Any legitimate keylogging program can still be used with malicious or criminal intent
The next time you use a public computer or a computer other than you own to access bank accounts and other sensitive and personal information. beware. A little known but available everywhere device or software, can easily record every stroke you type on the keyboard, making it cakewalk to hack an account.
A keylogger, also known as keystroke logger or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.
Keyloggers can be divided into two categories, keylogging devices and keylogging software. The former can easily be spotted as it requires a physical connection, usually between the keyboard cable and the motherboard on desktop computers. The latter, is virtually impossible to detect, as the software records away virtually undetected.
What a keylogger does?
- Logs each keystroke a user types on a computer’s keyboard
- Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
- Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information
- Monitors online activity by recording addresses of visited websites, taken actions, entered keywords and other similar data
- Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space
- Capture online chat conversation made in popular chat programs or instant messengers
- Makes unauthorized copies of outgoing and incoming e-mail messages
- Saves all collected information into a file on a hard disk, and then silently sends this file to a configurable e-mail address uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
- Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.
Appropriate usage of keyloggers
Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including;
- Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content;
- Jealous spouses or partners can use keylogger to track the actions of their better half on the Internet if the suspect them of “virtual cheating”;
- Company security: tracking the use of computer for non-work-related purposes, or the use of workstations after hours;
- Company security: using keyloggers to track the input of keywords and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed;
- Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers;
However, the justifications listed above are more subjective than objective; the situations can all be resolved using other methods. Additionally, any legitimate keylogging program can still be used with malicious or criminal intent.
Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.
Types of hardware keyloggers
They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activity to their internal memory.
A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer’s operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software.
A hardware keylogger is typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC Balun. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this “feature”. They are designed to work with legacy PS/2 keyboards, or more recently, with USB keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wireless communication standard.
The main risk associated with a hardware keylogger use is that physical access is needed twice: initially to install the keylogger, and secondly to retrieve it. Thus, if the victim discovers the keylogger, they can then set up a sting operation to catch the person in the act of retrieving it. This could include camera surveillance or the review of access card swipe records to determine who gained physical access to the area during the time period that the keylogger was removed.
Wireless Keylogger sniffers – Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices.
Firmware – A computer’s BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.
Keyboard overlays – a bogus keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using.
Denial of physical access to sensitive computers, e.g. by locking the server room, is the most effective means of preventing hardware keylogger installation.
Visual inspection is the easiest way of detecting hardware keyloggers. But there are also some techniques that can be used for most hardware keyloggers on the market, to detect them via software. In cases in which the computer case is hidden from view (e.g. at some public access kiosks where the case is in a locked box and only a monitor, keyboard, and mouse are exposed to view) and the user has no possibility to run software checks.
One method a user might thwart a keylogger when using a public or unknown computer is by typing part of a password, using the mouse to move to a text editor or other window, typing some garbage text, mousing back to the password window, typing the next part of the password, etc. so that the keylogger will record an unintelligible mix of garbage and password text.