Wednesday 23 June 2021

Beware Of The Keylogger

Any legitimate keylogging program can still be used with malicious or criminal intent

The next time you use a public computer or a computer other than you own to access bank accounts and other sensitive and personal information. beware. A little known but available everywhere device or software, can easily record every stroke you type on the keyboard, making it cakewalk to hack an account.

4017366_f520So, what the heck is a keylogger?

A keylogger, also known as keystroke logger or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.

- Advertisement -

Keyloggers can be divided into two categories, keylogging devices and keylogging software. The former can easily be spotted as it requires a physical connection, usually between the keyboard cable and the motherboard on desktop computers. The latter, is virtually impossible to detect, as the software records away virtually undetected.

What a keylogger does?

  • Logs each keystroke a user types on a computer’s keyboard
  • Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
  • Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information
  • Monitors online activity by recording addresses of visited websites, taken actions, entered keywords and other similar data
  • Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space
  • Capture online chat conversation made in popular chat programs or instant messengers
  • Makes unauthorized copies of outgoing and incoming e-mail messages
  • Saves all collected information into a file on a hard disk, and then silently sends this file to a configurable e-mail address uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
  •  Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.


Appropriate usage of keyloggers

Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including;

  • Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content;keylogg
  • Jealous spouses or partners can use keylogger to track the actions of their better half on the Internet if the suspect them of “virtual cheating”;
  • Company security: tracking the use of computer for non-work-related purposes, or the use of workstations after hours;
  • Company security: using keyloggers to track the input of keywords and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed;
  • Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers;
- Advertisement -

However, the justifications listed above are more subjective than objective; the situations can all be resolved using other methods. Additionally, any legitimate keylogging program can still be used with malicious or criminal intent.

Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.

Types of hardware keyloggers
They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activity to their internal memory.

A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer’s operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software.

A hardware keylogger is typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC Balun. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this “feature”. They are designed to work with legacy PS/2 keyboards, or more recently, with USB keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wireless communication standard.

The main risk associated with a hardware keylogger use is that physical access is needed twice: initially to install the keylogger, and secondly to retrieve it. Thus, if the victim discovers the keylogger, they can then set up a sting operation to catch the person in the act of retrieving it. This could include camera surveillance or the review of access card swipe records to determine who gained physical access to the area during the time period that the keylogger was removed.

- Advertisement -

Keylogger-hardware-PS2-example-connected.jpgWireless Keylogger sniffers – Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices.

Firmware – A computer’s BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.

Keyboard overlays – a bogus keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using.[1]

Countermeasures
Denial of physical access to sensitive computers, e.g. by locking the server room, is the most effective means of preventing hardware keylogger installation.

Visual inspection is the easiest way of detecting hardware keyloggers. But there are also some techniques that can be used for most hardware keyloggers on the market, to detect them via software. In cases in which the computer case is hidden from view (e.g. at some public access kiosks where the case is in a locked box and only a monitor, keyboard, and mouse are exposed to view) and the user has no possibility to run software checks.

One method a user might thwart a keylogger when using a public or unknown computer is by typing part of a password, using the mouse to move to a text editor or other window, typing some garbage text, mousing back to the password window, typing the next part of the password, etc. so that the keylogger will record an unintelligible mix of garbage and password text.

- Advertisement -

FACT CHECK:
We strive for accuracy in its reports. But if you see something that doesn’t look right, send us an email. The Q reviews and updates its content regularly to ensure it’s accuracy.

Ricohttp://www.theqmedia.com
"Rico" is the crazy mind behind the Q media websites, a series of online magazines where everything is Q! In these times of new normal, stay at home. Stay safe. Stay healthy.

Related Articles

If you get called to tell you that your vaccine is ready, be careful! It may be a scam

QCOSTARICA - Posing as bank employees, announcing that you have won...

[BLOG] Costa Rican Electric Company – General Maintenance Procedures

During my fifteen plus years of living in Costa Rica, I...

MOST READ

Will that be Cash or Sinpe Móvil?

QCOSTARICA - Sinpe Móvil is easy to use. From your phone, you can send money to friends, family and pay for things. Or receive...

Tourism sector depends on political will for recovery

QCOSTARICA - The future of tourism operators in Costa Rica depends on the political will to approve a package of bills that favors the...

Week immersed in passage of tropical wave, June Solstice and Veranillo

QCOSTARICA - Today, Monday, June 21, is the day of the year when the sun stays the longest on the horizon, therefore it is...

The Best Sports To Play On A Beach

Costa Rica has some of the best beaches in the world. The coastline is blessed with golden sand, beautiful palm trees, and perfect blue...

Today’s Vehicle Restriction June 21: plates ending in 1 & 2 CANNOT circulate

Today, Monday, June 21, we are back to the two plates that cannot circulate, in today's case plates ending in 1 & 2 CANNOT...

Informants assisted OIJ in corruption investigations, says the minister

QCOSTARICA - The investigation into alleged bribery of public officials in exchange for contracts for road works, received help from informants within the Consejo...

Since 2018 MECO has received contracts from the State for more than ¢139 billion

QCOSTARICA - Almost ¢140 billion colones (US$227 million dollars) is the amount the MECO construction company was able to snare for public works contracts...

Today’s Vehicle Restriction June 22: plates ending in 3 & 4 CANNOT circulate

Today, Tuesday, June 22, plates ending in 3 & 4 CANNOT circulate. The measure is countrywide and applied between 5:00 am and 9:00 pm, save...

The United States will distribute 55 million vaccines against Covid-19 in Latin America, Africa and Asia

QCOSTARICA - The United States presented on Monday a plan to share 55 million doses of coronavirus vaccines worldwide, with approximately 75% of the...

WANT TO STAY UP TO DATE WITH THE LATEST!

Get our daily newsletter with the latest posts directly in your mailbox. Click on the subscribe and fill out the form. It's that simple!

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.