Re: Scarfo "keylogger", PGP

[Phil Karn]

All through this case, the FBI has been very cagey on whether the key
logger was implemented in hardware or software (or firmware).

Until recently I had thought the hardware approach more likely. It's
easy to install a bug in the keyboard cable, and such devices already
exist on the market.

But one passage in this affidavit caught my attention: 

  Recovery of Output 13. In order to recover the output of the KLS, it
  was necessary to gain physical access to the computer. A total of five
  surreptitious entries into Scarfo's place of business were made. On
  four of those occasions, the computer in question was found to be
  inoperative or not present. On only one of those conditions was the
  computer in question found to be present and in working order

A hardware device would have been easy to install even if the computer
wasn't "operative" (as long as it was actually there). This strongly
suggests that the logger consisted either of software modules hacked
into Windows, or possibly a hack to the BIOS firmware.

If it was done as a Windows software hack, that raises the question of
why so many keystrokes were captured -- especially if the search warrant
was only for his PGP passphrase.

They probably already had a copy of his encrypted secret key ring from
an earlier search. So a good programmer could have written the
intercept routine to test the keystrokes in real time, saving them
only if they constituted the correct pass phrase. This could be done
either by looking for the keystrokes that typically precede the
entering of the passphrase, or by continually testing a "window" of
the last (1,2,...N) typed characters regardless of context. The former
would work in a command line environment, the latter might be
necessary in a GUI.

The real-time testing would have to be done without raising suspicion,
i.e., by noticeably lengthening the computer's response time. It would
be interesting to see how fast such a routine could run on a typical
PC.

Still, the software/firmware approach does have the advantage of being
less easily detected by a naive user than a hardware "bug". The
average Windows user wouldn't have a clue as to how to look for
cleverly hacked DLLs or system programs.

However, if one does suspect a software "bug", then the
countermeasures are pretty obvious. This would certainly explain the
FBI's reticence to disclose the details. Tripwire-like mechanisms,
improved physical security (e.g., keeping a laptop in a safe) and
using IR motion detectors to silently log physical intrusions into the
vicinity of the computer would all complicate the FBI's job.

Anybody have any other ideas?

Phil



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Security Research (Was: Scarfo "keylogger", PGP )

[pasward]

David Jablon writes:
 > 
 > Not until vendors are held legally accountable for negligent design.
 > 
 > Maybe someday, somehow, there will be a class action law suit.
 > (I saw a recent infosec conference flyer that had some silly quote
 > about the annual cost of viruses or something being in the
 > $100,000,000,000 range.  :-)

This is probably a silly question, but why isn't such a class action
lawsuit launched?  

The stock answer I always here is the EULA.  However, it is my
understanding that if a manufacturer (say a car company) tried to
disclaim or limit liability in the manner in which the software
industry does, any court would throw out the disclaimer and impose its
own standard.

Can you imagine buying a Ford Explorer with the statement like: 

"not liable for any damages   Under no circumstances will our
liability exceed the original cost of the product."

?

Now, can the lawyers please correct my ignorance.

Paul





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Rick Smith at Secure Computing]

At 09:59 AM 10/16/2001, Peter Fairbrother wrote:

>The affidavit is extremely complex and hard to unravel, whether to try to
>preserve secrecy, in the hope that it will confuse the defence/Court, or
>perhaps it's just legalese, I don't know.

I spoke to someone a couple of years ago who had tried to establish a set 
of technical standards for handling host security logs so that they could 
be used as legal evidence, and ran into a stone wall at the Justice 
Department. Evidently they feared that defendants could manipulate any such 
standards to ensure that *no* electronic evidence could ever stand up in court.

I suspect the affidavit is badly written so that it meets the minimum 
standard for the court while providing as little useful information as 
possible.


Rick.
[EMAIL PROTECTED]roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Rick Smith at Secure Computing]

At 05:21 AM 10/16/2001, Ben Laurie wrote:
>Rick Smith at Secure Computing wrote:
> > >Is this a serious security failure in PGP?
> >
> > No, it's a problem with any programmable computer. If you can install new
> > programs, you can install changes to existing programs.
>
>That is not true - its a function of the OS and the type of access you
>have. I can install new programs on my Unix box but without root I
>cannot change existing programs, for example.

If you have physical access to a commercial computing device, be it Unix or 
Microsoft or anything else, and you have the right tools, you can reprogram 
the OS, the applications or both, to do whatever you want. The tools aren't 
that expensive or that hard to acquire, especially for an intelligence/law 
enforcement organization. Physical access always trumps the software access 
controls which we must rely on to protect the plaintext and passphrases 
handled by PGP.


Rick.
[EMAIL PROTECTED]roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Security Research (Was: Scarfo "keylogger", PGP )

[Carl Ellison]

At 08:52 PM 10/16/2001 -0400, Steven M. Bellovin wrote:
>In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>>"Trei, Peter" wrote:
>>> Windows XP at least checks for drivers not signed by MS, but
>>> whose security this promotes is an open question.
>>
>>Errr ... surely this promotes MS's bottom line and no-one's
>>security? It is also a major pain if you happen to want to write a
>>device driver, of course.
>>
>
>Microsoft?  See their view of how to deal with security at
>http://www.newsbytes.com/news/01/171173.html -- I wonder if they
>think it should apply to crypto research, too?

>From that link:

"It's high time the security community stopped providing blueprints
for building these weapons," he said.

===

Remember after the OK City bombing, there were calls to remove
instructions on bomb making from the Internet?  That failed when
people pointed out the USDA and public library sources, although some
went on to claim they should be removed from there, too.  Free
speech, anyone?

With bug reports, there are none coming from USDA or to be found in
public libraries, so it looks like we're a lot more vulnerable.  When
will the Internet be so ingrained in American life that it's no
longer vulnerable like this?






+--+
|Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme |
|PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Security Research (Was: Scarfo "keylogger", PGP )

[David Jablon]

About that MS security response initiative ...

I think, if you view their security response team as a completely
separate independent entity from the MS development team,
you'll find that they're making a valiant attempt at doing an
impossible job.

Scott Culp is just trying to rally the security community to be
self-policing with regard to publishing detailed exploit instructions.
Not a bad idea at all.  And in this regard, this seems to be
handled in a light handed manner ... so far.
When I take off my conspiracy theory glasses, I don't
even see any particularly offensive ideas in his manifesto:
http://www.microsoft.com/technet/columns/security/noarch.asp

Surely we can all agree that Scott has got the toughest job
in the world. :-)  Maybe we can give him a break and offer some
constructive feedback.

But personally, I don't think there's much hope of changing the way
that particular company behaves, or for that matter, much of the rest
of the industry too.

Not until vendors are held legally accountable for negligent design.

Maybe someday, somehow, there will be a class action law suit.
(I saw a recent infosec conference flyer that had some silly quote
about the annual cost of viruses or something being in the
$100,000,000,000 range.  :-)

Or maybe one of our new draconian laws will be turned around to
make vendors criminally responsible for promoting cyber terrorism!

Surely that'll make 'em think twice before opening that new back door,
or creating yet-another "auto-launch a hidden executable" feature.

-- David


At 08:52 PM 10/16/01 -0400, Steven M. Bellovin wrote:

>Microsoft?  See their view of how to deal with security at
>http://www.newsbytes.com/news/01/171173.html -- I wonder if they
>think it should apply to crypto research, too?
>
>Of course, why should I be surprised at this?  Some crypto research is 
>already banned by the DMCA; why not ban even more?





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Security Research (Was: Scarfo "keylogger", PGP )

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>"Trei, Peter" wrote:
>> Windows XP at least checks for drivers not signed by MS, but
>> whose security this promotes is an open question.
>
>Errr ... surely this promotes MS's bottom line and no-one's security? It
>is also a major pain if you happen to want to write a device driver, of
>course.
>

Microsoft?  See their view of how to deal with security at
http://www.newsbytes.com/news/01/171173.html -- I wonder if they
think it should apply to crypto research, too?

Of course, why should I be surprised at this?  Some crypto research is 
already banned by the DMCA; why not ban even more?

--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[John R. Levine]

Of course, but the difference is that Windows users routinely install
programs that update libraries in random ways, Unix users don't.  By
and large, Unix applications only install libraries unique to the
application, and the general stuff only changes when you upgrade the
operating system.  If you're moderately clueful (a big assumption, I
know) the applications aren't installed as root so they can't whomp
the system libraries.  Most Windows applications, on the other hand,
come with copies vendor C libraries, graphics libraries, and who knows
what else, and just install them in \Windows\System.

It's a very common problem on Windows systems to have programs
mysteriously stop working because the user installed an unrelated
application that happened to use the same DLL, but the newly installed
version is older than the previous one and is missing features or bug
fixes.  The current generation of install software tries to check
version numbers and warn you if it's about to downgrade a library, but
it's entirely a convention in the installation software, not enforced
by anything.



>The same is true of, say, libX11.so, or worse, libpam.so, on Unix
>systems.

>> One of my continual gripes about Windows security has to do with the GUI
>> DLLs. An attacker could silently replace a component with one which has
>> the old version number and the same API as the normal one, but which 
>> does something extra -

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Peter Fairbrother]

Capturing keystrokes of email in composition would appear to me to be part
of a "transfer of ..intelligence of any nature transmitted ... in part by a
wire...", and nothing to do with stored email or 2703, but I am not a
lawyer.

-- Peter Fairbrother


> Steven M. Bellovin wrote:
[snip] 
> The problem is that you're thinking like a computer scientist instead
> of like a lawyer...
> 
> Definitions are important in the law.  The wiretap statute (18 USC 2510
> et seq, http://www4.law.cornell.edu/uscode/18/2510.html) defines
> an "electronic communication" as "any transfer of signs,
> signals, writing, images, sounds, data, or intelligence of any
> nature transmitted in whole or in part by a wire, radio,
> electromagnetic, photoelectronic or photooptical system that
> affects interstate or foreign commerce, but does not include -
> (A) any wire or oral communication..."  ("Wire communications"
> refers to telephone calls.)  Interception of such transmissions
> is one of the things governed by the wiretap statute; the procedure
> for getting an authorization for a tap is very cumbersome,
> and is subject to numerous restrictions in both the statute and
> DoJ regulations.
> 
> Access to *stored communications* -- things that aren't actually
> traveling over a wire -- are governed by 18 USC 2701 et seq.,
> which was added to the wiretap statute in 1986.  (That's when
> electronic communications were added as well.)  The rules for
> access there are much simpler.  But that section was written on
> the assumption that email would only be stored on your service
> bureau's machine!  In this case, it would appear that we're back to
> the ordinary search and seizure statutes governing any computer records
> owned by an individual.  *But* -- if they're *in the process of being
> sent* -- 2511 would apply, it would be a wiretap, and it would be
> hard to do.  The FBI agents who wrote that keystroke logger are
> well aware of this distinction, and apparently tried to finesse
> the point by ensuring that no communications (within the meaning
> of the statute) were taking place when their package was operating.
> 
> I suppose that someone could make an argument to a judge that
> email being composed is intended for transmission, and that it
> should therefore be covered by 2511.  The government's counter will
> be to cite 2703, which provides for simpler access to some email, as
> evidence that Congress did not intend the same protections for
> email not actually in transit.  I'd have to reread the ruling
> in the Steve Jackson Games case to carry my analysis any further,
> but I'll leave that to the real lawyers.
> 
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> [EMAIL PROTECTED]




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Derek Atkins]

The same is true of, say, libX11.so, or worse, libpam.so, on Unix
systems.

-derek

"Trei, Peter" <[EMAIL PROTECTED]> writes:

> One of my continual gripes about Windows security has to do with the GUI
> DLLs. An attacker could silently replace a component with one which has
> the old version number and the same API as the normal one, but which 
> does something extra - for example, the component which handles the
> textbox for entering passwords could check the system table to see if
> the active program was PGP, and if so log the text entered. The user 
> would be none the wiser, and even re-installing PGP would not restore
> security.
> 
> A secure system would use crytographically signed components,
> and an application would check the signatures before loading a 
> dynamic library. An attacker would then need to get the trojaned
> components signed, which raises the bar.
> 
> Windows XP at least checks for drivers not signed by MS, but 
> whose security this promotes is an open question.
> 
> Peter Trei
> 
> 
> 
> 
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   [EMAIL PROTECTED]PGP key available



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Ben Laurie]

"Trei, Peter" wrote:
> Windows XP at least checks for drivers not signed by MS, but
> whose security this promotes is an open question.

Errr ... surely this promotes MS's bottom line and no-one's security? It
is also a major pain if you happen to want to write a device driver, of
course.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Steven M. Bellovin]

In message <9qftr6$23i$[EMAIL PROTECTED]>, David Wagner writes:
>It seems the FBI hopes the law will make a distinction between software
>that talks directly to the modem and software that doesn't.  They note
>that PGP falls into the latter category, and thus -- they argue -- they
>should be permitted to snoop on PGP without needing a wiretap warrant.
>
>However, if you're using PGP to encrypt email before sending, this
>reasoning sounds a little hard to swallow.  It's hard to see how such a
>use of PGP could be differentiated from use of a mail client; neither
>of them talk directly to the modem, but both are indirectly a part of
>the communications path.  Maybe there's something I'm missing.

The problem is that you're thinking like a computer scientist instead 
of like a lawyer...

Definitions are important in the law.  The wiretap statute (18 USC 2510
et seq, http://www4.law.cornell.edu/uscode/18/2510.html) defines
an "electronic communication" as "any transfer of signs, 
signals, writing, images, sounds, data, or intelligence of any 
nature transmitted in whole or in part by a wire, radio, 
electromagnetic, photoelectronic or photooptical system that 
affects interstate or foreign commerce, but does not include - 
(A) any wire or oral communication..."  ("Wire communications"
refers to telephone calls.)  Interception of such transmissions
is one of the things governed by the wiretap statute; the procedure
for getting an authorization for a tap is very cumbersome,
and is subject to numerous restrictions in both the statute and
DoJ regulations.

Access to *stored communications* -- things that aren't actually
traveling over a wire -- are governed by 18 USC 2701 et seq.,
which was added to the wiretap statute in 1986.  (That's when
electronic communications were added as well.)  The rules for
access there are much simpler.  But that section was written on
the assumption that email would only be stored on your service
bureau's machine!  In this case, it would appear that we're back to
the ordinary search and seizure statutes governing any computer records
owned by an individual.  *But* -- if they're *in the process of being
sent* -- 2511 would apply, it would be a wiretap, and it would be
hard to do.  The FBI agents who wrote that keystroke logger are
well aware of this distinction, and apparently tried to finesse
the point by ensuring that no communications (within the meaning
of the statute) were taking place when their package was operating.

I suppose that someone could make an argument to a judge that
email being composed is intended for transmission, and that it
should therefore be covered by 2511.  The government's counter will
be to cite 2703, which provides for simpler access to some email, as
evidence that Congress did not intend the same protections for
email not actually in transit.  I'd have to reread the ruling
in the Steve Jackson Games case to carry my analysis any further,
but I'll leave that to the real lawyers.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Peter Fairbrother]

The "keystroke capture component" (which does not work when the modem is
operating) would capture email when composed offline before transmission. I
don't know whether this needs a wiretap warrant or not, but in effect it is
tapping email, during a part of it's journey from brain to brain.

The "PGP-key capture component" only captured the PGP logon, and wouldn't
capture email in any case. It would work when the modem was working (on
something else).

The encrypted data on Scarfo's computer may or may not include email, which
the PGP key would decode, but the FBI were authorised to seize business
records, not email. Perhaps the FBI might not be allowed to decrypt or look
at any email found, though in practice it would be nearly impossible to stop
them doing so.

The affidavit is extremely complex and hard to unravel, whether to try to
preserve secrecy, in the hope that it will confuse the defence/Court, or
perhaps it's just legalese, I don't know.


-- Peter Fairbrother

> David Wagner wrote:

> It seems the FBI hopes the law will make a distinction between software
> that talks directly to the modem and software that doesn't.  They note
> that PGP falls into the latter category, and thus -- they argue -- they
> should be permitted to snoop on PGP without needing a wiretap warrant.
> 
> However, if you're using PGP to encrypt email before sending, this
> reasoning sounds a little hard to swallow.  It's hard to see how such a
> use of PGP could be differentiated from use of a mail client; neither
> of them talk directly to the modem, but both are indirectly a part of
> the communications path.  Maybe there's something I'm missing.
> 
> If you're using PGP to encrypt stored data only, though, then I can
> see how one might be able to make a case that use of PGP should be
> distinguished from use of a mail client.
> 
> Does anyone know what PGP was used for in this case?  Was it used only
> for encrypting stored data, or was it also used from time to time for
> encrypting communications?




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Scarfo "keylogger", PGP

[Trei, Peter]

> Peter Fairbrother[SMTP:[EMAIL PROTECTED]]
> 
> The other and more worrying "component" picked up the PGP key Scarfo used
> -
> his father's prison number! - and virtually nothing else. It didn't
> capture
> keystrokes. Almost certainly it detected and captured only the PGP logon
> when the enter key was pressed, and it is almost certainly software. I
> don't
> know if Scarfo entered his PGP key more than once but apparently it only
> recorded it once. The PGP key information was at the end of the output
> presented to the Court so it may have stopped operation then, but the
> "keystroke capture component" should have continued to work if the overall
> design was good.
> 
> Could it be remotely installed? Is this a serious security failure in PGP?
> The recent announcement by NA that they are looking for a buyer for PGP,
> at
> a time when it's value would be low anyway following the WTC attacks, may
> be
> relevant...
> 
> -- Peter Fairbrother
> 
Windows programs can incorporate the GUI components (MFC libraries, etc)
either as staticly linked libraries at compiliation time, or (more commonly)
as
dynamically linked libraries (DLLs).

One of my continual gripes about Windows security has to do with the GUI
DLLs. An attacker could silently replace a component with one which has
the old version number and the same API as the normal one, but which 
does something extra - for example, the component which handles the
textbox for entering passwords could check the system table to see if
the active program was PGP, and if so log the text entered. The user 
would be none the wiser, and even re-installing PGP would not restore
security.

A secure system would use crytographically signed components,
and an application would check the signatures before loading a 
dynamic library. An attacker would then need to get the trojaned
components signed, which raises the bar.

Windows XP at least checks for drivers not signed by MS, but 
whose security this promotes is an open question.

Peter Trei






-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Arnold G. Reinhold]

At 12:09 AM + 10/16/2001, David Wagner wrote:
>It seems the FBI hopes the law will make a distinction between software
>that talks directly to the modem and software that doesn't.  They note
>that PGP falls into the latter category, and thus -- they argue -- they
>should be permitted to snoop on PGP without needing a wiretap warrant.
>
>However, if you're using PGP to encrypt email before sending, this
>reasoning sounds a little hard to swallow.  It's hard to see how such a
>use of PGP could be differentiated from use of a mail client; neither
>of them talk directly to the modem, but both are indirectly a part of
>the communications path.  Maybe there's something I'm missing.

Reading between the lines, I think the FBI is taking the position 
that e-mail stored on your computer, either before or after you send 
it, is a business record and not an electronic communication. Thus 
they would also claim the right to key-log a mail client when it was 
off line under the authority of just a search warrant, without a wire 
tap order. In effect, they seem to be claiming that only instant 
messaging is protected under anti-wiretapping laws.

>
>If you're using PGP to encrypt stored data only, though, then I can
>see how one might be able to make a case that use of PGP should be
>distinguished from use of a mail client.
>
>Does anyone know what PGP was used for in this case?  Was it used only
>for encrypting stored data, or was it also used from time to time for
>encrypting communications?
>

Press reports said PGP was used to encrypt gambling records. The 
defense challenged the keylogging on the grounds that it must have 
intercepted electronic communications as well, and therefore went 
beyond the authority of the FBI'ssearch warrant.

It also seems that the FBI used two separate tools on Scarfo's computer:

1. an only-when-the-modem's-off key logger

2. a tool to capture the passphrase when it was entered into the PGP 
dialog box.

One way to create the latter tool is to simply use the PGP source 
code to make a doctored version of PGP that saves the passphrase in a 
hidden file or even e-mails it and the secret key to a special 
address. This possibility suggests that it is a mistake to include 
the full PGP version number in plaintext, as is done in the present 
PGP message format. Doing so allows any attacker to prepare a 
doctored program that matches the target's version in advance, 
reducing the number of surreptitious entries needed. This may not 
matter much to the FBI (which apparently made five entries is this 
case) but could be significant to an attacker with fewer resources, 
e.g. a terrorist cell.

Transmitting the software version enclar may also help in creating a 
capture tool that knows where keying information is stored in memory. 
If there is a need to alert the receiving program as to the format of 
the encrypted message, a message format code should be used, not the 
software version number.


Arnold Reinhold
(who is not a lawyer)



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[David Wagner]

It seems the FBI hopes the law will make a distinction between software
that talks directly to the modem and software that doesn't.  They note
that PGP falls into the latter category, and thus -- they argue -- they
should be permitted to snoop on PGP without needing a wiretap warrant.

However, if you're using PGP to encrypt email before sending, this
reasoning sounds a little hard to swallow.  It's hard to see how such a
use of PGP could be differentiated from use of a mail client; neither
of them talk directly to the modem, but both are indirectly a part of
the communications path.  Maybe there's something I'm missing.

If you're using PGP to encrypt stored data only, though, then I can
see how one might be able to make a case that use of PGP should be
distinguished from use of a mail client.

Does anyone know what PGP was used for in this case?  Was it used only
for encrypting stored data, or was it also used from time to time for
encrypting communications?



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Peter Fairbrother]

The order is available on the epic site (copy sent privately). I don't think
the cleanliness of the collected data is relevant as all they wanted was the
PGP key, which either works or doesn't, they got the encrypted files when
they examined the computer beforehand and/or seized it afterwards.

I do think they have probably gone too far and captured email, at least when
it was being composed, even if they didn't intercept it in transmission. The
order relates to business records but not email, whose seizure the order
does not permit (a different type of order is needed for email). Pretty
silly imho as they didn't need to install the "keystroke capture component"
at all.

-- Peter Fairbrother

> Rick Smith at Secure Computing wrote:

> Stripping off the precise legal language, this looks like a software
> keystroke logger that was carefully crafted to collect a PGP passphrase
> while collecting as little other data as possible. Collecting evidence is
> tricky business. You have to collect exactly the information you need, but
> you mustn't collect any information you aren't authorized to collect. If
> you do, then you can't use the information you have. Moreover, you need to
> be able to show that the evidence is 'clean' and hasn't been tampered with.
> This makes it very tricky when you're trying to collect computer
> information that's intended to be used as evidence in legal proceedings.
> 
> Without actually seeing the warrant used to authorize the keystroke
> capture, it's hard to tell what was really going on. But it seems
> reasonable to speculate that the keystroke monitor was carefully configured
> to comply with the letter of the warrant issued to the FBI to implant the
> keystroke logger. If they collect too much data under the warrant, the
> defense attorney might be able to block the use of the logs as evidence by
> arguing that the FBI didn't comply with the warrant.
> 
> I suspect that the "components" of the logger are software modules that are
> included and/or configured according to the types of data that the FBI has
> a warrant to collect.
> 
> Regarding all this, Peter Fairbrother wrote:
> 
>> The other and more worrying "component" picked up the PGP key Scarfo used -
>> his father's prison number!
> 
> I found Scarfo's choice of password rather amusing, since it shows that a
> personally tailored dictionary attack would have worked as well as the
> keystroke logging, and probably wouldn't have taken as long (14 days).
> 
>> I don't
>> know if Scarfo entered his PGP key more than once but apparently it only
>> recorded it once. The PGP key information was at the end of the output
>> presented to the Court so it may have stopped operation then, but the
>> "keystroke capture component" should have continued to work if the overall
>> design was good.
> 
> If my speculations about the warrant are correct, the logger may have shut
> itself down just to reduce the risk of intercepting anything that might
> have violated the letter of the warrant.
> 
>> Could it be remotely installed?
> 
> If someone manages to install Back Orifice (or its latest incarnation) on
> the victim's computer, then it's possible to remotely command Back Orifice
> to install keystroke logging software. However, the remote approach isn't
> 100% guaranteed to work, and Scarfo might have detected the installation
> activity or the presence of Back Orifice.
> 
>> Is this a serious security failure in PGP?
> 
> No, it's a problem with any programmable computer. If you can install new
> programs, you can install changes to existing programs. Since the FBI snuck
> into Scarfo's house and had physical access to his computer, they could
> install or patch the Windows OS, or PGP, or anything else on the computer
> however they wanted. The only limitation on their actions was that they
> didn't want to change anything Scarfo might detect.
> 
> 
> Rick.
> [EMAIL PROTECTED]roseville, minnesota
> "Authentication" in bookstores http://www.visi.com/crypto/
> 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Rick Smith at Secure Computing]

Stripping off the precise legal language, this looks like a software 
keystroke logger that was carefully crafted to collect a PGP passphrase 
while collecting as little other data as possible. Collecting evidence is 
tricky business. You have to collect exactly the information you need, but 
you mustn't collect any information you aren't authorized to collect. If 
you do, then you can't use the information you have. Moreover, you need to 
be able to show that the evidence is 'clean' and hasn't been tampered with. 
This makes it very tricky when you're trying to collect computer 
information that's intended to be used as evidence in legal proceedings.

Without actually seeing the warrant used to authorize the keystroke 
capture, it's hard to tell what was really going on. But it seems 
reasonable to speculate that the keystroke monitor was carefully configured 
to comply with the letter of the warrant issued to the FBI to implant the 
keystroke logger. If they collect too much data under the warrant, the 
defense attorney might be able to block the use of the logs as evidence by 
arguing that the FBI didn't comply with the warrant.

I suspect that the "components" of the logger are software modules that are 
included and/or configured according to the types of data that the FBI has 
a warrant to collect.

Regarding all this, Peter Fairbrother wrote:

>The other and more worrying "component" picked up the PGP key Scarfo used -
>his father's prison number!

I found Scarfo's choice of password rather amusing, since it shows that a 
personally tailored dictionary attack would have worked as well as the 
keystroke logging, and probably wouldn't have taken as long (14 days).

>I don't
>know if Scarfo entered his PGP key more than once but apparently it only
>recorded it once. The PGP key information was at the end of the output
>presented to the Court so it may have stopped operation then, but the
>"keystroke capture component" should have continued to work if the overall
>design was good.

If my speculations about the warrant are correct, the logger may have shut 
itself down just to reduce the risk of intercepting anything that might 
have violated the letter of the warrant.

>Could it be remotely installed?

If someone manages to install Back Orifice (or its latest incarnation) on 
the victim's computer, then it's possible to remotely command Back Orifice 
to install keystroke logging software. However, the remote approach isn't 
100% guaranteed to work, and Scarfo might have detected the installation 
activity or the presence of Back Orifice.

>Is this a serious security failure in PGP?

No, it's a problem with any programmable computer. If you can install new 
programs, you can install changes to existing programs. Since the FBI snuck 
into Scarfo's house and had physical access to his computer, they could 
install or patch the Windows OS, or PGP, or anything else on the computer 
however they wanted. The only limitation on their actions was that they 
didn't want to change anything Scarfo might detect.


Rick.
[EMAIL PROTECTED]roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Scarfo "keylogger", PGP

[Bram Cohen]

On Mon, 15 Oct 2001, Peter Fairbrother wrote:

> The other and more worrying "component" picked up the PGP key Scarfo used -
> his father's prison number! - and virtually nothing else.

Sounds like it was software and just recorded everything typed into the
PGP 'enter your password' dialog.

> Could it be remotely installed?

It's a windows box, do you really have to ask?

> Is this a serious security failure in PGP?

Almost certainly not. Applications can't be any more secure than their
operating system.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Scarfo "keylogger", PGP

[Peter Fairbrother]

For those who haven't seen it, there is an affidavit from the FBI at

  (ref from schneier)

about the "keylogger" system the FBI used. I put "keylogger" in quotes
because it's unclear if the "key" that's being logged is a keystroke or an
encryption key - probably both.

This is a very tricksy document, I have studied it hard and I'm still not
sure what it says, however:

(background: the FBI couldn't intercept his email with the warrant they had,
so they couldn't use an ordinary keylogger)

There were at least two "components" to the "keylogger" the FBI planted on
Scarfo's computer. One was a "keystroke capture component" that couldn't
record keystrokes when the modem was operating (there are hints that another
"component", perhaps the one below, could record keystrokes entered into a
window that was not using the modem when the modem was in use by another
window). This doesn't seem to have recorded much, anything useful, or
anything that looks like language, and it was probably meant to capture key
material used by crypto programs other than PGP, which was the main target.

Could be hardware but it "checked the status of each communication port" at
every keystroke before recording it so I doubt it. Then again a software
port scan at every keystroke might noticeably degrade performance. One
puzzle is that if the ports reported inactivity then all keystrokes were
recorded. I don't know about Scarfo, but I usually write email when
disconnected to keep the phone bills down, there weren't any emails in the
log presented to the Court, and the "keylogger" was in place for at least 14
days.



The other and more worrying "component" picked up the PGP key Scarfo used -
his father's prison number! - and virtually nothing else. It didn't capture
keystrokes. Almost certainly it detected and captured only the PGP logon
when the enter key was pressed, and it is almost certainly software. I don't
know if Scarfo entered his PGP key more than once but apparently it only
recorded it once. The PGP key information was at the end of the output
presented to the Court so it may have stopped operation then, but the
"keystroke capture component" should have continued to work if the overall
design was good.

Could it be remotely installed? Is this a serious security failure in PGP?
The recent announcement by NA that they are looking for a buyer for PGP, at
a time when it's value would be low anyway following the WTC attacks, may be
relevant...


-- Peter Fairbrother




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]