Keyloggers
One of the most popular types of spyware is the key logger. When
one is installed correctly, it has the power to capture and record
all the data passing from the input device (keyboard, mouse, etc) to
the computer. While the ethical considerations of using such a
program are open for discussion, the keylogger is used for numerous
purposes. Whether monitoring a child's actions, spying on a spouse,
capturing keystroke information for productivity purposes, or even
collecting passwords, the keylogger is one of the most commonly used
spyware. Let us take a look at the internals of keyloggers and how
they work. In addition, we will also discuss the methods by which
you can detect keyloggers.
What are keyloggers
A proper definition of a keylogger is "any device or program that
captures information from an input device and places the captured
data into a file." What this should tell you is that a keylogger can
take many forms; some almost impossible to detect. Regardless of the
type, a keylogger generally does one thing; capture the keystrokes
from a keyboard. At one time this would have been enough. However,
in the last three decades of computer use, many other methods of
input have been devised that allow a user to interact with a
computer. Mice, touch screens, verbal commands, and even thought
control have been used to control a computer. As a result,
keyloggers have evolved to include many other methods of monitoring,
which extend well beyond the scope of this discussion. Therefore, we
will focus mainly on the keylogging abilities, but will address
alternate methods of capture at the end of this section.
Hardware Keylogger
Hardware keyloggers are small lipstick shaped devices that are
placed inline, between your keyboard and computer (see figure 1).
Since they are connected near the back of the computer, which is
often hidden from site, these devices are rarely noticed or
detected, as figure 2 indicates. Unfortunately, this easily
overlooked device has the power to record hundreds of thousands of
keystrokes, including passwords, credit card numbers, or adulterous
conversations.
Figure 1: Hardware Keylogger
Figure 2: Installation of
keylogger
The hardware keylogger is a very straightforward device. It
simply captures the electronic signal from the keyboard and stores
it in a local data buffer within the tube shaped device. In order to
extract the data from the internal buffer, the device constantly
monitors the incoming keystrokes until it detects a secret password.
This will in turn trigger a program located on the keylogger that
allows the user to output the captured data into a waiting program,
such as Word or Notepad. While this is usually done at the target
computer after hours or when the target is away on an errand, it is
just as simple to remove the keylogger for future analysis at any
computer.
Hardware based loggers have the advantage of remaining mostly
invisible to the average user. Since most users don't have a clue
about what should or shouldn't be plugged into their computer, they
won't notice the small device. In addition, since there are no
processes or programs running on the target computer, it is
invisible to any nosy users or antivirus/keylogger detection
programs. Related to this, a hardware keylogger is impervious to
hardware crashes, system formats, or even complete changes to an
operating system. If your target user dual boots their system
between Linux and Windows, this type of keylogger could be your best
choice. |
