KEYLOGGER1Dr. Ajay Nagne

Table of Contents2

Introduction

Background and Description

Acceptable uses:

Malicious uses:

Types of Key loggers

Hardware

SoftwareDr. Ajay Nagne

Introduction

Keylogger is a computer program that recordsevery keystroke made by a computer user, togain fraudulent access to passwords and otherconfidential information.

Keylogging is also known as Keystroke logging.

It can also be used to study human–computerinteraction.

There are two basic purpose to use Keyloggers.

To monitor employee performance

To access confidential information

3

Dr. Ajay Nagne

What is keystroke logging?

Key loggers, as a surveillance tool, areoften used by employers to ensureemployees use work computers forbusiness purposes only

Such systems are also highly usefulfor law enforcement and espionageKeystroke logging can be achieved byboth hardware and software means.

Dr. Ajay Nagne

4

Introduction5

Keystroke logging, also known as keylogging, is simplytracking the keys that are struck on a keyboard. Thiscan be done in multiple ways using a wide variety ofhardware devices or software.

The reason for its large threat to networks and theirsecurity is due to its covertness nature.

Most keyloggers show no signs of any intrusion withinthe system allowing for them to gain typedinformation without anyone having knowledge of itsactions except for the user who installed it.

Dr. Ajay Nagne

Introduction6

With the proper keylogger installed on the correctmachine a person could easily gain access to acompany’s entire network infrastructure.

In terms of system critical data or extremelyprivileged information this could cause problems fora vast amount of people very quickly.

Throughout the remainder of this paper I willcontinue to give a background description ofkeyloggers, provide you with methods for usingthem, compare different types of keyloggers, andanalyze any issues that may arise from keyloggerusage. Dr. Ajay Nagne

Keystroke Loggers

Keystroke loggers

Monitor and record keystrokes

Can be software or hardware devices

Sometimes used by companies to track employees’ use of e-mail and the Internet

Can be used for malicious purposes

Some antivirus and antispyware programs protect against software keystroke loggers

Dr. Ajay Nagne

7

Background and Description:8

The only thing we can know for sure is that we willnever know an exact date or an exact person topinpoint the invention of keyloggers on.

They have existed and have been used for many years. Keyloggers first appeared on the scene in the late 80’s

and early 90’s. One of the earliest keyloggers waswriting by a man named Perry Kivolowitz.

He posted his source code to net.unix-wizards,net.sources on November 17, 1983.

The program basically operated by locating characterlists, or clists, as they were being built by the Unixkernel.

Dr. Ajay Nagne

Background and Description:9

Keyloggers have a wide variety of uses and can beeither hardware-based or software-based. Themain purpose is to log everything that is typed ona keyboard and store it in text files for laterassessment.

Everything that is typed will be logged; thisincludes sensitive information such as passwords,names, pin numbers, and even credit cardnumbers.

While keyloggers have many acceptable uses theyalso have many malicious uses.

Dr. Ajay Nagne

Acceptable uses:10

Parent monitoring child’s computer usage

Boss monitoring employee’s computerusage

Government retrieving informationpertinent to a crime

Dr. Ajay Nagne

Malicious uses:11

Cracking passwords

Gaining unauthorized information

Stealing credit card numbers

Reading sent emails or messages not intended for public viewing

Retrieving secret names

Stealing account numbersDr. Ajay Nagne

Types of Keyloggers

There are different types of Keyloggersdivided into two main groups. Hardware Keyloggers

Software Keyloggers

Dr. Ajay Nagne

12

Hardware Keyloggers

Hardware Keyloggers are small electronic devices used forcapturing the data in between a keyboard device and I/Oport.

Usually these devices have built in memory where theystore the keystrokes so this means they must be retrievedby the person who installed it in order to obtain theinformation.

Hardware Keyloggers are undetectable by anti-viralsoftware or scanners since it works on the hardwareplatform

13

Dr. Ajay Nagne

Hardware key loggers

Come in three types:

Inline devices that are attached to the keyboard cable

Devices which can be installed inside standard keyboards

Replacement keyboards that contain the key logger already built-in

Dr. Ajay Nagne

14

Some hardware keyloggers

Hardware KeyLogger Stand-alone Edition a tiny hardware device that can be attached in between a keyboard and a computer.

Hardware KeyLogger Keyboard Edition looks and behaves exactly like a normal keyboard, but it keeps a record of all keystrokes typed on it.

KeyGhost Hardware Keyloggera tiny hardware device that can be attached in between a keyboard and a computer.

KeyKatcher Keystroke Logger a tiny hardware device that can be attached in between a keyboard and a computer.

Dr. Ajay Nagne

15

http://www.amecisco.com/hkstandalone.htmhttp://www.amecisco.com/hkkeyboard.htmhttp://www.keyghost.com/http://keystroke-loggers.staticusers.net/

Keylogger

The Hardware KeyLogger™ Stand-aloneEdition is a tiny hardware device that can beattached in between a keyboard and acomputer.

It keeps a record of all keystrokes typed on thekeyboard. The recording process is totallytransparent to the end user. BEFORE AFTER

• The keystrokes canonly be retrieved by anadministrator with aproper password. Dr. Ajay Nagne

16

Hardware KeyLoggerTMKeyboard Edition

The Hardware KeyLogger™ Keyboard Edition looks and behaves exactly like a normal keyborad, but it keeps a record of all keystrokes typed on it. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password.

Dr. Ajay Nagne

17

KeyKatcher

The KeyKatcher is a hardware device to log activity as it is performed on the keyboard. The device works with any PS/2 keyboard and is not dependant on the operating system because there is not any software required for the manufacture to product to interact with the hardware.

The KeyKatcher records up to 32,000 bytes (keystrokes) in the 33k model or 64,000 bytes (key strokes) in the 64k model. Even if the device is unplugged from the keyboard it will still remember EVERYTHING and you wont lose a single keystroke.

Dr. Ajay Nagne

18

Interacting with keylogger

Interacting with the Keystroke logger is simple, it can be done from any PS/2 compatible keyboard/computer. You can take it off the computer it is on to examine the data on another computer or perform the audit from that computer. Enter into a text program. Type the passphrase which was set, the menu will be displayed, you can navigate through the menus by entering typing in the number

corresponding with the command.

Dr. Ajay Nagne

19

Other approaches

There are other approaches to capturing info about what you are doing.

Some keyloggers capture screens, rather than keystrokes.

Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

Dr. Ajay Nagne

20

Software Key Logging

Easy to implement – code is relatively normal.

Hard to install – user can notice the presence of it.

Dr. Ajay Nagne

21

Problems with installing a Key Logger

An attacker that connects to the target to download the keystrokes risks being traced.

A code that sends the information to an email address risks exposing the attacker.

Dr. Ajay Nagne

22

Secure ways to install a key logger

Program can be distributed through viruses and/or worms and attacker can claim to victim of it if s/he is caught.

Use cryptography to prevent others from discovering the content and later decode it later.

Dr. Ajay Nagne

23

Examples of key loggers

Magic Lantern

developed by the FBI

is installed remotely via email attachment.

All in One Keylogger Spy Software

sends encrypted logs to desired email

tracks all users activity

Dr. Ajay Nagne

24

Examples of key loggers (cont.)

Wiretap Pro

specializes in Internet monitoring

records chats, emails, web sites visited

Ardamax Keylogger

monitors user activity in an encrypted way

data is stored as text or web page

used to maintain backups or monitor kids.

Dr. Ajay Nagne

25

Defending from a key logger

Have our computer up to date with: Keep net firewall on

Anti-spywares

Anti-viruses

Check USB ports and PS/2

Check programs installed

Also we can maintain a practice of using only the soft keyboard (on screen). However is not completely secure.

Dr. Ajay Nagne

26

27

Thank You . . . . . !

Dr. Ajay Nagne