Features

STEALTH IS THE KEY

The victim might eventually notice that the websites they use have last login times that don't correspond to their visits, and even contain offensive posts they never made. Depending on what the author or distributor of the keylogger has in mind, unauthorised charges might begin appearing on the victim's credit cards for goods they didn't order. Prosecution becomes more difficult if the delivery address is in a different part of the world. Because most people only get monthly bank and credit card statements, keylogging fraudsters have a potential window of opportunity of several weeks in which they can avoid detection.

Because of this, it is more important than ever to check email regularly and pay particular attention to emailed receipts from online payment services and commercial websites. The keylogging fraudster's fun doesn't stop there, however. He can sometimes see credentials entered and stored by your web browser before infection ever took place.

A Windows XP keylogger might also have access to data retrieved from part of the system called the Protected Storage Area (PSA). This contains auto-fill data that the user has saved for convenience, including usernames and passwords. The system holds this data securely but, when required, plays it back as if typed in on the keyboard. Any data that populates an input box is open to the keylogger, whether via the keyboard or replayed from the PSA. Tools such as Northwest Performance Software's NetscanTools Pro (tinyurl.com) dramatically show what credentials a keylogger can see by displaying the unencrypted contents of the PSA.

Mozilla Firefox users can breathe

ADVERTISEMENT

a small sigh of relief because this browser does not use the PSA to store credentials and does not suffer from the same bugs as Internet Explorer. However, this mitigates the threat only slightly, because keylogging still catches everything the Firefox user types. Entering key presses by clicking the mouse on an onscreen keypad, such as when using VoIP applications, is also vulnerable to keyloggers that are capable of monitoring virtual keyboards. Data sent over an encrypted https:// link isn't safe either, because keyloggers capture keystrokes at source, before subsequent encryption takes place.

But keyloggers haven't always had such a bad reputation. In fact, they started off with another purpose entirely.

TESTING TIMES DETECTING CRIMES

Originally, keyloggers were programs designed to capture everything about the way people used software packages during development and testing. Capturing exactly what a tester was doing when a problem occurred saves debugging time later by removing the need to rely on faulty human recall. In testing multi-user software, timing might be crucial too, so exact information is important in re-creating the circumstances that led to a problem. Replaying the tester's actions can instantly replicate the original conditions to test subsequent bug-fixing. GUI designers also need to know how people use software, which functions they use the most and in what order, so they can create and tweak better user interfaces. Beyond this, however, the legitimate use of keylogging seems to have become dubious.

What worries many privacy campaigners is secret keylogging, where the user has no knowledge of such activity. The number of available packages has soared in recent years, as has their use, including by home users. As parents gain better practical understanding of computers and the potential risks to their children, some have started to monitor their children's online lives, ostensibly to keep them from harm. A quick web search shows that perfectly legitimate, commercial keylogging software is freely available for download. What's more, the UK's Misuse of Computers Act says nothing against keylogging on a computer you own, unless you use the information you gather to commit crimes such as fraud, or to break into and damage a system you don't own.