KEYLOGGER
keylogger (keystroke logger or system monitor)
what is keylogger?
Key Logging is when your keystrokes are tracked by using software or
malware. It can pose a significant threat to your data and is considered
a very sneaky way to find out information.
The American television series Mr. Robot introduces its
viewers to a lot of hacking attacks, techniques, and tools. Most of it
is based on actual methods and hardware, even if it is presented as far
easier to do on the show than in real life. One thing the show portrays
as a common, almost pedestrian attack technique is keylogging.
You
need to know about keylogging, because it really is as common, easy to
do, and critical to the success of criminals as it is on the TV show.
That’s because the targets of attacks that involve keylogging are, well,
just about anyone and everyone. And you wouldn’t even know that it’s
happening.
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is also available for use on smartphones, such as Apple's iPhone and Android devices.
Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials and sensitive enterprise data. Keylogger recorders may also be used by employers to observe employees' computer activities, parents to supervise their children's internet usage, users to track possible unauthorized activity on their devices or law enforcement agencies to analyze incidents involving computer use. These uses are considered ethical or appropriate in varying degrees.
How it works
Keylogging,
formally called “keystroke logging,” is exactly what it sounds like:
It’s when a user’s keystrokes on a computer, tablet, or phone are
recorded and tracked. This is sometimes done in an IT monitoring
environment, or for studying human-computer interaction. Even Windows 10
has a creepy keylogger, to collect your info for… reasons. Fortunately,
you can turn it off.
They’re also used by law enforcement. The FBI brought down Philadelphia mob boss Nicodemo Scarfo Jr. in 1999 when it installed the Magic Lantern keylogger via a Trojan. The spyware recorded his every keystroke, which the Feds were able to use to piece together their case. In 2007, the DEA used a keylogger to take down an MDMA (Ecstasy) lab.
But
keylogging is more commonly done for nefarious reasons—without the
user’s consent or knowledge that everything they type is being
surveilled, and saved for later by whoever is spying on them.
Know the reasons for Keylogging
There are two primary reasons for key logging:
- Monitoring purposes for children, employees, etc.
- Devious purposes for stealing information
Types of keyloggers
A hardware-based keylogger is a small device that serves as a
connector between the computer keyboard and the computer. The device is
designed to resemble an ordinary keyboard PS/2 connector, part of the computer cabling or a USB adaptor, making it relatively easy for someone who wants to monitor a user's behavior to hide such a device.
Most workstation keyboards also plug into the back of the computer,
keeping the connections out of the user's line of sight. A hardware
keylogger may also come in the form of a module that is installed inside
the keyboard itself. When the user types on the keyboard, the keylogger
collects each keystroke and saves it as text in its own miniature hard drive, which may have a memory
capacity of up to several gigabytes. The person who installed the
keylogger must later return and physically remove the device in order to
access the information that has been gathered. There are also wireless
keylogger sniffers that can intercept and decrypt data packets being transferred between a wireless keyboard and its receiver.
A keylogging software program Bottom of Form does not require
physical access to the user's computer for installation. It can be
downloaded on purpose by someone who wants to monitor activity on a
particular computer, or it can be malware downloaded unwittingly and executed as part of a rootkit or remote administration Trojan (RAT). The rootkit can launch and operate stealthily in order to evade manual detection or antivirus scans.
A common keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file that does all the recording and an executable file
that installs the DLL file and triggers it to work. The keylogger
program records each keystroke the user types and uploads the
information over the internet periodically to whoever installed the
program. There are many other ways that keylogging software can be
designed to monitor keystrokes, including hooking keyboard APIs to
another application, malicious script injection or memory injection.
Some keylogging programs may include functionality for recording
user data besides keystrokes, such as capturing anything that has been
copied to the clipboard and taking screenshots of the user's screen or a
single application
How do Keyloggers hack your data?
Keyloggers use hardware and software that is added to your computer.
When you visit a fake website or open an email attachment with malware
attached, it is automatically downloaded to your computer or device
without your knowledge. Even if a pop-up shows and you click cancel, it
could download the file.
Once the program starts running in the background, the thieves can
ultimately see everything you do. In most cases, it will catch
everything you type and will send it to the hacker periodically. Of
course, you’ll probably use your computer to type harmless memos, emails
and other things, but you will also use it to check financial accounts,
such as bank accounts, paypal.com, credit cards and more.
They can easily find your login information and use it however they
want. They can even change the login information to lock you out of your
systems.
Detection, prevention and removal
As there are various types of keyloggers that use different
techniques, no single detection or removal method is considered the most
effective.
Antikeylogger software is designed specifically to scan for
software-based keyloggers, by comparing the files on a computer against a
keylogger signature base or a checklist of common keylogger attributes.
Using an antikeylogger can be more effective than using an antivirus or
antispyware program, as the latter may identify a keylogger as a
legitimate program instead of spyware.
Depending on the technique the antispyware application uses, it can
possibly locate and disable keylogger software with lower privileges
than it has. Use of a network monitor will ensure the user is notified
each time an application tries to make a network connection, giving a
security team the opportunity to stop any possible keylogger activity. Application whitelisting can also be used to allow only documented, authorized programs to run on a system.
While visual inspection can be used to identify hardware keyloggers,
it is impractical and time-consuming to implement on a large scale.
System cages that prevent access to or tampering with USB and PS/2 ports
can be added to the user's desktop setup. Extra precautions include
using a security token as part of two-factor authentication (2FA) to ensure an attacker cannot use a stolen password alone to log in to a user's account, or using an onscreen keyboard and voice-to-text software to circumvent using a physical keyboard.
This comment has been removed by the author.
ReplyDelete