Keyloggers: One Way To Defeat Full Disk Encryption.

Not too long ago, AlertBoot was approached by a prospect who wanted “NSA-proof encryption.”  Another prospect wanted to know what guarantees we could offer when it comes to preventing data leaks.  We have found over the years that such questions are par for the course in the sector.

Long story short: we let the prospects know that no such encryption software existed, and that no such guarantees could be made in good faith.  I didn’t got as far as saying that anyone who did make such guarantees were probably lying, but it was implied.

Encryption is not a data security panacea, and the reason why can be seen in the following story.

County Sheriff Installs Keylogger to Spy on Wife

According to, the country sheriff to Clay County, W. Va., was given probation for installing a keylogger on a computer belonging to the West Virginia Supreme Court.  The reason for the sheriff’s actions was as inane as it was chilling: he wanted to spy on his wife’s computer activities, a spouse he was about to divorce.  Apparently, the sheriff was “concerned” about a man his soon-to-be ex-wife was seeing.

Unfortunately for the sheriff, the court’s IT department started upgrading computer hardware not too long after.  A technician found the offending device and reported it.  Ultimately, it was traced back to the sheriff.  He, naturally, denied knowledge of it.

The breach lasted three weeks.  More importantly, it only lasted that long because of a hardware upgrade.  Had such maintenance work not been scheduled, who knows how long it would have lasted?  Or whether the sheriff would have been caught?

What’s even more scandalous is that (1) it doesn’t take an IT expert to carry out this particular attack and (2) the price to do so costs less than $50 (the price of a hardware keylogger online).

It’s because of maneuvers like these that full disk encryption cannot be the ultimate solution to data security.  It’s also the reason why one cannot guarantee that data won’t leak when it’s protected with FDE: there are too many ways to get to the data even if full disk encryption is working correctly.  Other examples other than a keylogger: physically threatening a person to reveal the password or the installation of malware.

What Good is FDE, Then?

Just like a chef has numerous knifes for essentially doing the same thing (cutting stuff up), full disk encryption is but one tool in an array of data security solutions.  What FDE does, it does really well.  That’s why government organizations have to coerce (or encourage) people into establishing backdoors, or take them to court to reveal passwords (or in lieu of it, just giving them access to data by having the defendant typing in the password), or throw them into jail.

The long and the short of it is this: full disk encryption prevents unauthorized eyes from seeing your computer’s data if/when your computer is lost or stolen.  It does not stop someone who is hell-bent on hacking your machine: (a) someone who has the brains, training, and equipment to do so; (b) is authorized to do so; or (c) is willing to threaten you, and carry out that threat, if you do give him access to the device.

Related Articles and Sites:


Comments (0)

Let us know what you think