Keystroke logging

Keystroke loggers (or keyloggers) represent an insidious threat to computer users that continues to increase. They work by recording the sequence of key-strokes that a user types in. The more sophisticated versions use filtering mechanisms to only record highly prized information such as email addresses, passwords and credit card number sequences.

Keyloggers come in many shapes and sizes with different capabilities. However, the wide selection on the market can be broken down into either hardware keyloggers or software keyloggers:

• Hardware keyloggers can be external, meaning they are plugged into a port on the computer; and internal, meaning a circuit board inside the computer or keyboard. Hardware keyloggers fitted inside a computer are obviously harder to detect than those fitted externally
• Software keyloggers, as their name suggests, are programs that run on a computer and attach themselves to part of the operating system. These may be inadvertently downloaded from a malicious website, installed in a Trojan-horse attack, or via a hacking attack.

Depending on the type of keylogger used, the attacker may recover the stolen data using one of the following techniques:

• Physically removing the device with the stolen data
• Sending the stolen data over an attached network
• Remotely, using wireless technologies such as Bluetooth, Zigbee, GPRS and WiFi

Network administrators should monitor traffic as a matter of routine and should be aware of the risks associated with keyloggers. For information about traffic monitoring please see the networks section and, in particular, read the technical notes "Understanding Firewalls" and "Egress and Ingress Filtering.

Users of keystroke systems should be made aware of hardware and software keyloggers and they should regularly check their machines by looking for changes in physical appearance or broken seals on the casing and by running anti-virus and anti-malware detection programs.