Keyloggers
Introduction
When speaking about keyloggers, people usually mean malicious software programs that try to receive personal information by monitoring keystrokes. All though most keyloggers are software programs, it is not the only version of keyloggers. It can also exist in the form of hardware attached inside for example the computer or keyboard.
Keyloggers are not only malicious software. It is also legitimate software programs that can help parents monitor their children’s activities on the internet or employers to make sure the company computers are only used for business purposes by the employees. When it is used with malicious intent, the keyloggers can record information of what keys is pressed on the user’s keyboard and therefore obtain private user names and passwords. This data is then passed on to the cyber criminals who can use the information to do serious harm to the affected user.
How do keyloggers work?
Let us first look at software keyloggers. They can infiltrate a computer when a program is installed. One common method to spread the keylogger is by using scam emails and social engineering to trick users into downloading and installing the malicious software. The user believes that he/she is installing a necessary, safe program but instead allows the keylogger to be installed and start to gather crucial information.
A common method that keyloggers use is having a hook mechanism to monitor the keystrokes made by the user. By using the windows function SetWindowsHookEx(), the keylogger can recognize which keys that are pressed. That information is copied and stored in a log file before it is passed on forward to its intended procedure. The log file possibly filled with important information can then be forwarded to the cyber-criminal without raising any suspicion from the user.
Another type of keyloggers operates on the Kernel level. These types of keyloggers recognizes the keystrokes before the operating system and applications does. The data is saved and sent to the cyber-criminal. Kernel keyloggers are difficult to detect for regular anti-malware programs, and often some kind of rootkit detection software needs to be used.
There is also hardware keyloggers. These are devices that are attached between the keyboard and the computer, for example at the computers connection port for the keyboard. More Similar to how software keyloggers work, these devices can log and store all the strokes of the keyboard in an internal memory. The memory is often accessed through typing a specified password for the device in a text editor. They have an advantage compared to the software keyloggers in the fact that they are not detected my anti-spyware programs. However, they are usually visible and can be detected by an aware user.
Usage of keyloggers
Keyloggers are not only used by criminals to steal private information. As mentioned in the introduction, it can also be a legitimate tool to use to control activities performed on the computer. When keyloggers are used as parental control, the program can keep track on the children’s conversations on social media and email. It can take screenshots of what is on the screen when a certain word is typed, for instance “love” or “credit card”. The program can also send emails to the parent with notifications regarding if any suspicious activities have occurred in the latest, pre-defined time period.
Using parental control does not have to be because the parent wants to spy on its child, it can also be a way to protect the child from child predators or other people with bad intent.
Companies can use keylogger programs to keep track of employees’ internet activities. This can be more important than it sounds. By using a keylogger, the company can detect if an employee is leaking confidential material that belongs to the company. The employer can also see if a worker is using its computer for different purposes other than work related purposes.
Keyloggers used with illegal intent poses as one of the biggest risks to users of all cybercrimes. They are hard to detect and can inflict massive damage by retrieving user names and passwords. After retrieving the user’s account information, the cyber-criminal can access the user’s bank account and transfer away money.
Protection against keyloggers
Since there are a lot of different types of keyloggers, there are also different ways to defend yourself against them. An on-screen keyboard that temporary replaces the physical keyboard is effective against hardware keyloggers. Anti-virus programs can be useful against software keyloggers that use a hook mechanism. The anti-virus programs are able to detect keyloggers by examining the executable codes and by looking for known behaviors of keyloggers using hook methods. One-time passwords can work against keyloggers in order to protect login credentials, but this does not stop the keylogger from later on retrieving bank account number once the user is already logged in. Another way to stay protected against keyloggers are to use two-step authentication. By using the latter, the significance of the password is partly removed because the user has to confirm his identity one more time by using another device such as a cell phone. Then even if the keylogger retrieves the login credentials they can not be used by a third part to login because they do not have access to the second device.
Conclusion
Keyloggers are powerful programs that can be useful to control activities performed on a computer when they are legitimately used. However, they can also be malicious programs that tries to infiltrate computers to retrieve passwords and other confidential information. There are both software keyloggers and hardware keyloggers and they need to be defended against with different methods. Anti-virus software and two-step authentication are examples of protection against keyloggers.