Key logging and countermeasures

Discussion in 'other security issues & news' started by spy1, Apr 24, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Maintaining a secure network environment requires you to address an ever expanding range of vulnerabilities. Spending too much time and energy on one area can blind you to loopholes in another. There are some frightening developments in the arena of information gathering, such as keystroke-capturing devices.

    A keystroke-capturing device is a small hardware device that is attached to a computer system without the knowledge of the intended victim. Usually they are attached between the computer case and the keyboard connector and are so small that most of us would not even notice their presence.

    For example, take a look at the Key Katcher at ThinkGeek. This small round connector is not even two inches long. It makes no changes to the computer's functionality and is impossible to detect with software. It only takes three seconds to install and can capture 65,000 keystrokes. Once you retrieve it, just attach it to another system and enter your password into a text document to launch the internal control tool to extract the contents, such as usernames and passwords. Plus, anyone that walks through your office regularly can plan and retrieve this without being noticed.

    Fortunately, there are countermeasures to this device -- biometrics. If you do not rely exclusively on passwords for account authorization, a key-logging device will do a potential thief little good. One biometric you can deploy immediately without any additional hardware is a keystroke dynamics barrier, such as BioPassword (for Windows NT and 2000 only). This product creates a template of each user's typing rhythm when they enter their username and password. Your typing rhythm is as unique to you as your handwriting, fingerprints and voice. When a user attempts to log on, they are only granted access if their rhythm matches their stored rhythm profile.

    http://searchsystemsmanagement.techtarget.com/tip/0,289483,sid20_gci818626,00.html
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Other effective counter-measures include:
    • fist
    • boot
    • baseball bat
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Actually, there might be an effective software counter to this device....  It picks up electrical signals from the keyboard cable, right?  So it will pick up signals going to the keyboard as well, won't it?

    So how about a small program which does a "running lights" on the keyboard, say, 65k times?

    Voila!  Buffer filled on boot-up!  Device rendered useless!  :)  Hey, Javacool!  I've got another program for you to write!  Hehehehehe!
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Genius! Pure genius!

    (Of course, if your set-up's like mine, you can simply look at the entire length of the keyboard cable [yes, I set it up that way on purpose] to check for any cancerous 'growths' ). Pete
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    That's an interesting idea to look into...

    However (and it's just a minor point) I believe some of these devices only pick up keystrokes or signals to the computer. Also, if by "running lights" you are referring to telling the keyboard to light up the num-lock light (as an example) wouldn't that tend to burn it out given it is being lit 65 k times?  ;)

    -javacool
     
  6. FanJ

    FanJ Guest

    Hm,
    make a machine that hammers 65 k times on the keyboard... eh, maybe not so good idea: by that time your keyboard is gone  ;)

    Seriously: my old MS USB mouse (nothing fancy) does have a small round thing with lenght about 2 cm almost at the end.....
     
  7. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Since it's an older version of the MS USB mouse, I'm assuming that holds the not-so-small (at the time) USB hardware.

    Side note: I don't know what good it would be to log the movement of the mouse, given that what it's clicking on could not be relayed to the device on the mouse cord  :). Of course, combined with screen capture technology, keystroke logging, etc, it might be useful (if all those things could be synchronized...)

    Actually, I think I'll stop talking about it right there, before I give someone an idea...
     
  8. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    As for software keyloggers, why are they so hard to find?  The one certain charactership they have is that they accumulate data.  Software can repeatedly simulate keystrokes, so we can see a steady growth of files or memory allocations while a kl is running.

    Hmm....
     
Loading...
Thread Status:
Not open for further replies.