A type of computer attack that I’ve always feared the most and one that doesn’t really get a lot of spotlight are keyloggers. As the name implies, this type of attack basically captures all of your keystrokes as you type them on your keyboard. Everything from your online banking passwords, email accounts, to the chat log with your ex-lover will be recorded and sent to the hacker. While they necessarily could care less about your rekindling with an ex-lover (although extortion could be a possibility), the real jackpot is the data gathered from the financial websites you’ve visited. Once they capture your account’s information, they can now easily impersonate you unless the bank employs some type of protection against this. If they do, it’s usually an authentication email being sent and if the keylogger captures the victim’s email account login information as well, then I’m sure you can guess what’s going to happen next. Learn how to prevent this type of attack by reading further.
A big reason why I automatically distrust public along with computers owned by friends is due to the possibility that it may contain malware. Now that I think about it, I basically distrust any computer that I don’t inherently own. Some may think that as a bit paranoid but that’s mainly due to you forgetting one very basic computer security tenet: once a bad guy gets you to run his/her software on your computer, it’s not your computer anymore. Once you hand over your personal information, even if it happened just one time, that information is not private anymore. All it takes is just one inciden. So now you may be thinking, “Well Mr. Perfect, how do you know that the computer that you do own isn’t infected with malware as well?”. The correct answer is that I really can’t 100% be sure as well. However, at least I know that I have taken all the right pre-cautions and practiced safe computing habits to greatly minimize the chances of it being infected with malware. Can you say the same for that computer you’re sitting in front of at your public library? Can you say the same when you are using your friend’s computer to log in to your financial website? I doubt it.
Keyloggers usually come in two different forms. It can either be run at the software level or at the hardware level. At the software level, it’s just another type of malicious program code that usually runs without your knowledge. In the background though, it’s doing the nasty work of capturing (at least try to) your keystrokes and saving it to a log file of some sort. If it doesn’t sound too complicated, it’s because it really isn’t. However, you can already tell the serious consequences of having one of these keyloggers installed on your computers.
Are all keylogging activities bad? Not really. There are some reasons why a person would want to legitimately use keyloggers. Here are two common scenarios I can immediately think of:
A) You’re a parent and want to monitor what your kids are doing online. This may range from learning what sites they visit to who they chat with along with exactly what it is they may be chatting about. Maybe you want to make sure they aren’t chatting with strangers on Facebook or Myspace? In this modern world, many kids learn to use computers at an early age. Combine that knowledge with a child’s curiosity and it can be a recipe for disaster. Whatever the case, a keylogger may be helpful in such situations. However, parents need to be aware of software keyloggers they download. Many keyloggers are actually malware themselves and you’ll be shooting yourself in the foot if you’re not careful.
B) You’re worried about your current lover secretly cheating on you on the web. He/she agrees to never talk to their ex-lover again, you find it suspicious and want to know for sure if they are keeping on their promise by monitoring their chat logs and email, blah blah blah, you know the rest. Using keyloggers in this situation is the oldest trick in the book. What better way to find the truth than to initiate a little spy operation?
Whatever the scenario may be, just know that in most cases, using keyloggers is an invasion of someone’s privacy no matter how you look at it. How you actually interpret that is totally up to you. If you’re a parent, you could instill fear into your kids by actually warning them *ahead of time* that you are monitoring their behavior on the computer. If they know ahead of time, is this still consider an invasion of privacy? I’ll leave that issue up for debate. Also, whether or not your kids call your bluff or not is another totally different story!
Defeating Software Keyloggers
KeyScambler by QFX Software aims to thwart software keyloggers that might be installed on a given system by actually encrypting your keystrokes at the kernel layer. Needless to say, the kernel level is a very, very deep area within your system. Here is a basic picture of how Keyscrambler works as depicted by on their website:
The free and personal edition of Keyscrambler only allows you to encrypt keystrokes for the Internet Explorer, Firefox and Flock browsers. Nothing else. If you need to use Keyscrambler for your other applications and games, including the Windows logon itself, you’ll need to either pay for the professional or premium edition of Keyscrambler. You can compare between the three different editions here. I’ll be using the personal edition as I only care about encrypting my keystrokes when using Firefox since most of my secrets are based online.You can download Keyscrambler from here.
1. The latest version as of this writing is version 2.7. Keyscrambler basically works on all Windows operating system versions from Windows 2000 and above. Good news indeed!
Installation is dead simple. Click on the executable to start the process. You’ll be asked which components to install. Since we are using the personal edition, we only have three choices. I won’t using the Flock browser anytime soon so it’s pretty safe for me to leave that option alone.
Next up you will be asked to install the Keyscrambler Firefox browser plug-in. Go ahead and do so.
Before Firefox restarts, you’ll most likely be presented with a warning message stating that if you see an Encryption Module Error from Keyscrambler, you’ll need to reboot your computer.
2. Once you reboot the computer, Keyscambler should then work as advertised. You wouldn’t at first notice any difference. Once you start Firefox though, Keyscrambler will automatically kick in. As you type, you’ll notice the Keyscrambler notification at the top left hand corner of Firefox. Keyscrambler shows you in real-time the encryption of your keystrokes as you type them. You should see a bunch of random characters and this is what you would want to see. These random characters are what keyloggers, if present in your system, would log into their log files.
Luckily, Keyscrambler allows you to choose where to place the display panel. Look at your notification tray at the bottom right corner and find the icon with the letter “K” on it. Right click it and select Options. Select the Display tab and you’ll get to choose where to place the overlay window. To be as unobtrusive as possible, select the Tray Icon option. From then on, you’ll only see the encrypted keystrokes via the Keyscrambler icon one character at a time.
Here is a short video demonstration by QFX Software showing what would happen when a keylogger is installed on your system and you’re not being protected with Keyscrambler:Oddly enough, Keyscrambler doesn’t work similarly in Internet Explorer as does in Firefox. Keyscrambler doesn’t encrypt my keystrokes when typing in the URL address bar as evident by the yellow Keyscrambler icon (which means you’re not being protected). However, once I begin typing in a field *within* the Internet Explorer’s browser, my keystrokes are only then encrypted. Not really sure why this is so. I haven’t found any information regarding this issue on their FAQ’s page so I’ll email them and see what they say about it.
- It’s best to train yourself to not use a foreign computer for taking care of your private businesses unless absolutely necessary. By doing so, you limit the chances of exposing your private information to attackers. You really can’t trust computers that you don’t own yourself. In a way, you really can’t entirely trust your own computer 100% too! Just because your anti-virus software is telling you everything is A-OK doesn’t actually means your computer is spot free clean. It just means that according to *that* anti-virus product, nothing shows up in your system as malicious. If you find that you much perform a serious transaction online away from your home computers, use a Live CD.
- Virtualization will not help deterring against keylogging attacks. Your keystrokes will still be logged.
- Hardware keyloggers are especially dangerous and more harder to deter. This type of attack usually occurs in work environments and not in your home. Once in a while, check the rear of your computer to make sure that nothing is sitting between the keyboard connector and the computer port. If you do find a strange looking device, notify your IT department immediately. Even if you aren’t sure if it’s a keylogger or not, if something looks out of place, let someone know about it. Better safe than sorry.
- If you notice that your email or financial accounts have been accessed by someone other than yourself, immediately notify the company. Quickly change your password as well. Your password might have been either guessed correctly by the attacker, could have been given away due to a keylogger installed on your system, or due to some other malicious activity.
In the End…
I find that Keyscrambler will make a very warming addition to the default tools I install on the computers I use. Like I said in the very beginning, I fear keylogging attacks the most. With Keyscrambler enabled, I can at least have some type of confidence of defeating software keyloggers should they actually find a way into my system. Right now, I am hoping for a portable version of Keyscrambler. With it, I can have another added layer of protection when using computers that I don’t actually own.
Some users will automatically distrust the Keyscrambler product because of it’s ability to penetrate into the kernel level of a system. With it also being a closed source software, advance users will distrust it even more. I find that kind of bogus though. Any time you install any type of software, whether it is closed source or open source, you increase the attack surface of your computer. However, that’s a debate for another time. Right now, all I know is that Keyscrambler is easy to use (you actually don’t have to do anything extra post installation), is free, and it actually works.