How-to: Encrypt keystrokes and defeat [some] keystroke loggers

Hey all,

Keystroke loggers are a rising and REAL threat, if not from LEA then from crackers ("black hat" hackers). I won't spend time describing keystroke loggers, you can use http://scroolge.org or http://cuil.com for that. But I do want to talk about four important issues: kernel level and driver level keystroke loggers, screen captures and hardware keystroke loggers.

1. OS kernel level keystroke loggers:
   
   Kernel level keystroke loggers are the most common 'sophisticated' keystroke loggers employed. They can be defeated by security software which creates an encrypted 'channel' from your keyboard, to the OS kernel, and on to the application (Firefox for example). An issue here is the strength of randomness of the encryption cipher. The type of encryption we are talking about here is not what you think of when you think about encryption, but none the less it does the job.
   
   All other types of software keystroke loggers running higher than the kernel will also be defeated by keystroke encryption on the kernel level.
   
   One thing to note is keystroke loggers could coded specifically to defeat keystroke encryption programs by finding flaws in the encryption...a good example of a weak encryption cipher would be the program "keyscrambler"...
   
   
2. Driver level keystroke loggers:
   
   These can not be defeated by any software I know of. But these types of keystroke loggers are less common too.
   
   
3. Screen captures:
   
   This type of logger takes X number of screen shots every X seconds with other variables like being triggered by specific programs, etc. These types of screen captures are not defeated by encrypting keystrokes. But a GOOD anti-spyware tool like SpySweeper should be able to find most malicious screen capture programs.
   
   
4. Hardware keystroke loggers:
   
   You are screwed in two ways with a hardware keystroke logger. The first way is that there is NO software which can defeat a hardware keystroke logger and they are damn near impossible to find unless you know what your looking for. The second way your screwed is if you have a hardware keystroke logger installed that means someone has gained unauthorized psychical access to your computer...not good at all...

Solution for kernel level (and higher) keystroke loggers:

You need kernel level keystroke encryption...

Windows:

I suggest the program "BlueGem", the free IE and Firefox version is HERE. This program currently only works with IE and Firefox, soon I hope it will expand into OpenOffice and Word, etc. But for now if you have a real concern you could write sensitive documents with OpenOffice on a computer which HAS NEVER been connected to the internet.

There are other programs such as "keyscrambler", it is nice because it works with OpenOffice, etc. But keyscrambler has VERY annoying adware and is uses a weak encryption cipher. There was another program that was strong but I can't find it anymore, maybe they went belly up? But regardless the program BlueGem is good IMO...heck, TrendMicro has incorporated it into their security software I read so it should be trustworhty...


Other OS's:

I'm pretty sure Linux (and derivatives) and other OSs have packages which encrypt keystrokes but I haven't looked into it...



HTH


P.S.
Now that TrueCrypt Whole Disk Encryption seems very stable I will do a little write up on it soon. TrueCrypt now offers a "hidden OS" option, so you have two OS's installed. One with fake sensitive data you can allow the LEA to see and one which is hidden and encrypted and hold all your real data.