Watch Out for Hardware Keyloggers
Keyloggers are either hardware devices or software which can record the key strokes of a user. Both are legal to own in the US and other countries despite their ability to be used in identity theft and fraud.
While software keyloggers are the most common, hardware ones need to be watched out for too. While this is true for any computer, it is especially true for public computers.
What do they look like?
Hardware keyloggers can be hard to spot. They are typically small and can be plugged into the back of a computer, unseen.
They often look like a USB flash drive or a keyboard connector. They are easily found online; even Amazon has several them. If you see any device plugged into a computer that is not yours, consider this a red flag. While there is a good chance the device will look like one shown in the link or below, there are others out there including those that are built-into devices such as the keyboard so that they cannot be spotted from the outside at all.
Why are they legal?
While they may be useful in fraud and identity theft, they do have valid uses. In testing software, knowing exactly what a user did is useful to programmers. That can effectively pin-point a problem in code. Employers can use them to monitor the progress and productively of employees. Some manufacturers advertise them as a form of backup, keeping each page you write even if the power goes out. While arguments can be made that they are more often used for nefarious reasons, in the right hands, they are a useful tool.
Have they actually been found on public computers?
Yes. Earlier this year, there was a case where hardware keyloggers were found on library computers in Manchester. In three separate locations, the devices were found plugged into public access machines. The type used here was the kind that looked like a USB flash drive. Authorities advise greater vigilance, especially for the employees, but users need to be alert too.
It should be noted that it is generally unwise to use public computers for sensitive data. E-mail, banking sites, and credit card use should be avoided when on these computers. If you have to use them, here are some tips. Ask how the computers are protected. Do they block software installation? Are they wiped on reboot with software like Deep Freeze?
If so, could they restart the computer for you (wiping out most software keyloggers)? Always use a secure connection (https) when possible, and be alert to your surroundings (e.g. watch those around you, know what is connected to the PC). This still is not as safe as a home computer running a live CD, but there is not much more you can do.
What do I do if I find one on a work computer?
It should go without saying that you should contact IT and your manager immediately. Should you remove it? Ask. If the company owns a PC, they can install a keylogger on it. What is deemed notification (if required) can vary by state and country. Typically, a software keylogger would be more conventional, so a hardware one is suspect. Chances are that it was planted, but if that is the case, then it is evidence. Physical and digital forensic information can be gathered. Let someone responsible for and trained for this handle it.
Should one of these devices be found on a server, the problem is much more severe. It highlights a lack of physical security. A strong firewall, good anti-virus software, proper permissions, and complex passwords will not protect you from a trick like this.
The Point: Awareness
The point of this article is to be aware of the existence of these deices. They do exist, but they are not commonly seen. If you do see one on a computer, let someone know. Chances are they are not supposed to be there. While they are legal to own, it is illegal to install them on computers for public use or on systems someone does not own.
(the photos make a big difference
in identifying such a device)
You are welcome and thank you for the compliment. I spent a fair amount of time researching the topic.
Thanks Ryan. Very informative; a bit frightening too.