IP: KeyGhost

[Dave Farber <farber@cis.upenn.edu>]

>Subject: fyi: KeyGhost
>To: Dave Farber <farber@cis.upenn.edu>
>From: Jeff.Hodges@stanford.edu
>Date: Mon, 19 Jun 2000 00:42:21 -0700
>
>
>For IP..
>
>------- Forwarded Messages
>
>Date: Sun, 18 Jun 2000 12:53:17 -0700
>From: Steve Reid <sreid@sea-to-sky.net>
>To: cryptography@c2.net
>Subject: KeyGhost
>
>We all know hardware keyboard loggers are possible. Now there is a
>commercial product called KeyGhost: http://www.keyghost.com/
>
>Here is an independant review: http://www.dansdata.com/keyghost.htm
>
>Several forms are available or planned, each capable of storing 97k or
>500k (Pro version) of keystrokes:
>
>- - Keyboard cable extension with a bump in the wire.
>
>- - PS2-to-AT / AT-to-PS2 adapter or cable extender with no visible bump
>   in the wire. The hardware is concealed within the connecter.
>
>- - Regular computer keyboard or Microsoft Natural keyboard with the
>   hardware concealed within the keyboard case.
>
>500k is a lot of keystrokes. Forward-secret protocols won't help you if
>the plaintexts of all your communications are recorded by one of these.
>
>
>------- Message 2
>
>Date: Sun, 18 Jun 2000 21:57:06 -0400
>From: Dave Emery <die@die.com>
>To: Steve Reid <sreid@sea-to-sky.net>
>Cc: cryptography@c2.net
>Subject: Re: KeyGhost
>
>On Sun, Jun 18, 2000 at 12:53:17PM -0700, Steve Reid wrote:
> > We all know hardware keyboard loggers are possible. Now there is a
> > commercial product called KeyGhost: http://www.keyghost.com/
> > ...
> >
> > 500k is a lot of keystrokes. Forward-secret protocols won't help you if
> > the plaintexts of all your communications are recorded by one of these.
>
>         One hopes that the US Customs Service and the other federal
>agencies involved in enforcing Title III of the Omnibus Safe Streets and
>Crime Control Act of 1968 (18 USC 2518)  covering devices "primarily
>useful for the serreptitious interception of wire, oral or electronic
>communications" (which was originally aimed at bugs and similar
>listening devices) learns of these things and bans them from sale to the
>public as the same kind of electronic contraband that similar gismos
>that fit into telephones replacing the normal microphone or speaker with
>a  lookalike version that transmits the conversations to a remote
>receiver.  In fact, compared to some of the rather innocent things they
>have recently put on the Title III banned list, this thing seems like a
>slam dunk for federal control - especially the version that looks just
>like a AT to PS2 adapter or has the thing built into an otherwise
>ordinary looking and behaving  keyboard.
>
>         I might immediately hasten to add, that as an EE familiar with
>this sort of technology (in a casual way), it should both be possible to
>make a version that is signficantly smaller (the actual chips are tiny -
>its just the packages that are large and directly mounting the required
>chips on a substrate and bonding them out directly to the circuit is an
>old technology that is well proven and very practical for something like
>this), and also to make versions that contain burst radio transmitters
>that dump the keystroke memory in a brief wideband burst of digital
>information in response to an interrogation by an eavesdropper with a
>transmitter or perhaps every so often when the PC is turned on, or when
>it boots or something similar.   Such infrequent transmissions would
>be much harder for a TSCM electronic countermeasures sweep to find than
>something that radiated continuously.
>
>
>- --
>         Dave Emery N1PRE,  die@die.com  DIE Consulting, Weston, Mass.
>PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3
>18
>
>
>
>------- End of Forwarded Messages