What is keystroke logging A keylogger is a

  • Slides: 17
Download presentation
What is keystroke logging? ü A keylogger is a program that runs in the

What is keystroke logging? ü A keylogger is a program that runs in the background or hardware, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker ü Attacker checks files carefully in the hopes of either finding passwords, or possibly other useful information.

What is keystroke logging? ü Key loggers, as a surveillance tool, are often used

What is keystroke logging? ü Key loggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only ü Such systems are also highly useful for law enforcement and espionage ü Keystroke logging can be achieved by both hardware and software means.

The good, the bad and the ugly § Good: companies can monitor the productivity

The good, the bad and the ugly § Good: companies can monitor the productivity of an employee, also useful for software developing. § Bad: Espionage § Ugly: External hardware can be caught easily and software installation without user noticing is hard.

Hardware key loggers Come in three types: Ø Inline devices that are attached to

Hardware key loggers Come in three types: Ø Inline devices that are attached to the keyboard cable Ø Devices which can be installed inside standard keyboards Ø Replacement keyboards that contain the key logger already built-in

Some hardware keyloggers § Hardware Key. Logger Stand-alone Edition § § § a tiny

Some hardware keyloggers § Hardware Key. Logger Stand-alone Edition § § § a tiny hardware device that can be attached in between a keyboard and a computer. Hardware Key. Logger Keyboard Edition looks and behaves exactly like a normal keyboard, but it keeps a record of all keystrokes typed on it. Key. Ghost Hardware Keylogger a tiny hardware device that can be attached in between a keyboard and a computer. Key. Katcher Keystroke Logger a tiny hardware device that can be attached in between a keyboard and a computer.

Keylogger The Hardware Key. Logger™ Stand-alone Edition is a tiny hardware device that can

Keylogger The Hardware Key. Logger™ Stand-alone Edition is a tiny hardware device that can be attached in between a keyboard and a computer. It keeps a record of all keystrokes typed on the keyboard. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password. BEFORE AFTER

Hardware Key. Logger. TM Keyboard Edition The Hardware Key. Logger™ Keyboard Edition looks and

Hardware Key. Logger. TM Keyboard Edition The Hardware Key. Logger™ Keyboard Edition looks and behaves exactly like a normal keyborad, but it keeps a record of all keystrokes typed on it. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password.

Key. Katcher The Key. Katcher is a hardware device to log activity as it

Key. Katcher The Key. Katcher is a hardware device to log activity as it is performed on the keyboard. The device works with any PS/2 keyboard and is not dependant on the operating system because there is not any software required for the manufacture to product to interact with the hardware. The Key. Katcher records up to 32, 000 bytes (keystrokes) in the 33 k model or 64, 000 bytes (key strokes) in the 64 k model. Even if the device is unplugged from the keyboard it will still remember EVERYTHING and you wont lose a single keystroke.

Interacting with keylogger Interacting with the Keystroke logger is simple, it can be done

Interacting with keylogger Interacting with the Keystroke logger is simple, it can be done from any PS/2 compatible keyboard/computer. You can take it off the computer it is on to examine the data on another computer or perform the audit from that computer. Enter into a text program. Type the passphrase which was set, the menu will be displayed, you can navigate through the menus by entering typing in the number corresponding with the command.

Other approaches There are other approaches to capturing info about what you are doing.

Other approaches There are other approaches to capturing info about what you are doing. §Some keyloggers capture screens, rather than keystrokes. §Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

Software Key Logging § Easy to implement – code is relatively normal. § Hard

Software Key Logging § Easy to implement – code is relatively normal. § Hard to install – user can notice the presence of it.

Problems with installing a Key Logger § An attacker that connects to the target

Problems with installing a Key Logger § An attacker that connects to the target to download the keystrokes risks being traced. § A code that sends the information to an email address risks exposing the attacker.

Secure ways to install a key logger § Program can be distributed through viruses

Secure ways to install a key logger § Program can be distributed through viruses and/or worms and attacker can claim to victim of it if s/he is caught. § Use cryptography to prevent others from discovering the content and later decode it later.

Examples of key loggers § Magic Lantern § developed by the FBI § is

Examples of key loggers § Magic Lantern § developed by the FBI § is installed remotely via email attachment. § All in One Keylogger Spy Software § sends encrypted logs to desired email § tracks all users activity

Examples of key loggers (cont. ) § Wiretap Pro § specializes in Internet monitoring

Examples of key loggers (cont. ) § Wiretap Pro § specializes in Internet monitoring § records chats, emails, web sites visited § Ardamax Keylogger § monitors user activity in an encrypted way § data is stored as text or web page § used to maintain backups or monitor kids.

Defending from a key logger § Have our computer up to date with: §

Defending from a key logger § Have our computer up to date with: § Keep net firewall on § Anti-spywares § Anti-viruses § Check USB ports and PS/2 § Check programs installed § Also we can maintain a practice of using only the soft keyboard (on screen). However is not completely secure.

References § http: //www. ardamax. com/ § http: //www. keyghost. com/ § http: //www.

References § http: //www. ardamax. com/ § http: //www. keyghost. com/ § http: //www. keykatcheruk. co. uk/ § http: //www. relytec. com/ § http: //www. securitystats. com/ § http: //en. wikipedia. org/Key_logger § http: //www. windowsnetworking. com/ § http: //www. wiretappro. com/