Tuesday 2 March 2021

Beware Of The Keylogger

Any legitimate keylogging program can still be used with malicious or criminal intent

The next time you use a public computer or a computer other than you own to access bank accounts and other sensitive and personal information. beware. A little known but available everywhere device or software, can easily record every stroke you type on the keyboard, making it cakewalk to hack an account.

4017366_f520So, what the heck is a keylogger?

A keylogger, also known as keystroke logger or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.

- Advertisement -

Keyloggers can be divided into two categories, keylogging devices and keylogging software. The former can easily be spotted as it requires a physical connection, usually between the keyboard cable and the motherboard on desktop computers. The latter, is virtually impossible to detect, as the software records away virtually undetected.

What a keylogger does?

  • Logs each keystroke a user types on a computer’s keyboard
  • Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
  • Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information
  • Monitors online activity by recording addresses of visited websites, taken actions, entered keywords and other similar data
  • Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space
  • Capture online chat conversation made in popular chat programs or instant messengers
  • Makes unauthorized copies of outgoing and incoming e-mail messages
  • Saves all collected information into a file on a hard disk, and then silently sends this file to a configurable e-mail address uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
  •  Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.


Appropriate usage of keyloggers

Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including;

  • Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content;keylogg
  • Jealous spouses or partners can use keylogger to track the actions of their better half on the Internet if the suspect them of “virtual cheating”;
  • Company security: tracking the use of computer for non-work-related purposes, or the use of workstations after hours;
  • Company security: using keyloggers to track the input of keywords and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed;
  • Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers;
- Advertisement -

However, the justifications listed above are more subjective than objective; the situations can all be resolved using other methods. Additionally, any legitimate keylogging program can still be used with malicious or criminal intent.

Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.

Types of hardware keyloggers
They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activity to their internal memory.

A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer’s operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software.

A hardware keylogger is typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC Balun. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this “feature”. They are designed to work with legacy PS/2 keyboards, or more recently, with USB keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wireless communication standard.

The main risk associated with a hardware keylogger use is that physical access is needed twice: initially to install the keylogger, and secondly to retrieve it. Thus, if the victim discovers the keylogger, they can then set up a sting operation to catch the person in the act of retrieving it. This could include camera surveillance or the review of access card swipe records to determine who gained physical access to the area during the time period that the keylogger was removed.

- Advertisement -

Keylogger-hardware-PS2-example-connected.jpgWireless Keylogger sniffers – Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices.

Firmware – A computer’s BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.

Keyboard overlays – a bogus keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using.[1]

Countermeasures
Denial of physical access to sensitive computers, e.g. by locking the server room, is the most effective means of preventing hardware keylogger installation.

Visual inspection is the easiest way of detecting hardware keyloggers. But there are also some techniques that can be used for most hardware keyloggers on the market, to detect them via software. In cases in which the computer case is hidden from view (e.g. at some public access kiosks where the case is in a locked box and only a monitor, keyboard, and mouse are exposed to view) and the user has no possibility to run software checks.

One method a user might thwart a keylogger when using a public or unknown computer is by typing part of a password, using the mouse to move to a text editor or other window, typing some garbage text, mousing back to the password window, typing the next part of the password, etc. so that the keylogger will record an unintelligible mix of garbage and password text.

- Advertisement -

FACT CHECK:
We strive for accuracy in its reports. But if you see something that doesn’t look right, send us an email. The Q reviews and updates its content regularly to ensure it’s accuracy.

Ricohttp://www.theqmedia.com
"Rico" is the crazy mind behind the Q media websites, a series of online magazines where everything is Q! In these times of new normal, stay at home. Stay safe. Stay healthy.

Related Articles

If you get called to tell you that your vaccine is ready, be careful! It may be a scam

QCOSTARICA - Posing as bank employees, announcing that you have won...

[BLOG] Costa Rican Electric Company – General Maintenance Procedures

During my fifteen plus years of living in Costa Rica, I...

MOST READ

Amazon announces the opening of a new cloud services office in Costa Rica

QCOSTARICA - Amazon Web Services, Inc. (AWS), a division of the Amazon company, announced the opening of its first Central American office in Costa...

Tourist visas extended to June 2, 2021

QCOSTARICA - Before I get into my opinion of the irresponsible actions of the immigration service and the ICT, good news for tourists who...

Costa Rica Celebrates 200th This Year

QCOSTARICA - This year Costa Rica celebrates 200 years of independent life. And the road to commemorate the 200th has begun with the launch...

4 FREE Project Management Software for Recruiting and Onboarding New Employees

Recruitment is a prolonged process for any organization that consumes both effort and time. Even though almost 82 percent of the recruiters prefer a pre-assessment...

Franklin Chang: “Space Agency Doesn’t Have to Be a Bureaucratic Elephant”

QCOSTARICA - The so-called Costa Rican space agency, recently approved by Congress, does not have to be a bureaucratic giant, with a large office...

The race to replace Carlos Alvarado in 2022

QCOSTARICA  - Twenty eight Costa Rican's are lining up who want the position that Carlos Alvarado when he leaves office on May 8, 2022,...

Costa Rica confirms presence of coronavirus variants emerged in UK and South Africa

QCOSTARICA - Costa Rica already reports variants of SARS-CoV-2, the virus that causes covid-19 that emerged in the United Kingdom and South Africa and...

The Ultimate Guide to Moving to Costa Rica

Costa Rica is one of the world’s most desirable ex-pat locations and a retirement haven in Central America. The country is blessed with an...

Passengers will be able to make purchases from their cell phone in stores at SJO

QCOSTARICA - Passengers passing through the Juan Santamaría International Airport, or San Jose airport (SJO), will have a more agile and secure shopping option...

WANT TO STAY UP TO DATE WITH THE LATEST!

Get our daily newsletter with the latest posts directly in your mailbox. Click on the subscribe and fill out the form. It's that simple!

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.