How THEY know what you're doing on your PC (Part 1)
David Coursey,
Executive Editor, AnchorDesk
Thursday, January 3, 2002
I don't want you to get the wrong idea, but I am afraid you will anyway. Just because I've spent the last few days studying keystroke loggers--hardware and software that allow you to spy on what someone's doing on their computer--doesn't mean I've actually put one of these stealth devices to work against anyone. Nor would I. After all, I've read a few books about weapons of mass destruction, too, but...never mind, I don't even want to go there.
Keystroke loggers have their place--if not in espionage, certainly in law enforcement. Knowing about their use, and abuse, is just part of being a savvy computer user or system administrator. Then again, you just might be someone who's concerned that a boss is electronically looking over your shoulder.
So don't think of me as a subversive. Think of this as a self-defense column, and everything will be fine.
GLAD WE'VE GOT that settled, because if someone were to find an Allen Concepts KeyKatcher lying around my office, they'd probably get the wrong idea. You see, KeyKatcher is a little hardware gizmo about the size of your thumb that installs between your PC and your keyboard. Depending on the model, it costs anywhere from $49.95 to $149.95--not much as peripherals go.
But it's not just any little ad-on. This is actually a secret agent.
Once it's in place, KeyKatcher will capture the first 8 to 64KB of keystrokes entered on the PC. This grab, which ranges from roughly 4 to 32 pages of typed data, includes user names, passwords, Web addresses, and literally everything else the user types.
Because it's a hardware device, the KeyKatcher isn't susceptible to discovery by any of the anti-spyware applications. Nor will an antivirus or desktop security program catch it. And it runs independently of the operating system. That makes it pretty stealthy, unless you happen to see the device sitting there, plugged into the back of your computer, in which case it's hard to miss.
But add a little heat-shrink tubing to turn the keyboard connector and KeyKatcher into a single unit, and most people would be fooled. Unless the "victim" happens to compare one keyboard cable to another, he or she is unlikely to be any the wiser that KeyKatcher is installed.
I WILL PAUSE this column now for the benefit of readers who want to crawl under their desks and see if anything funny is sticking out of their PC's keyboard socket. You can see a picture of the KeyKatcher here, so don't confuse it with the adapter used to connect a USB keyboard to a PS/2 keyboard port on the computer, OK? (KeyKatcher actually doesn't work on USB keyboards, anyway.)
KeyKatcher works by combining a microcontroller with non-volatile memory. When the user/victim presses a key on his or her keyboard, the keystroke is recorded into the KeyKatcher's memory before being sent on to the computer.
Since the memory is non-volatile, the recorded keystrokes remain on the KeyKatcher until you erase them, allowing the snoop to remove it from the PC being watched and then download the captured keystrokes to another machine for analysis.
ONE SIGNIFICANT DOWNSIDE, or at least something to remember, is that the device captures only the first 8 to 64KB of keystrokes (there are three models) it sees, and then stops recording. If I were a spook, a narc, or a fed, I'd prefer selectable record modes--one that stops when the memory fills and another that erases as it goes, saving only the most current keystrokes. That way, you could see what the victim/user/subject had been doing just before the machine was turned off, or immediately before you retrieved the KeyKatcher device.
Then again, there's the KeyKatcher Pro, a specially manufactured keyboard with 128KB of Flash memory built in along with a clock, so that all the recorded keystrokes are stamped with the time and date they took place.
The KeyKatcher Pro keyboard sells for $199, and while it does more, it's not very sneaky: Most people would notice a new keyboard installed during their lunch hour, though they would probably not be able to immediately figure out what makes the KeyKatcher Pro different from their old keyboard.
On Thursday's AnchorDesk radio program, I will talk with companies that sell keystroke loggers, both hardware and software. You can hear this live at noon PT or on-demand at AnchorDesk's home page beginning later in the afternoon.
In tomorrow's column, I'll discuss keystroke logging software and effective counter-measures to prevent snooping, along with why you might want to use the software to monitor your own machine. So stay tuned for Part 2.
zdnet.com |
