On CBS MoneyWatch: 11 Buzzwords That Should Be Banned
BNET Business Network:
BNET
TechRepublic
ZDNet

April 21st, 2006

Super-Glue: Best practice for countering key stroke loggers

Posted by Richard Stiennon @ 11:28 am

Categories: Spyware, Storage Security

Tags:

keystrokelogger.jpgThis wonderful little gadget is for sale over at Thinkgeek. It is colored an innocuous IBM grey so no one will notice when you attach it to their keyboard. It fits between the back of the PC and the keyboard cable. It needs no power and it can record 130,000 keystrokes. It works like a software keystroke logger. Once it is installed it just captures anything that is typed: usernames, passwords, URLs, email, banking info, everything.  To access the data the owner of the device just types the password into any word processor and then you start to communicate with the device. It is very slick. Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.

Of course this is exactly how the greatest attempted bank heist in history was pulled off. The bank robbers installed these devices on machines inside the bank and eventually got access to Sumitomo Bank’s  wire transfer capability. They then proceeded to transfer more that $440 million to various accounts in other countries.  Read all the gory details in this article I just published.

 

The one thing I do not mention in the article is that it is reported that Sumitomo Bank’s best practice for avoiding a repeat attack is that they now super-glue the keyboard connections into the backs of their PCs.  

Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 16 Talkback(s)
Will somebody do wireless please?
I would like to know where I can buy the device that logs all keystrokes from a wireless keyboard.

And shouldn't it also have the deluxe version to grab the RF from a wired keyboard?

How far from the keyboard do you think I can place something like that?... (Read the rest)
Posted by: Tahuyahick Posted on: 05/04/06 You are currently: a Guest | | Terms of Use
Banning passwords would be better  georgeou | 04/21/06
Stop using passwords  rd@... | 04/22/06
There is no solution  too_much green_tea | 04/22/06
You can effectivley keylog a smartcard  quantumstate | 05/04/06
Thanks for sharing that tidbit with us!  Mr. Roboto | 04/21/06
Not a good practice  indrax | 04/21/06
No way to detect or remove?  anythingbutmine0 | 04/22/06
You're kidding, Right?  aureolin@... | 04/23/06
That's not what I said  anythingbutmine0 | 04/26/06
yeah..right  tech_ed@... | 05/04/06
Here's an idea...  Carrion | 05/04/06
Use USB Keyboard?  michael_orton@... | 05/04/06
No way to detect or remove? BUSHWAH!  Dr_Zinj | 05/04/06
super glue --not  1pie1 | 05/04/06
better trick  jeasterlingtech@... | 05/04/06
Will somebody do wireless please?  Tahuyahick | 05/04/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    Favorite Links

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    Click Here