keylogger (keystroke logger or system monitor)
what is keylogger?
Key Logging is when your keystrokes are tracked by using software or malware. It can pose a significant threat to your data and is considered a very sneaky way to find out information.
The American television series Mr. Robot introduces its viewers to a lot of hacking attacks, techniques, and tools. Most of it is based on actual methods and hardware, even if it is presented as far easier to do on the show than in real life. One thing the show portrays as a common, almost pedestrian attack technique is keylogging.
You need to know about keylogging, because it really is as common, easy to do, and critical to the success of criminals as it is on the TV show. That’s because the targets of attacks that involve keylogging are, well, just about anyone and everyone. And you wouldn’t even know that it’s happening.
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is also available for use on smartphones, such as Apple's iPhone and Android devices.
Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials and sensitive enterprise data. Keylogger recorders may also be used by employers to observe employees' computer activities, parents to supervise their children's internet usage, users to track possible unauthorized activity on their devices or law enforcement agencies to analyze incidents involving computer use. These uses are considered ethical or appropriate in varying degrees.
How it works
Keylogging, formally called “keystroke logging,” is exactly what it sounds like: It’s when a user’s keystrokes on a computer, tablet, or phone are recorded and tracked. This is sometimes done in an IT monitoring environment, or for studying human-computer interaction. Even Windows 10 has a creepy keylogger, to collect your info for… reasons. Fortunately, you can turn it off.
They’re also used by law enforcement. The FBI brought down Philadelphia mob boss Nicodemo Scarfo Jr. in 1999 when it installed the Magic Lantern keylogger via a Trojan. The spyware recorded his every keystroke, which the Feds were able to use to piece together their case. In 2007, the DEA used a keylogger to take down an MDMA (Ecstasy) lab.
But keylogging is more commonly done for nefarious reasons—without the user’s consent or knowledge that everything they type is being surveilled, and saved for later by whoever is spying on them.
Know the reasons for Keylogging
There are two primary reasons for key logging:
- Monitoring purposes for children, employees, etc.
- Devious purposes for stealing information
Types of keyloggers
A hardware-based keylogger is a small device that serves as a connector between the computer keyboard and the computer. The device is designed to resemble an ordinary keyboard PS/2 connector, part of the computer cabling or a USB adaptor, making it relatively easy for someone who wants to monitor a user's behavior to hide such a device.
Most workstation keyboards also plug into the back of the computer, keeping the connections out of the user's line of sight. A hardware keylogger may also come in the form of a module that is installed inside the keyboard itself. When the user types on the keyboard, the keylogger collects each keystroke and saves it as text in its own miniature hard drive, which may have a memory capacity of up to several gigabytes. The person who installed the keylogger must later return and physically remove the device in order to access the information that has been gathered. There are also wireless keylogger sniffers that can intercept and decrypt data packets being transferred between a wireless keyboard and its receiver.
CLICK HERE TO DOWNLOAD KEYLOGGER pdf
A keylogging software Program Bottom of Form does not require physical access to the user's computer for installation. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer, or it can be malware downloaded unwittingly and executed as part of a rootkit or remote administration Trojan (RAT). The rootkit can launch and operate stealthily in order to evade manual detection or antivirus scans.
A common keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file that does all the recording and an executable file that installs the DLL file and triggers it to work. The keylogger program records each keystroke the user types and uploads the information over the internet periodically to whoever installed the program. There are many other ways that keylogging software can be designed to monitor keystrokes, including hooking keyboard APIs to another application, malicious script injection or memory injection.
Some keylogging programs may include functionality for recording user data besides keystrokes, such as capturing anything that has been copied to the clipboard and taking screenshots of the user's screen or a single application
How do Keyloggers hack your data?
Keyloggers use hardware and software that is added to your computer. When you visit a fake website or open an email attachment with malware attached, it is automatically downloaded to your computer or device without your knowledge. Even if a pop-up shows and you click cancel, it could download the file.
Once the program starts running in the background, the thieves can ultimately see everything you do. In most cases, it will catch everything you type and will send it to the hacker periodically. Of course, you’ll probably use your computer to type harmless memos, emails and other things, but you will also use it to check financial accounts, such as bank accounts, paypal.com, credit cards and more.
They can easily find your login information and use it however they want. They can even change the login information to lock you out of your systems.
Detection, prevention and removal
As there are various types of keyloggers that use different techniques, no single detection or removal method is considered the most effective.
Antikeylogger software is designed specifically to scan for software-based keyloggers, by comparing the files on a computer against a keylogger signature base or a checklist of common keylogger attributes. Using an antikeylogger can be more effective than using an antivirus or antispyware program, as the latter may identify a keylogger as a legitimate program instead of spyware.
Depending on the technique the antispyware application uses, it can possibly locate and disable keylogger software with lower privileges than it has. Use of a network monitor will ensure the user is notified each time an application tries to make a network connection, giving a security team the opportunity to stop any possible keylogger activity. Application whitelisting can also be used to allow only documented, authorized programs to run on a system.
While visual inspection can be used to identify hardware keyloggers, it is impractical and time-consuming to implement on a large scale. System cages that prevent access to or tampering with USB and PS/2 ports can be added to the user's desktop setup. Extra precautions include using a security token as part of two-factor authentication (2FA) to ensure an attacker cannot use a stolen password alone to log in to a user's account, or using an onscreen keyboard and voice-to-text software to circumvent using a physical keyboard.
