Keystroke logging

Keystroke loggers represent an insidious threat to computer users that continues to increase. They work by recording the sequence of key-strokes that a user types in. More highly-developed keystroke loggers only record keystroke sequences such as email addresses and passwords.

There are two forms of keystroke loggers - a hardware device or a software keystroke logger. The hardware device may be plugged into the back of the computer or keyboard, or it could be inside the computer itself. Logging devices fitted inside a computer are obviously harder to detect. Software keystroke loggers may be inadvertently downloaded from a malicious website, installed in a Trojan-horse attack, or via a hacking attack.

The stolen data can be recovered by physically removing the device or by sending traffic over a network. Network administrators should monitor traffic as a matter of routine and should be aware of the risks associated with keystroke loggers.

For information about traffic monitoring please see the networks section and, in particular, read the technical notes "Understanding Firewalls" and "Egress and Ingress Filtering".

Users of keystroke systems should be made aware of hardware keystroke loggers and they should regularly check their machines by looking for changes in physical appearance or broken seals on the casing and by running anti-virus and anti-malware detection programs.