Defending against Keyloggers

“What is a key logger?”

Key loggers are devices or programs designed to record every keystroke that you make onto a computer keyboard to allow for continuous monitoring of computer usage.

They are often known as keystroke recorders or just keyloggers.

“Why do people use them?”

Key loggers are deployed for a number of reasons. The primary goal of a key logger deployment is to capture sensitive information such as a computer user’s account name and password (usually their e-mail) as well as any activity they perform on a particular computer.

The most common scenarios are:

  • The “Jealous Lover” Scenario (LOVEINT)
  • A Private Investigator in a divorce case
  • Concerned and Watchful Parents
  • Cybercrime
  • Police Investigations
  • Intelligence Operations
  • Criminals collecting intelligence on a target

Software Key loggers and Countermeasures

These require the least technical sophistication to deploy (and keep active) effectively.

Software key loggers offer the user a wide-variety of data to capture such as screen shots and programs accessed as well as the keystroke data.

Keep in mind that most anti-malware programs are often not configured to detect commercial key loggers so you will have to familiarize yourself with the names of the executable files associated with such programs.

You can also use a LiveCD Operating system if you believe key logging software has been installed on your computer.

Unfortunately LiveCDs do not protect against malware that can embed itself into the system BIOS or against the next threat…

Hardware Keyloggers

Some of these seem Wile E. Coyote-esque in their silliness if you know what to look for.

As a rule of thumb,  the easier the hardware logger is to install, the easier it is to detect and disable.

Keep in mind that the very obvious hardware key loggers pictured above that connect to the USB port or the nearing obsolescence PS/2 cable(the purple and green headed cables) could just be a “red herring” meant to distract you from something more insidious like a key logger installed inside of a keyboard, laptop or BIOS-embedded malware.

So What Can I do to protect myself?

Evaluate your threat profile. If something seems out of place, it is out of place! Change your passwords frequently.

Countermeasures to Hardware Key Loggers

  • Check your keyboard cables and where they connect into the computer!
  • Check for anything attached to the video monitor cables
  • Check on and around your keyboard for:
    • Any tool marks
    • Glue residue
    • Small red, yellow, or gray bits of plastic
    • Loose screws
    • Stripped screws
    • Rattling noises inside the keyboard
    • Unexplained dust that looks like plastic shavings
    • Broken hard pieces of plastic
    • If the halves of the keyboard seem to fit incorrectly
  • Use a rubber or “floppy” keyboard.
    • Since these are seamless, it more difficult to open them up and close them without it looking like they have been tampered with.
    • These are also more resistant to acoustic microphones meant to record the unique sounds that each keyboard key makes.
  • Setup video monitoring of your computer desk.
    • Have one camera hidden and another camera out in the open (the “red herring”)
  • Tape offbeat colored tape around the “seams” of the keyboard and over the screw holes of the keyboard.
    • Use multiple colors and different size strands and put them in a pattern that you will remember but an outside observer may not make sense of.
    • Not too many tacticool operator spooks will routinely carry pink zebra stripe tape with them!
  • Turn off any wireless devices in your area and then use a portable WiFi signal detector around your computer to see if there are any signals coming out.
  • Use a white noise generator to mitigate the risk of an acoustic monitoring device

BIOS-Embedded Malware

This article is by no means meant to be exhaustive and as always I encourage the reader to do their own research and make their own conclusions.

Tagged with: , , , , , ,
Posted in Cybersecurity
2 comments on “Defending against Keyloggers
  1. […] Defending against Keyloggers ( […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: