RSS
Keystroke Logger Caught
from the getting-all-the-scammers dept
Lots of stories popping up this week of people who are getting caught in their various scams. We had the guy who tried to extort Google and the guy who ran a phishing scam. Now, the latest, is that federal prosecutors have charged a California man with placing a keystroke logger on a computer at an insurance company that employed him. He's been charged with illegal wiretapping and faces five years in prison. The interesting thing, though, is the only way they caught him was because he was fired from the company and asked another employee to remove the keystroke logger. In other words, it wasn't any real detective work, but him telling someone. This means, if he hadn't mentioned it, it's likely this would have continued and no one would have noticed. It seems likely that things like keystroke loggers are becoming increasingly popular for those involved with corporate espionage - but it doesn't seem like most companies do much to check if their computers are clean from such programs.
6 Comments | Leave a Comment..
- Brazen Scams By Engineers Uncovered
- DailyDirt: Making Foods Yucky...
- No Surprise: Scammers Focus On Tricking The French With False Three Strikes Infringement Notices
- Wall Street Journal Europe Doles Out Cash And Favors To Inflate Circulation Numbers
- Paul Ceglia To Facebook: I Didn't Forge A Contract, You Did!
Reader Comments (rss)
(Flattened / Threaded)
Hardware device?
If it was a physical "keycatcher" device, then physical access would normally be necessary to view the logs.
I say "normally" because the fifty buck consumer versions simply dump the log out to the PC when the user-selectable password is typed -- there are rumors of higher end products (some embedded in keyboards) with IR/RF/PCS transmission capability...
N
(P.S. I have no affiliation or affiliate kickback relationship with CyberGuys.)
[ reply to this | link to this | view in thread ]
Re: Hardware device?
Would make more sense if it were hardware - surely even the sloppiest insurance companies would prevent their employees from installing unauthorised software?
...or maybe not :p
[ reply to this | link to this | view in thread ]
Re: Hardware device?
Especially the bit about the charge being an electronic bugging device.
[ reply to this | link to this | view in thread ]
Keystroke Loggers
One way to catch such antics in an always networked environment would be to monitor outgoing internet traffic on weekends when no one is in the office to build a list of external sites that are connected to from internal computers to external addresses. As for the hardware loggers there really isnt much of anything that can be done, aside from maintaining a trusted computer behind a locked door that is used for extremely confidential stuff.
The problem with that approach is that you are increasing the effort required to use a resource, thereby reducing it's utility. If you dont strike the right balance users will simply abandon/ignore secure operating practices.
[ reply to this | link to this | view in thread ]
Which law?
[ reply to this | link to this | view in thread ]
Re: Which law?
[ reply to this | link to this | view in thread ]
Add Your Comment