Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Suspected Keylogger... Need Advice

Reply
Thread Tools

Suspected Keylogger... Need Advice

 
 
J.F
Guest
Posts: n/a
 
      07-23-2005
Hi,

I have a PC which I suspect has a hardware key logger. There is no
physically evidence of such, but none the less, I have to presume a
key logger is on my system and need to take temporary measurers to
avoid it

I've thought on ways I could avoid it and came up with this following
idea.

I type the first word of my passphrase in the bestcrypt dialog box. I
then switch to notepad and typed in some other random words not
connected to my passphrase. I then switch back to bestcrypt dialog box
and type in the next word of my passphrase, and again, switch back to
notepad and type in more random words. I do this repeatedly until I
complete my passphrase.

Now, with the method I just described, would this thwart a key logger
attack? would the key logger know which words were being typed into
which window?

If it can then obviously this method is useless, but can anyone
confirm this for me?

I would be grateful for any ones expert advice on this matter as It is
extremely important.

Regards.

JJ
 
Reply With Quote
 
 
 
 
Gerard Bok
Guest
Posts: n/a
 
      07-23-2005
On Sat, 23 Jul 2005 11:02:23 +0100, "J.F <>" <> wrote:

>I have a PC which I suspect has a hardware key logger. There is no
>physically evidence of such, but none the less, I have to presume a
>key logger is on my system and need to take temporary measurers to
>avoid it
>
>I've thought on ways I could avoid it and came up with this following
>idea.
>
>I type the first word of my passphrase in the bestcrypt dialog box. I
>then switch to notepad and typed in some other random words not
>connected to my passphrase. I then switch back to bestcrypt dialog box
>and type in the next word of my passphrase, and again, switch back to
>notepad and type in more random words. I do this repeatedly until I
>complete my passphrase.
>
>Now, with the method I just described, would this thwart a key logger
>attack? would the key logger know which words were being typed into
>which window?
>
>If it can then obviously this method is useless, but can anyone
>confirm this for me?
>
>I would be grateful for any ones expert advice on this matter as It is
>extremely important.


It all depends on what is being logged. If it is just keystrokes,
than you might be on the right track.
(Hint: type your passphrase --or part of it-- on another PC,
write it to a floppy, copy and paste, using your mouse ....)

But if someone is watching your actions on your PC, it is
feasable that they can replicate whatever you are doing.

By the way: if you really suspect the precence of an (internal)
PS/2 keyboard logger, the solution is even simpler.
It's called an USB keyboard
And if the only cause for your suspicion is the Dell label on
your laptop: that's a well documented hoax

--
Kind regards,
Gerard Bok
 
Reply With Quote
 
 
 
 
J.F
Guest
Posts: n/a
 
      07-23-2005

>
>It all depends on what is being logged. If it is just keystrokes,
>than you might be on the right track.
>(Hint: type your passphrase --or part of it-- on another PC,
>write it to a floppy, copy and paste, using your mouse ....)
>
>But if someone is watching your actions on your PC, it is
>feasable that they can replicate whatever you are doing.
>
>By the way: if you really suspect the precence of an (internal)
>PS/2 keyboard logger, the solution is even simpler.
>It's called an USB keyboard
>And if the only cause for your suspicion is the Dell label on
>your laptop: that's a well documented hoax



Thanks for your advice. I'm told a keylogger will only record the
backspace key and not the letter it deleted, so, I'm going to also
use the backspace key to delete unwanted characters in the passphrase,
just to make it more complicated.

Regards,
JJ
 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      07-23-2005
J.F <> wrote:
> Hi,
>
> I have a PC which I suspect has a hardware key logger. There is no
> physically evidence of such, but none the less, I have to presume a
> key logger is on my system and need to take temporary measurers to
> avoid it
>
> I've thought on ways I could avoid it and came up with this following
> idea.
>
> I type the first word of my passphrase in the bestcrypt dialog box. I
> then switch to notepad and typed in some other random words not
> connected to my passphrase. I then switch back to bestcrypt dialog box
> and type in the next word of my passphrase, and again, switch back to
> notepad and type in more random words. I do this repeatedly until I
> complete my passphrase.
>
> Now, with the method I just described, would this thwart a key logger
> attack? would the key logger know which words were being typed into
> which window?
>
> If it can then obviously this method is useless, but can anyone
> confirm this for me?
>
> I would be grateful for any ones expert advice on this matter as It is
> extremely important.
>
> Regards.
>
> JJ

Depends on the keylogger implementation, you should be able to find the
process and kill it, unless you do not have root authority on the local
machine.

Winged
 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      07-23-2005
J.F <> wrote:
>>It all depends on what is being logged. If it is just keystrokes,
>>than you might be on the right track.
>>(Hint: type your passphrase --or part of it-- on another PC,
>>write it to a floppy, copy and paste, using your mouse ....)
>>
>>But if someone is watching your actions on your PC, it is
>>feasable that they can replicate whatever you are doing.
>>
>>By the way: if you really suspect the precence of an (internal)
>>PS/2 keyboard logger, the solution is even simpler.
>>It's called an USB keyboard
>>And if the only cause for your suspicion is the Dell label on
>>your laptop: that's a well documented hoax

>
>
>
> Thanks for your advice. I'm told a keylogger will only record the
> backspace key and not the letter it deleted, so, I'm going to also
> use the backspace key to delete unwanted characters in the passphrase,
> just to make it more complicated.
>
> Regards,
> JJ

I still say killing the keylogger is best advice. If that is not
possible you may as well give it up, you can't hide easily if you don't
own the system.

Winged
 
Reply With Quote
 
GregRo
Guest
Posts: n/a
 
      07-23-2005
If you own the system. The only way to get rid of hidden keylogger
is to use a disk wiping program from a boot disk bcwipepd.exe will
wipe you hard drive and partition, not mater what the file system is.

Then either reinstall the oses or use the restore cd.
You might want to install the virus scanner and firewall before you go
onlne.

Greg Ro
 
Reply With Quote
 
Joachim Schipper
Guest
Posts: n/a
 
      07-23-2005
GregRo <(E-Mail Removed)> wrote:
> If you own the system. The only way to get rid of hidden keylogger
> is to use a disk wiping program from a boot disk bcwipepd.exe will
> wipe you hard drive and partition, not mater what the file system is.
>
> Then either reinstall the oses or use the restore cd.
> You might want to install the virus scanner and firewall before you go
> onlne.


Erm... the OP suspected a *hardware* keylogger.

Joachim
 
Reply With Quote
 
Wheaty
Guest
Posts: n/a
 
      07-24-2005
J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
4ax.com:

> Hi,
>
> I have a PC which I suspect has a hardware key logger. There is no
> physically evidence of such, but none the less, I have to presume a
> key logger is on my system and need to take temporary measurers to
> avoid it
>
> I've thought on ways I could avoid it and came up with this following
> idea.
>
> I type the first word of my passphrase in the bestcrypt dialog box. I
> then switch to notepad and typed in some other random words not
> connected to my passphrase. I then switch back to bestcrypt dialog box
> and type in the next word of my passphrase, and again, switch back to
> notepad and type in more random words. I do this repeatedly until I
> complete my passphrase.
>
> Now, with the method I just described, would this thwart a key logger
> attack? would the key logger know which words were being typed into
> which window?
>
> If it can then obviously this method is useless, but can anyone
> confirm this for me?
>
> I would be grateful for any ones expert advice on this matter as It is
> extremely important.
>
> Regards.
>
> JJ


My first question is who owns the system? If it is yours tear it down. If
it isn't, then find out why they are logging your key strokes. Depending
on where you live, it is mandatory that they inform you they are
recording/monitoring your activities. Some places do not need to do this
though, so check the local laws.
My next question is, what makes you suspect a keylogger? Most over the
counter hardware keyloggers have physical evidence (usually a small
attachment between the keyboard and main board) and are spotted quite
quickly by anyone with a little know-how, however their activities are
undetectable (for the most part). Other, more surreptitious units, can be
very difficult to trace, and the best solution is to simply replace the
keyboard (usually) or suspected offending piece of hardware. I would have
to ask, if they went to enough trouble to install a custom made keyboard
with a logging device in it, did you do something to warrant it?
Also, if somebody is going to all the trouble to record your activities,
there is a fairly good chance that they are capturing any network traffic
generated by your workstation as well. Any Sysadmin worth his salt would
cover his ass as much as possible. This is assuming this situation is at
work, and not at home.

--
Wheaty

I would much rather have a bottle in front of me than a frontal
labotomy....
 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      07-24-2005
Wheaty wrote:
> J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
> 4ax.com:
>
>
>>Hi,
>>
>>I have a PC which I suspect has a hardware key logger. There is no
>>physically evidence of such, but none the less, I have to presume a
>>key logger is on my system and need to take temporary measurers to
>>avoid it
>>
>>I've thought on ways I could avoid it and came up with this following
>>idea.
>>
>>I type the first word of my passphrase in the bestcrypt dialog box. I
>>then switch to notepad and typed in some other random words not
>>connected to my passphrase. I then switch back to bestcrypt dialog box
>>and type in the next word of my passphrase, and again, switch back to
>>notepad and type in more random words. I do this repeatedly until I
>>complete my passphrase.
>>
>>Now, with the method I just described, would this thwart a key logger
>>attack? would the key logger know which words were being typed into
>>which window?
>>
>>If it can then obviously this method is useless, but can anyone
>>confirm this for me?
>>
>>I would be grateful for any ones expert advice on this matter as It is
>>extremely important.
>>
>>Regards.
>>
>>JJ

>
>
> My first question is who owns the system? If it is yours tear it down. If
> it isn't, then find out why they are logging your key strokes. Depending
> on where you live, it is mandatory that they inform you they are
> recording/monitoring your activities. Some places do not need to do this
> though, so check the local laws.
> My next question is, what makes you suspect a keylogger? Most over the
> counter hardware keyloggers have physical evidence (usually a small
> attachment between the keyboard and main board) and are spotted quite
> quickly by anyone with a little know-how, however their activities are
> undetectable (for the most part). Other, more surreptitious units, can be
> very difficult to trace, and the best solution is to simply replace the
> keyboard (usually) or suspected offending piece of hardware. I would have
> to ask, if they went to enough trouble to install a custom made keyboard
> with a logging device in it, did you do something to warrant it?
> Also, if somebody is going to all the trouble to record your activities,
> there is a fairly good chance that they are capturing any network traffic
> generated by your workstation as well. Any Sysadmin worth his salt would
> cover his ass as much as possible. This is assuming this situation is at
> work, and not at home.
>



Only one comment here, all of our users consent to monitoring at any
time for any reason or even no reason. In the US, since the business
owns the asset, the supreme court has determined the business is offered
a lot of leeway in what they can or can't do with "their" asset. We
don't tell folks any more than a warning banner that they must accept
before they can even log into our systems. In the US if this is done
(and most major concerns do), they need provide no further notice.

Keylogging is done by many different threat vectors, fellow
employees,ex-employees, industrial espionage, the owning entity,
crackers, activists, foreign espionage both corporate and national, and
even disgruntled customers.

Due to all of these vectors, methods, and techniques vary considerably
and are available. Their are monitors that allow for tapping the video
as well as for any device on the system. Depends how bad one wants it,
how much access one has to the device.

Winged
 
Reply With Quote
 
GregRo
Guest
Posts: n/a
 
      07-25-2005
On Sun, 24 Jul 2005 17:22:39 -0500, Winged <(E-Mail Removed)>
wrote:

>Only one comment here, all of our users consent to monitoring at any
>time for any reason or even no reason. In the US, since the business
>owns the asset, the supreme court has determined the business is offered
>a lot of leeway in what they can or can't do with "their" asset. We
>don't tell folks any more than a warning banner that they must accept
>before they can even log into our systems. In the US if this is done
>(and most major concerns do), they need provide no further notice.
>


That at some business and it should not be for homes.
I wouldn't want my credit card number read.

I wonder how business handle credit cards orders that have keylogger
on their systems.

Actual at business it could be a security problem. What if some
private information got ought because of the key logger?

I consider keylogger wrong no matter how they are used.


Greg R
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspected monitor problem Moody Marco Computer Support 3 02-27-2005 12:28 PM
aspnet_wp.exe (PID: 1864) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds. bmmodi ASP .Net 1 12-02-2004 03:45 AM
Suspected dead HD HC Computer Support 9 11-04-2004 02:34 AM
Mesage to ICee - Ref Suspected Memory Problem Vincent Wonnacott Computer Support 1 05-28-2004 03:41 PM
Re: I am suspected of INDECENT EXPOSURE, need legal advice!! rikijo_rulez@prontomail.com Digital Photography 0 02-11-2004 05:18 AM



Advertisments