But the rise of the geek didn’t just confine itself to the light-hearted entertainment, start-ups that went stratospheric, or successful transformations of ‘old economy’ businesses. Computers and crime have come together. Mobsters are no longer the fast-talking, pin-striped, gun-toting caricatures of Hollywood legend. Criminal organizations are just as likely to be behind hacking and phishing networks as illegal gambling rackets and gun-running operations - with the same levels of profitability.
These days the weapons of choice are not sawn-off automatics, or revolvers fitted with silencers. It’s much more likely to be illicitly gathered passwords, user-names and dates of birth. And of the armory at their disposal, keyloggers are an increasingly popular choice.
Available in either software or hardware form, keyloggers record every stroke made on a keyboard, and compile the data gathered to reconstruct login details, PINs, encryption codes, mothers’ maiden names or any other form of security information. From there it is but a short journey to inviting vistas of identity theft, industrial espionage, blackmail, or simple credit card misappropriation.
In an age when CPUs are increasingly central to so many aspects of our lives, and the quality of information is a key differentiator between businesses, it is not surprising that keyloggers have proved to be so attractive to criminals.
Despite this, the keylogger/criminal connection has on occasion worked in the interests of the good guys. In one of the earliest examples of cyber-crime fighting, Nicodemo Scarfo Jr, a well-connected member of the New York and Philadelphia mobs, was brought down by the Magic Lantern keylogger that the FBI installed on his computer via a Trojan. Certainly not be the typical bullets-and-bloodshed take-down of popular imagination, it was still enough to indict him for running an illegal gambling ring and loan sharking.
At the time the story raised a number of concerns about computer privacy. Now it serves as a useful reminder that there is a positive side to keylogging. As well as serving the interests of law enforcement agents, keyloggers can help employers maintain productivity by ensuring that staff are working on appropriate projects. They can protect valuable bandwidth, by spotting when unnecessary applications have been downloaded and ensure optimum use of networked resources by encouraging personal web or system use is kept to appropriate levels.
Keyloggers can even be used in the interests of child protection, enabling parents to check their children’s computer activities, while giving those children a degree of independence and privacy.
Keyloggers and criminals
Nonetheless, it is still the darker side to these surveillance technologies that is more familiar to the majority of IT and security professionals. Using keyloggers gives thieves a veil of anonymity: they can plunder the treasure-trove of inter-connected corporate systems and storage devices at will, with very little chance of detection.
In the wrong hand therefore, keyloggers can damage business relationships, financial standing, and reputations. They can even cause an organisation to breach major pieces of legislation such as European Data Protection and Human Rights Acts, or the Sarbanes-Oxley Act in the States.