success fail Jul JUL Sep 14 2006 2007 2010 70 captures 23 Jun 2005 - 16 Jan 2018 About this capture COLLECTED BY Organization: Internet Archive The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine. Collection: nsdlweb this data is currently not publicly accessible. TIMESTAMPS
Schneier on Security
A blog covering security and security technology.
June 20, 2005
Dell Keyboard Loggers
Many people have sent me the story about Dell Computers selling machines with hardware keyboard loggers built in. The story was scant on details, and smelled like a hoax to me. Snopes has weighed in; they believe it's a hoax too.
The Snopes webpage links to further info on Key Loggers in relation to where the images for the original hoax came from. This link will try infect your computer with JS_FORTNIGHT so be careful.
If you need a working mirror, I've had this up for a few days at [web.archive.org] and unlike the other mirrors, it isn't going anywhere, and it doesn't contain any spyware.
Its an obvious hoax to the extent that no laptop vendor would add 20c to the cost of laptop if they could help it, let alone many tens of dollars.
If they wanted to log the keystrokes, they would just reprogram the keyboard controller BIOS instead. Why add extra hardware when there is a 16 bit RISC core between all local keyboard and mouse actions and the main CPU. If they did that, there is nothing to find unless you disassemble the bios and find the KBC code (its in the same bit of flash, just a different assembler)
Posted by: Steve Loughran at June 20, 2005 05:43 PM
The text in the hoax seems to be copied from the same page as the image was copied from. This is very revealing seeing that both texts incorrectly label the PIC microcontroller as beeing a "programmable interrupt controller", obviously another meaning of the acronym PIC (but not correct in this case).
Posted by: kju at June 20, 2005 05:50 PM
1. Would anyone smart enough to know what a keylogger is - much less understand the technical details here - actually fall for this?
2. Someone obviously went to some trouble to fake this. What possible reason could there be?
Posted by: Francois Kashy at June 20, 2005 06:38 PM
That's also not the DHS logo, I'm told.
Methinks someone had a negative Dell experience and is now out for some revenge. Or, it could just be for fun. Either way, I hate people who commit hoaxes. I like to know if something is real or not, without analysis.
Posted by: x at June 20, 2005 07:42 PM
It's a hoax. See [web.archive.org]
Posted by: dil at June 20, 2005 11:39 PM
If Dell wanted to commit some sort of fraud, wouldn't it be easier for them to use your credit card info? After all, you gotta buy a Dell using a credit card, don't you?
--- Dude, you got a Dell!
Posted by: steve at June 21, 2005 02:34 AM
The Department of Homeland Security's letter is false too:
The false letter's header and bottom (near signature) have a font different from the body letter.
The original letter is in this page:
Posted by: Gustavo Bittencourt at June 21, 2005 06:27 AM
Wagering 1000 Quatloo's that it's a hoax... 1) A typical laptop's internal keyboard interface is a ribbon with about 32 lines, not a round cord.
2) A well-made laptop will not often have enough spare room inside for an extra lump of circuitry of the type described.
The other poster was on the money; it'd be massively easier to rewrite the keyboard controller's logic to accomplish logging. And, it could be installed/removed in the field without the user's knowledge.
Posted by: Gary at June 21, 2005 06:31 AM
Then there is the whole concept of, why is DHS only interested in logging the keystrokes of Dell users. Don't terroritsts use any other brand?
Going back a couple weeks to the entries on equating encryption with criminal intenet, one would assume terrorists prefer Macintosh, with it's built-in PGP.
Posted by: Probitas at June 21, 2005 08:16 AM
And here we realise Bruce is just human! for fu**s sake can we have some proper leadership! this is turning into sloashdot!
Posted by: Anonymous at June 21, 2005 02:40 PM
The images for the article were pulled right off of [web.archive.org]
definately a hoax
Posted by: Anonymous at June 21, 2005 03:07 PM
I think I have a keyloger in my laptop. I opened it up and I have one of those ribbon cables, not like what the hoax has, and it goes to one of those keyboard controllers. I checked the chip number on google, and that's what it is. I might be ok because its not a dell. Do only dell machines have keyboard controllers? I don't want the departmont of homeland security reading my irc? Should I be running linux, is that better?
Posted by: Bugged? at June 22, 2005 07:44 PM
Dude, the keyboard controller is necessary for your keyboard to work. the other fellow was saying that it would be easier to create a keylogger innnntegrated in the controller than the on a chip like sown in te story.
Posted by: truthseeker at October 12, 2005 02:27 AM
HELLO U GAI
Posted by: Anonymous at March 13, 2006 04:06 AM
I had a keylogger on my DELL but it came from a SONY CD_EXTRA CD by SPECIFIC HARM RECORDS INC which also installed AOL, downloaded cRAP MP3's, stole passwords, and deleted experimentally synthesized music files.
Don't BUY anything from SONY.
Posted by: keylogged at June 12, 2006 02:50 AM
Post a commentPowered by Movable Type 3.2. Photo at top by Steve Woit.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT Counterpane.Blog Menu
- Essay on Fear
- Comparing Rare Risks
- Risks of Data Reuse
- Designing Voting Machines to Minimize Coercion
- America's Newfound Love of Secrecy
- Credit Card Gas Limits
- Surveillance Cameras that Obscure Faces
- 4th Amendment Rights Extended to E-Mail
- Cell Phone Stalking
- Cocktail Condoms
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
RSS 2.0 (excerpts) Crypto-Gram Newsletter If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.