Keystroke Logging

From Computing and Software Wiki

Revision as of 21:21, 12 April 2009 by Shukrim (Talk)
Jump to: navigation, search

Keystroke logging commonly refers to the practice of logging (or storing) keystrokes, mouse events, and clipboard contents.

Most importantly, various login names, passwords, and other keystrokes can be recorded, in which important data such as credit card or banking information can be leaked out. The history of key logging is relative to the ease at which a computer can become infected; a user can simply visit the wrong website and become infected. Therefore, as users become more dependant on the accessibility of online networking, new security measures must be taken to accommodate for the risks involved with the convenience.

Steps in an Attack

Keystroke loggers can be applied using three different methods: software, hardware, or kernel-driven applications. Information collected from key logging typically include host-names, IP addresses, and GUID (globally unique identifiers).


Contents

History

Trojans, electronic spying, remote-computer monitoring, viruses, horses, and of course, keystroke logging, are all various threats openly available to everyone who uses computers; from gurus to illiterates. The question now lies on how well a user is protected against threats and attacks from malicious users. Hackers all around the world usually tend to communicate through the internet. Many have come together and formed their own websites that provide information about the world from the hackers’ point of view. One such site is www.antionline.com, another www.attrition.org. Even a site such as this, one created by hackers, for hackers, has been hacked at some point. Ever since the site teamed up with law enforcement officials, the site has been an outreach to hacking. They have been breached by some means so many times that logs have actually been posted of attempted hacks and threats.

Keystroke logging (or keylogging), has been a steal-string concept used ever since computers were first invented, and is continually growing as technology advances. It can be used in both a negative and position aspect. For example, its idea can be useful in law enforcement as it provides a way to unlock passwords and encryption keys.

Historic Example: PGP Case

FBI officials have used the technique to gather evidence, such as the PGP case. In this example, the FBI needed a password in order to decrypt coded files that allegedly contained records of illegal gambling and loan-sharking operations. So FBI officials decided to break into the son of the illicit Philadelphia mob boss’s business, and put a program on his computer (or perhaps an electronic bug in his keyboard) to record all the keystrokes. This is just one example of a historic case in which key logging was used to promote a positive gain.

Therefore, many different types of risks and security threats are faced online today. Cryptography can serve as an aid for protection against such threats, including Keystroke Logging.


Protection

If you change the way you think, you’ll change the way you act. If you change the way you act, you’ll be able to change the way others act. If you change the way others act, you can help change the world, one person at a time (Wally, 2).

There are many ways to protect a user from becoming a victim of a key logged attempt. Firstly, you need to be aware of the kind of threats your up against, be it software, hardware, or kernel-based. Usually people protect themselves against software-based log attempts, as these are the most common. That being said, discussion will be based upon software-based applications. Firstly, it is advised not to use Internet Explorer. Programs such as Firefox, Google Chrome, Netscape, and Opera can be used as alternatives to IE. The IE browser is no longer recommended due to the level of danger and risk involved in its threats. Major organizations are no longer suggesting that users merely download the latest patches, check their security settings for IE. Secondly, invest in an anti-virus program and keep its definitions up-to-date. In addition, installing an anti-spyware program as well as a firewall also aids in increased protection. However, when an individual wants to access their online banking on a public computer, he/she may not be able to scan the computer for any keystroke logging devices; therefore you must make sure your naviagtion is based on some form of encryption: See Case Study.


References

See Also

External Links

Personal tools