Keyloggers and criminals
Nonetheless, it is still the darker side to these surveillance technologies that is more familiar to the majority of IT and security professionals. Using keyloggers gives thieves a veil of anonymity: they can plunder the treasure-trove of inter-connected corporate systems and storage devices at will, with very little chance of detection.
In the wrong hand therefore, keyloggers can damage business relationships, financial standing, and reputations. They can even cause an organisation to breach major pieces of legislation such as European Data Protection and Human Rights Acts, or the Sarbanes-Oxley Act in the States.
Nor is it just large corporates that experience keylogging attacks. They may well be the most attractive targets, but individuals’ personal details are at risk from a carefully located keylogger – and far less likely to be adequately protected. In fact, any individual or organization that accesses, inputs or stores valuable information is at risk.
Software or hardware
Nicodemo Scarfo was caught out by a Magic Lantern, software keylogger that infected his machine through a Trojan, and this is the way that the majority of keyloggers work. The advantage of the software versions is that they are easy to install – despite the constant warnings, too many people lose the war between curiosity and caution and open up spyware, Trojan or virus-infected files and emails. Software also enables thieves to infect a huge number of machines and gather the data quickly, easily and remotely.
Fortunately, detection is becoming much easier. The attractions of the bigger corporates are tempered by the increasing awareness of IT security managers, who keep machines protected with the latest anti-virus software to prevent Trojans and spyware entering the system in the first place. Should a keylogger slip through the net, standard protection tools that monitor the status of a computer can detect and remove them.
Unfortunately, security managers are locked in a game of one-upmanship with criminals who have followed the lead of the most successful businesses and taken the maxim ‘innovate or die’ to heart. As security measures improve, so criminals find new ways to breach them. In this case that means hardware keyloggers. These devices are much harder to detect than software since they do not install any code onto the machine and cannot be spotted by traditional anti-virus or anti-spyware tools.
Installing the hardware
Hardware keyloggers take two main forms. The first, and probably the most common, is a small device installed at the back of a PC between the keyboard and its connection to the machine.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.