Suspected Keylogger... Need Advice

Discussion in 'Computer Security' started by J.F, Jul 23, 2005.

  1. J.F

    J.F Guest

    Hi,

    I have a PC which I suspect has a hardware key logger. There is no
    physically evidence of such, but none the less, I have to presume a
    key logger is on my system and need to take temporary measurers to
    avoid it

    I've thought on ways I could avoid it and came up with this following
    idea.

    I type the first word of my passphrase in the bestcrypt dialog box. I
    then switch to notepad and typed in some other random words not
    connected to my passphrase. I then switch back to bestcrypt dialog box
    and type in the next word of my passphrase, and again, switch back to
    notepad and type in more random words. I do this repeatedly until I
    complete my passphrase.

    Now, with the method I just described, would this thwart a key logger
    attack? would the key logger know which words were being typed into
    which window?

    If it can then obviously this method is useless, but can anyone
    confirm this for me?

    I would be grateful for any ones expert advice on this matter as It is
    extremely important.

    Regards.

    JJ
    J.F, Jul 23, 2005
    #1
    1. Advertising

  2. J.F

    Gerard Bok Guest

    On Sat, 23 Jul 2005 11:02:23 +0100, "J.F <>" <> wrote:

    >I have a PC which I suspect has a hardware key logger. There is no
    >physically evidence of such, but none the less, I have to presume a
    >key logger is on my system and need to take temporary measurers to
    >avoid it
    >
    >I've thought on ways I could avoid it and came up with this following
    >idea.
    >
    >I type the first word of my passphrase in the bestcrypt dialog box. I
    >then switch to notepad and typed in some other random words not
    >connected to my passphrase. I then switch back to bestcrypt dialog box
    >and type in the next word of my passphrase, and again, switch back to
    >notepad and type in more random words. I do this repeatedly until I
    >complete my passphrase.
    >
    >Now, with the method I just described, would this thwart a key logger
    >attack? would the key logger know which words were being typed into
    >which window?
    >
    >If it can then obviously this method is useless, but can anyone
    >confirm this for me?
    >
    >I would be grateful for any ones expert advice on this matter as It is
    >extremely important.


    It all depends on what is being logged. If it is just keystrokes,
    than you might be on the right track.
    (Hint: type your passphrase --or part of it-- on another PC,
    write it to a floppy, copy and paste, using your mouse ....)

    But if someone is watching your actions on your PC, it is
    feasable that they can replicate whatever you are doing.

    By the way: if you really suspect the precence of an (internal)
    PS/2 keyboard logger, the solution is even simpler.
    It's called an USB keyboard :)
    And if the only cause for your suspicion is the Dell label on
    your laptop: that's a well documented hoax :)

    --
    Kind regards,
    Gerard Bok
    Gerard Bok, Jul 23, 2005
    #2
    1. Advertising

  3. J.F

    J.F Guest


    >
    >It all depends on what is being logged. If it is just keystrokes,
    >than you might be on the right track.
    >(Hint: type your passphrase --or part of it-- on another PC,
    >write it to a floppy, copy and paste, using your mouse ....)
    >
    >But if someone is watching your actions on your PC, it is
    >feasable that they can replicate whatever you are doing.
    >
    >By the way: if you really suspect the precence of an (internal)
    >PS/2 keyboard logger, the solution is even simpler.
    >It's called an USB keyboard :)
    >And if the only cause for your suspicion is the Dell label on
    >your laptop: that's a well documented hoax :)



    Thanks for your advice. I'm told a keylogger will only record the
    backspace key and not the letter it deleted, so, I'm going to also
    use the backspace key to delete unwanted characters in the passphrase,
    just to make it more complicated.

    Regards,
    JJ
    J.F, Jul 23, 2005
    #3
  4. J.F

    Winged Guest

    J.F <> wrote:
    > Hi,
    >
    > I have a PC which I suspect has a hardware key logger. There is no
    > physically evidence of such, but none the less, I have to presume a
    > key logger is on my system and need to take temporary measurers to
    > avoid it
    >
    > I've thought on ways I could avoid it and came up with this following
    > idea.
    >
    > I type the first word of my passphrase in the bestcrypt dialog box. I
    > then switch to notepad and typed in some other random words not
    > connected to my passphrase. I then switch back to bestcrypt dialog box
    > and type in the next word of my passphrase, and again, switch back to
    > notepad and type in more random words. I do this repeatedly until I
    > complete my passphrase.
    >
    > Now, with the method I just described, would this thwart a key logger
    > attack? would the key logger know which words were being typed into
    > which window?
    >
    > If it can then obviously this method is useless, but can anyone
    > confirm this for me?
    >
    > I would be grateful for any ones expert advice on this matter as It is
    > extremely important.
    >
    > Regards.
    >
    > JJ

    Depends on the keylogger implementation, you should be able to find the
    process and kill it, unless you do not have root authority on the local
    machine.

    Winged
    Winged, Jul 23, 2005
    #4
  5. J.F

    Winged Guest

    J.F <> wrote:
    >>It all depends on what is being logged. If it is just keystrokes,
    >>than you might be on the right track.
    >>(Hint: type your passphrase --or part of it-- on another PC,
    >>write it to a floppy, copy and paste, using your mouse ....)
    >>
    >>But if someone is watching your actions on your PC, it is
    >>feasable that they can replicate whatever you are doing.
    >>
    >>By the way: if you really suspect the precence of an (internal)
    >>PS/2 keyboard logger, the solution is even simpler.
    >>It's called an USB keyboard :)
    >>And if the only cause for your suspicion is the Dell label on
    >>your laptop: that's a well documented hoax :)

    >
    >
    >
    > Thanks for your advice. I'm told a keylogger will only record the
    > backspace key and not the letter it deleted, so, I'm going to also
    > use the backspace key to delete unwanted characters in the passphrase,
    > just to make it more complicated.
    >
    > Regards,
    > JJ

    I still say killing the keylogger is best advice. If that is not
    possible you may as well give it up, you can't hide easily if you don't
    own the system.

    Winged
    Winged, Jul 23, 2005
    #5
  6. J.F

    GregRo Guest

    If you own the system. The only way to get rid of hidden keylogger
    is to use a disk wiping program from a boot disk bcwipepd.exe will
    wipe you hard drive and partition, not mater what the file system is.

    Then either reinstall the oses or use the restore cd.
    You might want to install the virus scanner and firewall before you go
    onlne.

    Greg Ro
    GregRo, Jul 23, 2005
    #6
  7. GregRo <> wrote:
    > If you own the system. The only way to get rid of hidden keylogger
    > is to use a disk wiping program from a boot disk bcwipepd.exe will
    > wipe you hard drive and partition, not mater what the file system is.
    >
    > Then either reinstall the oses or use the restore cd.
    > You might want to install the virus scanner and firewall before you go
    > onlne.


    Erm... the OP suspected a *hardware* keylogger.

    Joachim
    Joachim Schipper, Jul 23, 2005
    #7
  8. J.F

    Wheaty Guest

    J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
    4ax.com:

    > Hi,
    >
    > I have a PC which I suspect has a hardware key logger. There is no
    > physically evidence of such, but none the less, I have to presume a
    > key logger is on my system and need to take temporary measurers to
    > avoid it
    >
    > I've thought on ways I could avoid it and came up with this following
    > idea.
    >
    > I type the first word of my passphrase in the bestcrypt dialog box. I
    > then switch to notepad and typed in some other random words not
    > connected to my passphrase. I then switch back to bestcrypt dialog box
    > and type in the next word of my passphrase, and again, switch back to
    > notepad and type in more random words. I do this repeatedly until I
    > complete my passphrase.
    >
    > Now, with the method I just described, would this thwart a key logger
    > attack? would the key logger know which words were being typed into
    > which window?
    >
    > If it can then obviously this method is useless, but can anyone
    > confirm this for me?
    >
    > I would be grateful for any ones expert advice on this matter as It is
    > extremely important.
    >
    > Regards.
    >
    > JJ


    My first question is who owns the system? If it is yours tear it down. If
    it isn't, then find out why they are logging your key strokes. Depending
    on where you live, it is mandatory that they inform you they are
    recording/monitoring your activities. Some places do not need to do this
    though, so check the local laws.
    My next question is, what makes you suspect a keylogger? Most over the
    counter hardware keyloggers have physical evidence (usually a small
    attachment between the keyboard and main board) and are spotted quite
    quickly by anyone with a little know-how, however their activities are
    undetectable (for the most part). Other, more surreptitious units, can be
    very difficult to trace, and the best solution is to simply replace the
    keyboard (usually) or suspected offending piece of hardware. I would have
    to ask, if they went to enough trouble to install a custom made keyboard
    with a logging device in it, did you do something to warrant it?
    Also, if somebody is going to all the trouble to record your activities,
    there is a fairly good chance that they are capturing any network traffic
    generated by your workstation as well. Any Sysadmin worth his salt would
    cover his ass as much as possible. This is assuming this situation is at
    work, and not at home.

    --
    Wheaty

    I would much rather have a bottle in front of me than a frontal
    labotomy....
    Wheaty, Jul 24, 2005
    #8
  9. J.F

    Winged Guest

    Wheaty wrote:
    > J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
    > 4ax.com:
    >
    >
    >>Hi,
    >>
    >>I have a PC which I suspect has a hardware key logger. There is no
    >>physically evidence of such, but none the less, I have to presume a
    >>key logger is on my system and need to take temporary measurers to
    >>avoid it
    >>
    >>I've thought on ways I could avoid it and came up with this following
    >>idea.
    >>
    >>I type the first word of my passphrase in the bestcrypt dialog box. I
    >>then switch to notepad and typed in some other random words not
    >>connected to my passphrase. I then switch back to bestcrypt dialog box
    >>and type in the next word of my passphrase, and again, switch back to
    >>notepad and type in more random words. I do this repeatedly until I
    >>complete my passphrase.
    >>
    >>Now, with the method I just described, would this thwart a key logger
    >>attack? would the key logger know which words were being typed into
    >>which window?
    >>
    >>If it can then obviously this method is useless, but can anyone
    >>confirm this for me?
    >>
    >>I would be grateful for any ones expert advice on this matter as It is
    >>extremely important.
    >>
    >>Regards.
    >>
    >>JJ

    >
    >
    > My first question is who owns the system? If it is yours tear it down. If
    > it isn't, then find out why they are logging your key strokes. Depending
    > on where you live, it is mandatory that they inform you they are
    > recording/monitoring your activities. Some places do not need to do this
    > though, so check the local laws.
    > My next question is, what makes you suspect a keylogger? Most over the
    > counter hardware keyloggers have physical evidence (usually a small
    > attachment between the keyboard and main board) and are spotted quite
    > quickly by anyone with a little know-how, however their activities are
    > undetectable (for the most part). Other, more surreptitious units, can be
    > very difficult to trace, and the best solution is to simply replace the
    > keyboard (usually) or suspected offending piece of hardware. I would have
    > to ask, if they went to enough trouble to install a custom made keyboard
    > with a logging device in it, did you do something to warrant it?
    > Also, if somebody is going to all the trouble to record your activities,
    > there is a fairly good chance that they are capturing any network traffic
    > generated by your workstation as well. Any Sysadmin worth his salt would
    > cover his ass as much as possible. This is assuming this situation is at
    > work, and not at home.
    >



    Only one comment here, all of our users consent to monitoring at any
    time for any reason or even no reason. In the US, since the business
    owns the asset, the supreme court has determined the business is offered
    a lot of leeway in what they can or can't do with "their" asset. We
    don't tell folks any more than a warning banner that they must accept
    before they can even log into our systems. In the US if this is done
    (and most major concerns do), they need provide no further notice.

    Keylogging is done by many different threat vectors, fellow
    employees,ex-employees, industrial espionage, the owning entity,
    crackers, activists, foreign espionage both corporate and national, and
    even disgruntled customers.

    Due to all of these vectors, methods, and techniques vary considerably
    and are available. Their are monitors that allow for tapping the video
    as well as for any device on the system. Depends how bad one wants it,
    how much access one has to the device.

    Winged
    Winged, Jul 24, 2005
    #9
  10. J.F

    GregRo Guest

    On Sun, 24 Jul 2005 17:22:39 -0500, Winged <>
    wrote:

    >Only one comment here, all of our users consent to monitoring at any
    >time for any reason or even no reason. In the US, since the business
    >owns the asset, the supreme court has determined the business is offered
    >a lot of leeway in what they can or can't do with "their" asset. We
    >don't tell folks any more than a warning banner that they must accept
    >before they can even log into our systems. In the US if this is done
    >(and most major concerns do), they need provide no further notice.
    >


    That at some business and it should not be for homes.
    I wouldn't want my credit card number read.

    I wonder how business handle credit cards orders that have keylogger
    on their systems.

    Actual at business it could be a security problem. What if some
    private information got ought because of the key logger?

    I consider keylogger wrong no matter how they are used.


    Greg R
    GregRo, Jul 25, 2005
    #10
  11. J.F

    Wheaty Guest

    Winged babbled on about this
    news:cdff4$42e412e5$18d6d91e$:


    >
    >
    > Only one comment here, all of our users consent to monitoring at any
    > time for any reason or even no reason. In the US, since the business
    > owns the asset, the supreme court has determined the business is
    > offered a lot of leeway in what they can or can't do with "their"
    > asset. We don't tell folks any more than a warning banner that they
    > must accept before they can even log into our systems. In the US if
    > this is done (and most major concerns do), they need provide no
    > further notice.


    Here, we have to notify them that they are (or may be) monitored with a
    big bold sign everywhere within site of the workstation. It is kind of
    silly if you ask me. "Look we know your up to know good, so we just
    thought we would tell you that we are now going to try to catch you.
    Carry on."




    --
    Wheaty

    I would much rather have a bottle in front of me than a frontal
    labotomy....
    Wheaty, Jul 25, 2005
    #11
  12. J.F

    Ghostown Guest

    First off, you dont mention if the computer is yours. Yours as in "you have
    control and physical access to it".

    If you do, the first thing I would recommend is to disconnect it from the
    internet or your network until you can find out if you do indeed have a
    keylogger.

    Back up your important data and nuke the drive from orbit...its the only way
    to be sure.

    GT.
    Ghostown, Jul 31, 2005
    #12
  13. J.F

    gloomy Guest

    On Sat, 23 Jul 2005 08:24:16 -0500, Winged <>
    wrote:


    >I still say killing the keylogger is best advice.
    >Winged



    Tempting. Could be more trouble than he's worth ;)
    gloomy, Aug 17, 2005
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vincent Wonnacott

    Mesage to ICee - Ref Suspected Memory Problem

    Vincent Wonnacott, May 28, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    459
  2. HC

    Suspected dead HD

    HC, Nov 2, 2004, in forum: Computer Support
    Replies:
    9
    Views:
    1,154
    zippy do da
    Nov 4, 2004
  3. Replies:
    0
    Views:
    465
  4. Carol A

    Need help getting rid of Keylogger

    Carol A, Dec 21, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    534
    Rich Wilson
    Dec 21, 2005
  5. Roscoe P Pendoscoe
    Replies:
    13
    Views:
    1,935
    ♥Ari♥
    Dec 10, 2009
Loading...

Share This Page