In one of the earliest examples of cyber-crime fighting, Nicodemo Scarfo Jr, a wellconnected member of the New York and Philadelphia mobs, was brought down by the Magic Lantern keylogger that the FBI installed on his computer via a Trojan. Certainly not be the typical bullets-and-bloodshed take-down of popular imagination, it was still enough to indict him for running an illegal gambling ring and loan sharking. At the time the story raised a number of concerns about computer privacy. Now it serves as a useful reminder that there is a positive side to keylogging. As well as serving the interests of law enforcement agents, keyloggers can help employers maintain productivity by ensuring that staff are working on appropriate projects. They can protect valuable bandwidth, by spotting when unnecessary applications have been downloaded and ensure optimum use of networked resources by encouraging personal web or system use is kept to appropriate levels.
Keyloggers can even be used in the interests of child protection, enabling parents to check their children’s computer activities, while giving those children a degree of independence and privacy. Keyloggers and criminals Nonetheless, it is still the darker side to these surveillance technologies that is more familiar to the majority of IT and security professionals. Using keyloggers gives thieves a veil of anonymity: they can plunder the treasuretrove of inter-connected corporate systems and storage devices at will, with very little chance of detection. In the wrong hand therefore, keyloggers can damage business relationships, financial standing, and reputations. They can even cause an organization to breach major pieces of legislation such as European Data Protection and Human Rights Acts, or the Sarbanes Oxley Act in the States.
Using keyloggers gives thieves a veil of anonymity. Nor is it just large corporates that experience keylogging attacks. They may well be the most attractive targets, but individuals’ personal details are at risk from a carefully located keylogger – and far less likely to be adequately protected. In fact, any individual or organization that accesses, inputs or stores valuable information is at risk. Software or hardware
Fortunately, detection is becoming much easier. The attractions of the bigger corporates are tempered by the increasing awareness of IT security managers, who keep machines protected with the latest anti-virus software to prevent Trojans and spyware entering the system in the first place. Should a keylogger slip through the net, standard protection tools that monitor the status of a computer can detect and remove them.
Nicodemo Scarfo was caught out by a Magic Lantern, software keylogger that infected his machine through a Trojan, and this is the way that the majority of keyloggers work. The advantage of the software versions is that they are easy to install – despite the constant warnings, too many people lose the war between curiosity and caution and open up spyware, Trojan or virus-infected files and emails. Software also enables thieves to infect a huge number of machines and gather the data quickly, easily and remotely.
Unfortunately, security managers are locked in a game of one-upmanship with criminals who have followed the lead of the most successful businesses and taken the maxim ‘innovate or die’ to heart. As security measures improve, so criminals find new ways to breach them. In this case that means hardware keyloggers. These devices are much harder to detect than software since they do not install any code onto the machine and cannot be spotted by traditional anti-virus or antispyware tools.
www.insecuremag.com
38