University of Central Florida Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 What is keystroke logging? A keylogger is a program that runs in the background or hardware, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker Attacker checks files carefully in the hopes of either finding passwords, or possibly other useful information. What is keystroke logging? Key loggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only Such systems are also highly useful for law enforcement and espionage Keystroke logging can be achieved by both hardware and software means. The good, the bad and the ugly Good: companies can monitor the productivity of an employee, also useful for software developing. Bad: Espionage Ugly: External hardware can be caught easily and software installation without user noticing is hard. Hardware key loggers Come in three types: Inline devices that are attached to the keyboard cable Devices which can be installed inside standard keyboards Replacement keyboards that contain the key logger already built-in Some hardware keyloggers Hardware KeyLogger Stand-alone Edition a tiny hardware device that can be attached in between a keyboard and a computer. Hardware KeyLogger Keyboard Edition looks and behaves exactly like a normal keyboard, but it keeps a record of all keystrokes typed on it. KeyGhost Hardware Keylogger a tiny hardware device that can be attached in between a keyboard and a computer. KeyKatcher Keystroke Logger a tiny hardware device that can be attached in between a keyboard and a computer. Keylogger The Hardware KeyLogger™ Stand-alone Edition is a tiny hardware device that can be attached in between a keyboard and a computer. It keeps a record of all keystrokes typed on the keyboard. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password. BEFORE AFTER Hardware KeyLoggerTM Keyboard Edition The Hardware KeyLogger™ Keyboard Edition looks and behaves exactly like a normal keyborad, but it keeps a record of all keystrokes typed on it. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password. KeyKatcher The KeyKatcher is a hardware device to log activity as it is performed on the keyboard. The device works with any PS/2 keyboard and is not dependant on the operating system because there is not any software required for the manufacture to product to interact with the hardware. The KeyKatcher records up to 32,000 bytes (keystrokes) in the 33k model or 64,000 bytes (key strokes) in the 64k model. Even if the device is unplugged from the keyboard it will still remember EVERYTHING and you wont lose a single keystroke. Interacting with keylogger Interacting with the Keystroke logger is simple, it can be done from any PS/2 compatible keyboard/computer. You can take it off the computer it is on to examine the data on another computer or perform the audit from that computer. Enter into a text program. Type the passphrase which was set, the menu will be displayed, you can navigate through the menus by entering typing in the number corresponding with the command. Other approaches There are other approaches to capturing info about what you are doing. Some keyloggers capture screens, rather than keystrokes. Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection. Software Key Logging Easy to implement – code is relatively normal. Hard to install – user can notice the presence of it. Problems with installing a Key Logger An attacker that connects to the target to download the keystrokes risks being traced. A code that sends the information to an email address risks exposing the attacker. Secure ways to install a key logger Program can be distributed through viruses and/or worms and attacker can claim to victim of it if s/he is caught. Use cryptography to prevent others from discovering the content and later decode it later. Examples of key loggers Magic Lantern developed by the FBI is installed remotely via email attachment. All in One Keylogger Spy Software sends encrypted logs to desired email tracks all users activity Examples of key loggers (cont.) Wiretap Pro specializes in Internet monitoring records chats, emails, web sites visited Ardamax Keylogger monitors user activity in an encrypted way data is stored as text or web page used to maintain backups or monitor kids. Defending from a key logger Have our computer up to date with: Keep net firewall on Anti-spywares Anti-viruses Check USB ports and PS/2 Check programs installed Also we can maintain a practice of using only the soft keyboard (on screen). However is not completely secure. References http://www.ardamax.com/ http://www.keyghost.com/ http://www.keykatcheruk.co.uk/ http://www.relytec.com/ http://www.securitystats.com/ http://en.wikipedia.org/Key_logger http://www.windowsnetworking.com/ http://www.wiretappro.com/ Questions