KeySweeper – Microsoft Wireless Keyboard Sniffer

$10 Wireless Keystroke logger masquerading as a USB Charger

An awesome, albeit frightening device from Samy Kamkar – for around $10 you can be the proud owner of the KeySweeper, an Arduino-based sniffer/decrypter/keylogger that targets Microsoft Wireless Keyboards.

It conveniently masquerades as a USB charger, so it is reasonably small and completely discreet. I am not sure about where you work but these devices have been omnipresent at most workplaces I’ve encountered, quite often (and not surprisingly) attached to Apple devices.

Read the entire device breakdown and information on the KeySweeper here

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring.

You Do (Not) Have The Right To Remain Silent

What you should probably know about the Miranda Warning, the Fifth Amendment, and recent court decisions

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation

As noted in this recent NPR segment, the fifth amendment has largely been taken out of context as a result of the Miranda WarningIt is entirely true you can remain silent in matters in which you are compelled to incriminate yourself, however, there is no constitutional protection for keeping your mouth shut.

Your silence can and will be used against you in a court of law.

Here is the case of Richard Tom, who’s silence following a deadly crash was entered as evidence of his guilt. I do not condone Tom’s actions of operating a motor-vehicle with a BAC in excess of 0.08 that led to the death of another person. That is reprehensible behavior easy to prove without having to rely on his demeanor while under police custody.

Nothing new to the paranoid and pedantic readers of this site I am sure, but the next time you deal with the cops don’t say you weren’t warned.

Secrets and DUI

Robert Litt of the Office of the Director of National Intelligence compares sharing government secrets to drunk driving.

 ”Not every drunk driver causes a fatal accident, but we ban drunk driving because it increases the risk of accidents.  In the same way, we classify information because of the risk of harm, even if no harm actually can be shown in the end from any particular disclosure.”[*]

Robert Litt, Office of the Director of National Intelligence

NSA Explores Infecting You With Malware

Recent documents outlining the NSA and GCHQ teaming up to automate malware installation across millions of private citizen’s machine in an effort named PROJECT TURBINE

A post this morning on The Intercept details the NSA‘s plans to infect ‘millions‘ of private citizen’s computers with malware, as well as plans to automate large portions of the process to “reduce the level of human oversight in the process.” We recently explored the NSA and GCHQ joining forces to conduct mass surveillance without due process across Yahoo Messenger, and today’s report from The Intercept shows the bond between these two agencies is strong as ever.

UPDATE: The Intercept provides more information on  QUANTUMHAND‘s functionality allowing the NSA to spoof Facebook to spy on citizens

How the NSA Plans to Infect ‘Millions’ of Computers with Malware [via The Intercept]

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

"Undesirable Nudity"

British GCHQ and American NSA have been watching and collecting private text and video conversations on Yahoo Messenger

undesirable nudityThe NSA and the British GCHQ have been intercepting Yahoo Messenger video content shared on ostensibly private webcam conversations. If that’s not embarrassing enough, they’ve deemed the majority of users “undesirable.

UPDATE: The NSA and GCHQ continue to collaborate working on automating malware installations on private citizen’s computers.

GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans’ images being accessed by British analysts without an individual warrant.

Read the entire article on The Guardian

Gov't To Require Data Recorders In Cars

Privacy concerns raised as the White House approves a mandate requiring data recorders, or so-called ‘black boxes’ in all new motor vehicles

White House Green Lights Black Boxes For New Cars

The White House Office of Management has approved a request from the National Highway Traffic Safety Administration (NHTSA) to mandate event data recorders, commonly referred to as “black boxes,” in 100-percent of new vehicles sold.

Flying In The Security Theater

I haven’t flown since these policies were put into place, so let me be state early that I cannot speak from my own experience. (I’m sure when that changes you will hear all about it) What I can comment on however, is being treated like a criminal when there is no evidence. I hate people asking for my receipt when walk 15 yards from a register to a door leaving a retailer, and I detest the notion of other people looking under my clothes or touching my person in the name of “protection” and safety. I go to a lot of large music concerts, and yes I understand the need to search for contraband and alcohol brought in from the outside however never in my years of attending these and similar events have I seen a widespread complaint, let alone entire movements outlining overarching privacy concerns and sentiments of widespread feelings of violation. Wasting my time and destroying my privacy and assuming I’m a hellbent terrorist until proven otherwise does not make me feel safer. Innocent until proven guilty, unless you want to board this plane.

I’m not going to get into a long tirade about the nebulous health issues regarding the use of backscatter radiation to screen passengers or widespread groping occurring in our nation’s airports. These topics have been covered at great length by numerous other more informed and reputable sources than myself. I would however like to take a moment to at least bring the issue to light here and provide some links to some informative websites and groups that are mobilizing travelers, airline employees, and concerned citizens alike as encouragement to readers to take advantage of their voice, and experience the benefits of observing successful efficacy. It’s about time the notions of “social networking” and “crowd sourcing” were leveraged to bring about some substantial and relevant change within society.

Nude TSA Photos Leak Online [via Gizmodo]
The TSA is not compulsory
[via Washington Examiner]
TSA Accosts Three Year Old Girl

Full Frontal Nudity Does Not Make Us Safer: Abolish The TSA
[via Forbes]
National Opt-Out Day ( Website | Twitter )
DontScanMe
File a Report With EPIC

If anybody has their own stories or opinions to share here, I’d love to hear some first-hand accounts (no pun intended) in the comments if you feel so inclined. Oh the TSA also runs a blog, while not highly informative they have at least have an Agency approved troll thread

Edit: Thanks to my good friend @chumprock over on Twitter for linking an article from Jeffrey Goldberg posted this time two years ago outlining just how easy these ‘rules’ are to circumvent

Read ‘The Things He Carried‘ [via The Atlantic]