Post by justfacts on Sept 16, 2005 9:13:45 GMT -5
Did you know that it easy to get a record of all the key presses that you recently did on your PC?
Worse yet, if you used a School or Library or other public access PC, all your private information may have been stolen?
This information is supplied from an e-mail I recently sent. I think it might be useful to all Plainedge residents.
Now to the topic: Key Stroke captures! There are two ways this is done. One by software and one by hardware.
The software ways are by programs loaded into PCs at the PC itself. One puts a floppy or CR-ROM into the PC and transfers capture software into the PC. Then, as keys are pressed by the user to enter passwords, account numbers, social security numbers and etc., the PC copies these keystrokes into a separate file as well as using them to operate the user program.
Later, the one who loaded the capture program into the PC can access the file (remotely if the PC is networked, or locally) and read out the string of keystrokes to analyze it for the data wanted. Data can also be transferred to a floppy or, in new PCs, to a USB "thumbdrive" for later analysis and duplication.
The weakness of the software keystroke capture programs is, since they reside in the PC memory devices, another detection program can be used to find them. These keyboard capture detection programs can also be designed to prevent the capture programs from working. This means that in a properly designed and maintained PC system, the capture program's threat to user data can be curtailed, much like a virus can be curtailed.
However, hardware capture devices can also be used. They are inserted in the connection line between the PC and its keyboard. Other than detection by its physical presence, it is undetectable by the PCs software or any other detection program loaded into the PC. I have such devices that I've used in lectures to audiences comprised of Public PC providers. (Libraries, schools, service centers, etc.) The need for diligence against the illegal use of these legal devices can not be over emphasized! They can be bought for $30 to $70, depending on keystroke storage capacity.
I've even sat at a desk in a bank and while the bank official went away to get forms for my use, I inserted one such keycapture device into their PC at the desk. At the end of our work session I pushily asked to use their PC a moment, and then proceeded to recall the keystrokes that they had just used on my new account forms. It was all there, my Social Security number, my PIN, my account number and the details of the account balance. Of course, I showed the device to her and removed it (it still retained the captured data in its memory) - - - after I got her to call the Bank manager and also show him what was done.
We had his assurance that physical access the bank's PCs would be blocked and that a regular visual inspection would be made for hardware keyboard capture devices. The same manager and official are no longer at that bank branch due to promotions, and the PCs have also been upgraded, so I have little confidence that preventative measures are still in place.
Boy!, that would be some economic opportunity for me if I was so inclined! Imagine, a day or two's transactions on many accounts - - - what a great amount of Property tax coverage that could provide! ;D
I became a lecturer on these devices because of the public access PCs provided at local libraries. They are all susceptible to the illegal use of these devices, yet few users are aware or concerned about them. I believe this would be a good topic to present to the public at schools and libraries, But, outside of my own endeavors at the Bethpage Library and Briacliff college, there seems to be little interest in the topic.
Any further questions or details, just ask!
Worse yet, if you used a School or Library or other public access PC, all your private information may have been stolen?
This information is supplied from an e-mail I recently sent. I think it might be useful to all Plainedge residents.
Now to the topic: Key Stroke captures! There are two ways this is done. One by software and one by hardware.
The software ways are by programs loaded into PCs at the PC itself. One puts a floppy or CR-ROM into the PC and transfers capture software into the PC. Then, as keys are pressed by the user to enter passwords, account numbers, social security numbers and etc., the PC copies these keystrokes into a separate file as well as using them to operate the user program.
Later, the one who loaded the capture program into the PC can access the file (remotely if the PC is networked, or locally) and read out the string of keystrokes to analyze it for the data wanted. Data can also be transferred to a floppy or, in new PCs, to a USB "thumbdrive" for later analysis and duplication.
The weakness of the software keystroke capture programs is, since they reside in the PC memory devices, another detection program can be used to find them. These keyboard capture detection programs can also be designed to prevent the capture programs from working. This means that in a properly designed and maintained PC system, the capture program's threat to user data can be curtailed, much like a virus can be curtailed.
However, hardware capture devices can also be used. They are inserted in the connection line between the PC and its keyboard. Other than detection by its physical presence, it is undetectable by the PCs software or any other detection program loaded into the PC. I have such devices that I've used in lectures to audiences comprised of Public PC providers. (Libraries, schools, service centers, etc.) The need for diligence against the illegal use of these legal devices can not be over emphasized! They can be bought for $30 to $70, depending on keystroke storage capacity.
I've even sat at a desk in a bank and while the bank official went away to get forms for my use, I inserted one such keycapture device into their PC at the desk. At the end of our work session I pushily asked to use their PC a moment, and then proceeded to recall the keystrokes that they had just used on my new account forms. It was all there, my Social Security number, my PIN, my account number and the details of the account balance. Of course, I showed the device to her and removed it (it still retained the captured data in its memory) - - - after I got her to call the Bank manager and also show him what was done.
We had his assurance that physical access the bank's PCs would be blocked and that a regular visual inspection would be made for hardware keyboard capture devices. The same manager and official are no longer at that bank branch due to promotions, and the PCs have also been upgraded, so I have little confidence that preventative measures are still in place.
Boy!, that would be some economic opportunity for me if I was so inclined! Imagine, a day or two's transactions on many accounts - - - what a great amount of Property tax coverage that could provide! ;D
I became a lecturer on these devices because of the public access PCs provided at local libraries. They are all susceptible to the illegal use of these devices, yet few users are aware or concerned about them. I believe this would be a good topic to present to the public at schools and libraries, But, outside of my own endeavors at the Bethpage Library and Briacliff college, there seems to be little interest in the topic.
Any further questions or details, just ask!