More Tales From The CryptMore Tales From The Crypt

Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........

Randy George, Director, IT Operations, Boston Red Sox

June 11, 2009

2 Min Read
information logo in a gray background | information

Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........A KEYLOGGER!

I know what you're thinking, why didn't a simple virus or spyware scan detect the keylogger? Before answering that question, it helps to understand why some keyloggers are so difficult to detect. Some software based keyloggers are easy to discover. Someone with some Win32 skill could easily tap into several functions exposed in various Windows API's to record keystoke events. Problem here is that you typically need to poll each key at a relatively fast frequency for this technique to work. Multiply an aggresive polling interval by all of the keys on a typical 101 button keyboard, and you're going to see a noticable CPU hit, which is probably enough to tip off the victim pretty quickly.

Other spyware based keyloggers do the job a tad more intelligently by hooking into the OS and subscribing to keyboard events more passively, but other keyloggers, such as the infamous WebWatcher keylogger, run at the kernel level. WebWatcher is particularly nefarious because its hides its payload so well. No detectable registry keys, running processes or services. Some spyware tools pick up on WebWatcher, but they might call it something else and definitely won't be able to remove it (if you know of one that does please let me know which one).

In the case of my friend, the keylogger wasn't software based at all, it was actually an inline hardware keylogger dongol, and I found it accident while popping a thumb drive into the back of his PC. There's no defense to my knowledge from a hardware keylogger, a favorite tool among law enforcement and a great tool for forensics. You can buy them anywhere online, just google "hardware keylogger". The indexing and searching capabilities built into some of these buggers are impressive to say the least, and with storage support ranging from several MB to several GB's, theses devices can compile a ton of data that can be discovered and used against you pretty quickly.

The moral of the story....if your enemy plants one of these suckers on you, you're toast. Say sayanora (goodbye), arrivaderci (goodbye), adios (you know).

Read more about:

20092009

About the Author

Randy George

Randy George

Director, IT Operations, Boston Red Sox

Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular information and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a senior-level systems analyst and network engineer in the professional sports industry. Randy holds various professional certifications from Microsoft, Cisco and Check Point, a BS in computer engineering from Wentworth Institute of Technology and an MBA from the University of Massachusetts Isenberg School of Management.

See more from Randy George
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports