Sunday, October 3, 2010

Keylogger - - A Threat to Your Private Information While Using Public Computers

Beware! Its a Cyber World -- Summary:

Through mail and different social networks; a widely circulated message warns users of public computers to check for a black device that, when plugged into the computer's keyboard by a fraudster, can store all key strokes entered, including passwords.

In fact, such keylogging devices do exist and they certainly can be used to steal personal information from unsuspecting computer users. Computer users should be aware that such devices exist and may be used to steal data. However, the devices are not new technology as suggested in the message and they are not always black. Keyloggers come in all shapes, sizes and colours. There are also software keyloggers that users may inadvertently download from malicious websites. Software keyloggers are probably a more potent security threat than the hardware devices described in the message.

Let's have a look to the contents of the message and related images

Beware the black device connected to the keyboard.



Additional adapter

New storing device fits at the end of the keyboard cable connecting to the PC specialized to save all typed keys in it.

Mostly could be used in net cafes, exhibitions, hotels and airports therefore be careful especially the people who use the Internet in these places to enter their bank accounts online or any other important sites.

After you enter the bank account and leave the PC it will be easy to open your account again as all that you have typed has been saved in the Black device.

Therefore, you should check the PC for any suspicious piece behind it before using the net in public places for important sites.

Please send it to all who you know to educate them against this fraud.

Beware! Its a Cyber World -- Explanation:

This warning message, which has circulated in various versions for several years, advises people using public computers such as those in Internet Cafes to watch out for a "black device" that can steal the user's data when connected to the computer's keyboard. The message claims that after the device has been plugged into the keyboard cable and then into the back of the computer, it can then record every keystroke entered into the computer. Thus, claims the message, when the fraudster who placed the device subsequently retrieves it, he or she will be able to harvest any information that the user has entered on the computer, including bank account details and other private information. The message normally includes pictures showing the black device and how it is installed.

Such devices do exist and are generally known as "key loggers". The brand of keylogger shown in the message is a KeyShark Key Logger and is available for sale at many different computer outlets and websites around the world. Product information about the device describes it as follows:
This is a device that can be connected to a keyboard to record all keystrokes. It has a changeable password, keyword search, enable/disable option, and stores over a years worth of data.

Keyshark plugs in between your keyboard and your computer. A microcontroller interprets the data, and stores information in the non-volatile memory (which retains the information even when there is a loss of power.) This means that the Key Shark device can be unplugged, and the information will not be lost.

To access the recorded data, you simply type menu in a text editor and the Key Shark comes to life. A menu is displayed with options to erase data, view data, search data for keywords, change password, or disable the device.
The black Keyshark Key Logger shown in the photographs is in fact only one kind of hardware keylogger. The devices come in all shapes and sizes and are not always black. There are also USB and wifi keyloggers as well as PS/2 devices like the one shown here. And despite the claim in the warning message, the devices are certainly not new. In fact, they have been around in one form or another for a number of years.

It should be noted that the devices themselves are not illegal and can be easily procured. Possible legitimate applications for keyloggers might be the monitoring of children's use of the Internet, permission based monitoring of staff activity or helping software developers learn how test users interact with new software products. Law enforcement agencies may also use the devices when gathering evidence or intelligence. That said, keyloggers can indeed be used for nefarious and illegal purposes.

So, what of the scenario described in the warning message? It is not impossible that criminals might use such tactics and may indeed have done so, especially if they were actively targeting a specific user. However, installing and later retrieving enough of the devices to enable the scammers to collect a meaningful amount of usable data seems a little problematical. The devices are not particularly cheap, so procuring enough of the devices to make such a scam consistently pay off could require a considerable monetary outlay for our would be hacker. Moreover, installing the device involves disconnecting the keyboard, plugging the keylogger into the back of the computer, and then reconnecting the keyboard - not a particular easy procedure to perform in a crowded Internet Cafe. Nevertheless, users of public computers would be wise to keep an eye out for such devices. An unscrupulous Internet Cafe owner or staff member could certainly install the devices unbeknownst to customers

All in all, however, a much more potent keylogging threat to users exists in the form of software keyloggers. Software keyloggers, which can perform the same function as hardware devices such as the Keyshark, are much cheaper and can potentially be installed on a great many more computers. Keylogger software in the form of trojans horses can be installed on thousands or even millions of computers via malware email campaigns that cost the criminal very little to implement. Therefore, it seems probable that serious criminals are considerably more likely to operate software keyloggers than use the more expensive and cumbersome hardware variety.

No comments:

Related Posts Plugin for WordPress, Blogger...