Keystroke logging
Online Advertising
Keystroke logging
Magic Lantern
Keystroke logging (often called keylogging) is a
diagnostic used in
software development that captures the user's keystrokes. It can be
useful to determine sources of error in computer systems. Such systems
are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or
encryption keys and thus bypassing other security measures. However,
keyloggers are widely available on the internet and can be used by
anyone for the same purposes.
Keystroke logging can be achieved by both
hardware and software means. Commercially available systems include devices
which are attached to the keyboard cable (and thus are instantly installable,
but visible if the user makes a thorough inspection) and also devices which can
be installed in keyboards (and are thus invisible, but require some basic
knowledge of soldering to install). Writing software applications for keylogging
is trivial, and like any computer program can be distributed as a trojan horse
or as part of a virus or worm.
It is also said that using an onscreen keyboard is a way to combat these, as it
only requires clicks of the mouse. That is, however, false information, because
a keyboard event message must be sent to the external target program to type
text. Every software keylogger can log the text typed with an onscreen keyboard.
What is not trivial however, is installing a keystroke logger without getting
caught and downloading data that has been logged without being traced. An
attacker that manually connects to a host machine to download logged keystrokes
risks being traced. A Trojan that sends keylogged data to a fixed e-mail address
or IP
address risks exposing the attacker.
Young and Yung devised several methods for solving this problem and presented
them in their 1997 IEEE Security & Privacy paper [YY97] (their paper from '96
touches on it as well). They presented a deniable password snatching attack in
which the keystroke logging Trojan is installed using a virus (or worm). An
attacker that is caught with the virus or worm can claim to be a victim. The
cryptotrojan asymmetrically encrypts the pilfered login/password pairs using the public
key of the Trojan author and covertly broadcasts the resulting ciphertext. They
mentioned that the ciphertext can be steganographically encoded and posted to a
public bulletin board (e.g., Usenet). They also mentioned having the
cryptotrojan unconditionally write the asymmetric ciphertexts to the last few
unused sectors of every writable disk that is inserted into the machine. The
sectors remain marked as "unused". Nowadays this can done using a USB token. So,
the Trojan author may be one of dozens or even thousands of people that are
given the stolen information. Only the Trojan author can decrypt the ciphertext
because only the author knows the needed private decryption key. This attack is
from the field known as Cryptovirology.
The FBI used a keystroke logger to obtain the PGP pass phrase of Nicodemo
Scarfo, Jr.. He plead guilty to running an illegal gambling
operation in 2002. ("Mobster's son pleads guilty of gambling; computer spying
helped seal case" Asssociated Press, 1 Mar 2002) The FBI has also reportedly
developed a trojan-horse-delivered keylogger program known as
Magic Lantern.
References
[YY97] A. Young, M. Yung, "Deniable Password Snatching: On the Possibility of
Evasive Electronic Espionage," IEEE Symposium on Security & Privacy, pages
224-235, May 4-7, 1997.
See also
External links
Home | Up | Keystroke logging | AntiVirus Gold | Bonzi Buddy | C2.LOP | CoolWebSearch | HuntBar | Internet Optimizer | PSGuard | SpyAxe | SpyTrooper | WorldAntiSpy | XXXDial | Zango Messenger | Phone Home | Claria Corporation | Cydoor | New.net
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|