard case.
>
> 500k is a lot of keystrokes. Forward-secret protocols won't help you if
> the plaintexts of all your communications are recorded by one of these.
>
>
> ------- Message 2
>
> Date: Sun, 18 Jun 2000 21:57:06 -0400
> From: Dave Emery <die () die com>
> To: Steve Reid <sreid () sea-to-sky net>
> Cc: cryptography () c2 net
> Subject: Re: KeyGhost
>
> On Sun, Jun 18, 2000 at 12:53:17PM -0700, Steve Reid wrote:
> > We all know hardware keyboard loggers are possible. Now there is a
> > commercial product called KeyGhost: http://www.keyghost.com/
> > ...
> >
> > 500k is a lot of keystrokes. Forward-secret protocols won't help you if
> > the plaintexts of all your communications are recorded by one of these.
>
>         One hopes that the US Customs Service and the other federal
> agencies involved in enforcing Title III of the Omnibus Safe Streets and
> Crime Control Act of 1968 (18 USC 2518)  covering devices "primarily
> useful for the serreptitious interception of wire, oral or electronic
> communications" (which was originally aimed at bugs and similar
> listening devices) learns of these things and bans them from sale to the
> public as the same kind of electronic contraband that similar gismos
> that fit into telephones replacing the normal microphone or speaker with
> a  lookalike version that transmits the conversations to a remote
> receiver.  In fact, compared to some of the rather innocent things they
> have recently put on the Title III banned list, this thing seems like a
> slam dunk for federal control - especially the version that looks just
> like a AT to PS2 adapter or has the thing built into an otherwise
> ordinary looking and behaving  keyboard.
>
>         I might immediately hasten to add, that as an EE familiar with
> this sort of technology (in a casual way), it should both be possible to
> make a version that is signficantly smaller (the actual chips are tiny -
> its just the packages that are large and directly mounting the required
> chips on a substrate and bonding them out directly to the circuit is an
> old technology that is well proven and very practical for something like
> this), and also to make versions that contain burst radio transmitters
> that dump the keystroke memory in a brief wideband burst of digital
> information in response to an interrogation by an eavesdropper with a
> transmitter or perhaps every so often when the PC is turned on, or when
> it boots or something similar.   Such infrequent transmissions would
> be much harder for a TSCM electronic countermeasures sweep to find than
> something that radiated continuously.
>
>
> - --
>         Dave Emery N1PRE,  die () die com  DIE Consulting, Weston, Mass.
> PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3
> 18
>
>
>
> ------- End of Forwarded Messages