worked with keyboards embedded in laptops.
Every keyboard tested was vulnerable to at least one of the four attacks the researchers used. One attack was shown to work over a distance of 20 metres.
In their work the researchers used a radio antenna to "fully or partially recover keystrokes" by spotting the electromagnetic radiation emitted when keys were pressed.
In a web posting they added: "no doubt that our attacks can be significantly improved, since we used relatively unexpensive equipments [sic]."
In videos showing their early work the researchers are seen connecting keyboards to a laptop running on battery power. They avoided using a desktop computer or an LCD display to minimise the chance of picking up signals from other sources.
Details of the attacks are scant but the work is expected to be reported in a peer-reviewed journal soon.
The research builds on earlier work done by University of Cambridge computer scientist Markus Kuhn who looked at ways to use electromagnetic emanations to eavesdrop and steal useful information.
Also look at http://5pillar.wordpress.com/2008/10/21/keyboard-sniffers-to-steal-data/#comments for " " insight
RFID chips now exist in:
There are two materials which impede Radio Signals with incredible success… Water & Metal. Although you could fill a bag full of water and place your money, wallet, or whatever else in it, let’s continue with the metal route. A single layer of aluminum foil of only 27 microns thick is often enough to block the RFID signals of most readers or 1mm of dilute salt water. A quick test at my work place using my badge confirmed the effectiveness of a layer of aluminum foil. (insert obligatory aluminum foil hat joke) So… the next step was to design a wallet with aluminum foil embedded inside. Using the plans to make Duct Tape Wallets I created previously, it was simple to modify them to include the aluminum foil.
If you’re simply looking for a bit of casual protection, simply stacking your cards next to each other will assist in reducing their strength.
Please see the original construction plans at this point…
In creating a RFID Blocking Duct Tape Wallet, the only step that needs to be modified is the first one. To create a sheet of RFID Blocking tape, simply place a sheet of foil on the table, and place strips of Duct Tape overlapping on top. Once created, the sheet can be cut with scissors to the sizes needed to continue making the wallet.
I chose to make one more addition to my RFID Protective Wallet. A simple flap on the left hand side prevents cards inside the wallet from broadcasting even while the wallet is open half way. If there are cards you wish to broadcast at will, consider creating a pocket of only tape on the outside of the wallet for you to slip the card into.
Here are a few more pictures from the creation process…
UPDATE Oct. 30, 3:41 p.m. In response to reader comments about the safety of these scanners, I want to add that the TSA and the machine manufacturers told Aviation.com that, "the amount of radiation during the scan is equal to 15 minutes of exposure to natural background radiation on a sunny day." That is significantly less than a traditional X-ray.
UPDATE Oct. 31, 9:50 a.m. A TSA spokesperson has responded to our blog post with the following comment:
Blogger Bob here from the TSA Eos Blog. I wanted to clear some things up. These are not the images that our officers see. To read more about the technology and to see the correct images, please go here. Importantly, we’ve designed the program not to retain any image created and to prevent the [officer] looking at the image from being able to see the individual being screened. The TSA website also contains information on this and other programs your readers might be interested in.
Thanks, Bob TSA Evolution of Security Blog Team
My response is that you go, as Bob suggests, to see the image examples on the TSA blog page. Are they really that less invasive? You be the judge!
I had been curious about what’s in my travel dossier, so I made a Freedom of Information Act (FOIA) request for a copy.
My biggest surprise was that the Internet Protocol (I.P.) address of the computer used to buy my tickets via a Web agency was noted. On the first document image posted here, I’ve circled in red the I.P. address of the computer used to buy my pair of airline tickets.
(An I.P. address is assigned to every computer on the Internet. Each time that computer sends an e-mail—or is used to make a purchase via a Web browser — it has to reveal its I.P. address, which tells its geographic location.)
The rest of my file contained details about my ticketed itineraries, the amount I paid for tickets, and the airports I passed through overseas. My credit card number was not listed, nor were any hotels I’ve visited. In two cases, the basic identifying information about my traveling companion (whose ticket was part of the same purchase as mine) was included in the file. Perhaps that information was included by mistake.
Some sections of my documents were blacked out by an official. Presumably, this information contains material that is classified because it would reveal the inner workings of law enforcement.
Here’s the lowdown on the records.
The commercial airlines send these passenger records to Customs and Border Protection, an agency within the Department of Homeland Security. Computers match the information with the databases of federal departments, such as Treasury, Agriculture, and Homeland Security. Computers uncover links between known and previously unidentified terrorists or terrorist suspects, as well as suspicious or irregular travel patterns. Some of this information comes from foreign governments and law enforcement agencies. The data is also crosschecked with American state and local law enforcement agencies, which are tracking persons who have warrants out for their arrest or who are under restraining orders. The data is used not only to fight terrorism but also to prevent and combat acts of organized crime and other illegal activity.
Officials use the information to help decide if a passenger needs to have additional screening. Case in point: After overseas trips, I’ve stood in lines at U.S. border checkpoints and had my passport swiped and my electronic file examined. A few times, something in my record has prompted officers to pull me over to a side room, where I have been asked additional questions. Sometimes I’ve had to clarify a missing middle initial. Other times, I have been referred to a secondary examination. (I’ve blogged about this before.)
When did this electronic data collection start? In 1999, U.S. Customs and Border Protection (then known as the U.S. Customs Service) began receiving passenger identification information electronically from certain air carriers on a voluntary basis, though some paper records were shared prior to that. A mandatory, automated program began about 6 years ago. Congress funds this Automated Targeting System’s Passenger Screening Program to the tune of about $30 million a year.
How safe is your information? Regulations prohibit officials from sharing the records of any traveler — or the government’s risk assessment of any traveler — with airlines or private companies. A record is kept for 15 years—unless it is linked to an investigation, in which case it can be kept indefinitely. Agency computers do not encrypt the data, but officials insist that other measures — both physical and electronic — safeguard our records.
I wonder if the government’s data collecting is relevant and necessary to accomplish the agency’s purpose in protecting our borders. The volume of data collected, and the rate at which the records is growing and being shared with officials nationwide, suggests that the potential for misuse could soar out of hand. Others may wonder if the efforts are effective. For instance, I asked security expert Bruce Schneier Schneider about the Feds’ efforts to track passenger activity, and he responded by e-mail:
"I think it’s a waste of time. There’s this myth that we can pick terrorists out of the crowd if we only knew more information."
On the other hand, some people may find it reassuring that the government is using technology to keep our borders safe.
Oh, one more thing: Are your records worth seeing? Maybe not, unless you’ve been experiencing a problem crossing our nation’s borders. For one thing, the records are a bit dull. In my file, for instance, officials had blacked out the (presumably) most fascinating parts, which were about how officials assessed my risk profile. What’s more, the records are mainly limited to information that airline and passport control officials have collected, so you probably won’t be surprised by anything you read in them. Lastly, there may be a cost. While there was no charge to me when I requested my records, you might charged a fee of up to $50 if there is difficulty in obtaining your records. Of course, there’s a cost to taxpayers and to our nation’s security resources whenever a request is filed, too.
However, if you are being detained at the border or if you suspect a problem with your records, then by all means request a copy. U.S. Customs and Border Protection is required by law to make your records available to you, with some exceptions. Your request must be made in writing on paper and be signed by you. Ask to see the "information relating to me in the Automated Targeting System." Say that your request is "made pursuant to the Freedom of Information Act, as amended (5 U.S.C. 552)." Add that you wish to have a copy of your records made and mailed to you without first inspecting them. Your letter should, obviously, give reasonably sufficient detail to enable an official to find your record. So supply your passport number and mailing address. Put a date on your letter and make a copy for your own records. On your envelope, you should conspicuously print the words “FOIA Request." It should be addressed to “Freedom of Information Act Request,” U.S. Customs Service, 1300 Pennsylvania Avenue, NW., Washington, DC 20229. Be patient. I had wait for up to a year to receive a copy of my records. Then if you believe there’s an error in your record, ask for a correction by writing a letter to the Customer Satisfaction Unit, Office of Field Operations, U.S. Customs and Border Protection, Room 5.5C, 1300 Pennsylvania Avenue, N.W., Washington, D.C. 20229
|Air Force flowchart used for “counter-blogging” purposes. Click image to see a larger version.|
“In a twelve-point plan, put together by the emerging technology division of the Air Force’s public affairs arm, airmen are given guidance on how to handle ‘trolls,’ ‘ragers’ — and even well-informed online writers, too. It’s all part of an Air Force push to ‘counter the people out there in the blogosphere who have negative opinions about the U.S. government and the Air Force,’ Captain David Faggard says,” Shachtman writes.
In the case of the Infowars and Prison Planet websites, Centcom operatives do not respond to trolls and ragers. In fact, many of them seem to be the most vociferous trolls and ragers.
On October 16, 2006, Raw Story reported that the United States Central Command sent an email to bloggers on the subject of the GWOT, or so-called “global war on terror,” as part of the Pentagon’s “engagement operations.”
“Now [online readers] have the opportunity to read positive stories. At least the public can go there and see the whole story,” said Maj. Richard J. McNorton. “The public wants to hear these good stories.”
In fact, the public gets these ostensibly “good stories” via the corporate media that acts as a propaganda conduit for the government and the Pentagon.
“I’ve always thought that a military-like process would be a good bridge to connect the services with the blogosphere. There’s a field manual for everything in the military, so this flow-chart presents online communications in a DoD [Department of Defense] friendly format,” former military spokesman Steven Field told Wired.
Mr. Field’s assertion is seriously at odds with Pentagon policy, however. A 2003 Pentagon document entitled the Information Operation Roadmap, released to the public after a FOIA request by the National Security Archive at George Washington University in 2006, characterizes the internet as if it were an enemy “weapons system.”
“We Must Fight the Net. DoD [Department of Defense] is building an information-centric force,” the document states. “Networks are increasingly the operational center of gravity, and the Department must be prepared to ‘fight the net’… DoD’s ‘Defense in Depth’ strategy should operate on the premise that the Department will ‘fight the net’ as it would a weapons system.”
Unleashing trolls and ragers who consider blogs and websites opposed to the government as an enemy “weapons system” is only part of the overall plan to conquer and dominate the internet.
“Part of the Information Operation Roadmap’s plans for the internet are to ‘ensure the graceful degradation of the network rather than its collapse.’ (pg 45) This is presented in “defensive” terms, but presumably, it is as exclusively defensive as the Department of Defense,” notes Brent Jessop for Global Research.
As far as the Pentagon is concerned the internet is not all bad, after all, it was the Department of Defense through DARPA that gave us the internet in the first place. The internet is useful not only as a business tool but also is excellent for monitoring and tracking users, acclimatizing people to a virtual world, and developing detailed psychological profiles of every user, among many other Pentagon positives. But, one problem with the current internet is the potential for the dissemination of ideas and information not consistent with US government themes and messages, commonly known as free speech. Naturally, since the plan was to completely dominate the “infosphere,” the internet would have to be adjusted or replaced with an upgraded and even more Pentagon friendly successor.
A renowned Russian author, Dmitry Glukhovsky, told Russia Today the internet may very well be in decline. “Glukhovsky predicted that the network would become clogged with traffic and may grind to a halt in the near future,” writes Steve Watson. “We have previously warned that the rumors of the internet’s decline have been much exaggerated and used as a pretext for calls to designate of a new form of the internet known as Internet 2.”
Of course, Internet 2 would be greatly regulated and only “appropriate content” would be accepted by an FCC or government bureau. Everything else would be relegated to the “slow lane” internet, the junkyard as it were.
In tandem with broad data retention legislation currently being introduced worldwide, such “clean slate” projects may represent a considerable threat to the freedom of the internet as we know it. EU directives and US proposals for data retention may mean that any normal website or blog would have to fall into line with such new rules and suddenly total web regulation would become a reality.
This “clean slate” and “appropriate content” agenda dovetails with the objectives of the Pentagon as it “fights the net” and strives to disseminate “good stories,” that is to say counter the research of “well-informed online writers” with pro-government propaganda.