How private is your PC data? Thanks to the proliferation of Internet worms and hardware and software spying tools, the erosion of loyalty between corporations and their employees, and the 9/11 disaster (which has caused many to value security over privacy and civil rights), the likelihood is greater than ever that your computer is reporting your every move to a suspicious spouse, a government agency, an employer, or the entire world. In this article, we'll cover the most prevalent spying hardware and software and explain how it can be used, abused, and detected.
A hardware key logger is a device that captures keystrokes en route from keyboard to PC. KeyGhost (www.keyghost.com), a New Zealand company, offers two hardware key loggers. The first is an inconspicuous cable that runs from the keyboard to the PC (prices start at $139 and go up to $409 direct). The second is a keyboard with the logging hardware tucked entirely inside the case ($189 and up).
The company claims to have a wide variety of bugged keyboards ready-made to match many brands of computers. If your existing keyboard is unique, KeyGhost will modify it and return it with the logger hidden inside. Both the internal and external versions have maximum capacities of about 2MB—enough memory to capture as much as a year's worth of typing. The Spy Store (www.thespystore.com/pcsurveillance.htm) shows a more compact external key logger ($139 direct). It has a smaller memory capacity, but its capabilities are otherwise similar.
Hardware key loggers usually can't be detected by software and may be tough for non-technical users to spot. They're also compatible with most operating systems and don't require complicated installations. The main drawback is that they can't capture the information that appears on the screen but isn't typed in by the user. So hardware devices are best used to sniff out small but vital pieces of information, such as passwords.
Although keystroke-logging hardware is relatively new, software that performs the same function is not. In 1988, I implemented a primitive network keystroke logger as a DOS TSR, using the NetBIOS protocol. My motivation at the time was not to spy but to ensure that my programming work was preserved on another machine in the event of a system crash.
But today's spying programs do much more than log keystrokes. Spying software can be selective about the data it captures; administrators can set the software to skim information and then capture more data when certain criteria are met. WinWhatWhere Investigator (www.winwhatwhere.com), a major product in the monitoring market, captures keystrokes, e-mails information about your activities when key phrases are entered, and even renames itself and changes its location at random. If the victim's machine has a Webcam connected, WinWhatWhere snaps pictures periodically and sends them out surreptitiously.
SpectorSoft (www.spectorsoft.com) makes Spector Pro, which captures screen shots, records e-mail and chat sessions, and logs keystrokes. In short, if something of interest to you happens on a user's machine, you will not only know what the person typed, you'll have logs of e-mail and chat room conversations and pictures of the screen.
Competing products such as D.I.R.T., from Codex Data Systems' (www.codexdatasystems.com/menu.html), offer similar features. And several keystroke logger programs are freely available for download from many shareware archives. Logging software is easier to detect via system diagnostic tools, however, and may be wiped off the hard drive by reconfiguring or reinstalling the operating system.
In some cases, spying software may be installed as a virus, worm, or Trojan horse that arrives via e-mail or an infected file. BackOrifice, a program created by a group of rogue hackers called The Cult of the Dead Cow, can be installed in this way and can spy on and even commandeer the victim's system. Several recent worms, including Badtrans.B, attempt to capture passwords and credit card information from users' systems and forward the information to the worms' creators via e-mail or Internet relay chat (IRC).
Another spying technique uses a network sniffer (usually a computer running special software) installed on the same LAN as the victim's computer or upstream between the victim's computer and the Internet. The sniffer taps and records the raw data flowing between the victim and other machines; this data can be scanned later.
Only a few Internet protocols use encryption. E-mail is most often sent and retrieved as plain text, and the password needed to break into someone's electronic mailbox is very rarely encrypted. If encryption is used, a key logger can often be used to discover the password that unlocks the data.
The FBI's Carnivore system, which is installed at ISP facilities to collect evidence, is one example of a network sniffer. Civilian tools that can sniff LAN traffic—even on
networks supposedly protected from monitoring by network switches—are widely available for free via the Internet.
Even if the party who wants to spy on you has no physical access to your network, you cannot necessarily rest easy. A cracker who manages to gain control of any vulnerable system on your network can set it up to sniff traffic from the rest of the network. And recently revealed bugs in most implementations of SNMP (Simple Network Management Protocol) may provide an easy way for intruders to take over managed hubs and switches, routers, print servers, and network appliances. (For more on these bugs, see the CERT advisory.)
No comments:
Post a Comment