09-Keyloggers - Department of Electrical Engineering and

advertisement
University of Central Florida
Eng. Hector M Lugo-Cordero, MS
CIS4361
Department of Electrical Engineering and
Computer Science
February, 2012
What is keystroke logging?
 A keylogger is a program that runs in the background or hardware,
recording all the keystrokes. Once keystrokes are logged, they are
hidden in the machine for later retrieval, or shipped raw to the
attacker
 Attacker checks files carefully in the hopes of either finding
passwords, or possibly other useful information.
What is keystroke logging?
 Key loggers, as a surveillance tool, are often used by
employers to ensure employees use work computers for
business purposes only
 Such systems are also highly useful for law enforcement
and espionage
 Keystroke logging can be achieved by both hardware
and software means.
The good, the bad and the ugly
 Good: companies can monitor the
productivity of an employee, also useful for
software developing.
 Bad: Espionage
 Ugly: External hardware can be caught
easily and software installation without
user noticing is hard.
Hardware key loggers
Come in three types:
 Inline devices that are attached to the keyboard
cable
 Devices which can be installed inside standard
keyboards
 Replacement keyboards that contain the key
logger already built-in
Some hardware keyloggers
 Hardware KeyLogger Stand-alone Edition
a tiny hardware device that can be attached in between
a keyboard and a computer.
 Hardware KeyLogger Keyboard Edition
looks and behaves exactly like a normal keyboard, but it
keeps a record of all keystrokes typed on it.
 KeyGhost Hardware Keylogger
a tiny hardware device that can be attached in between
a keyboard and a computer.
 KeyKatcher Keystroke Logger
a tiny hardware device that can be attached in between
a keyboard and a computer.
Keylogger
The Hardware KeyLogger™ Stand-alone Edition is a
tiny hardware device that can be attached in between a
keyboard and a computer. It keeps a record of all
keystrokes typed on the keyboard. The recording process
is totally transparent to the end user. The keystrokes can
only be retrieved by an administrator with a proper
password.
BEFORE
AFTER
Hardware KeyLoggerTM
Keyboard Edition
The Hardware KeyLogger™ Keyboard Edition looks and
behaves exactly like a normal keyborad, but it keeps a
record of all keystrokes typed on it. The recording process
is totally transparent to the end user. The keystrokes can
only be retrieved by an administrator with a proper
password.
KeyKatcher
The KeyKatcher is a hardware device to log activity as it is
performed on the keyboard. The device works with any
PS/2 keyboard and is not dependant on the operating
system because there is not any software required for the
manufacture to product to interact with the hardware.
The KeyKatcher records up to 32,000 bytes (keystrokes) in
the 33k model or 64,000 bytes (key strokes) in the 64k
model. Even if the device is unplugged from the keyboard it
will still remember EVERYTHING and you wont lose a
single keystroke.
Interacting with keylogger
Interacting with the Keystroke logger is
simple, it can be done from any PS/2
compatible keyboard/computer. You can take
it off the computer it is on to examine the data
on another computer or perform the audit
from that computer. Enter into a text program.
Type the passphrase which was set, the
menu will be displayed, you can navigate
through the menus by entering typing in the
number corresponding with the command.
Other approaches
There are other approaches to capturing info
about what you are doing.
Some keyloggers capture screens, rather than
keystrokes.
Other keyloggers will secretly turn on video or
audio recorders, and transmit what they capture
over your internet connection.
Software Key Logging
 Easy to implement – code is relatively
normal.
 Hard to install – user can notice the
presence of it.
Problems with installing
a Key Logger
 An attacker that connects to the target to
download the keystrokes risks being
traced.
 A code that sends the information to an
email address risks exposing the attacker.
Secure ways to install a key logger
 Program can be distributed through
viruses and/or worms and attacker can
claim to victim of it if s/he is caught.
 Use cryptography to prevent others from
discovering the content and later decode it
later.
Examples of key loggers
 Magic Lantern
 developed by the FBI
 is installed remotely via email attachment.
 All in One Keylogger Spy Software
 sends encrypted logs to desired email
 tracks all users activity
Examples of key loggers (cont.)
 Wiretap Pro
 specializes in Internet monitoring
 records chats, emails, web sites visited
 Ardamax Keylogger
 monitors user activity in an encrypted way
 data is stored as text or web page
 used to maintain backups or monitor kids.
Defending from a key logger
 Have our computer up to date with:
 Keep net firewall on
 Anti-spywares
 Anti-viruses
 Check USB ports and PS/2
 Check programs installed
 Also we can maintain a practice of using
only the soft keyboard (on screen).
However is not completely secure.
References
 http://www.ardamax.com/
 http://www.keyghost.com/
 http://www.keykatcheruk.co.uk/
 http://www.relytec.com/
 http://www.securitystats.com/
 http://en.wikipedia.org/Key_logger
 http://www.windowsnetworking.com/
 http://www.wiretappro.com/
Questions
Download