Sunday, December 16, 2007

Keystroke logging

Did you know that someone might be tracking down whatever you are typing in your keyboard? If the answer to the above question is “NO”, then you should learn that your account is more prone to being hacked by someone. There have been many cases of people logging onto a public computer and losing their accounts to someone else. There have also been cases where people lose their credit card number to someone else without even realizing it. They only realize it when they get billed with huge amount.

Keystroke Logging, also known as Keylogging, has been becoming prominent these days. Keylogger, a tool used for keylogging, is used to track down whatever a person is typing in the computer. For every keystroke in the keyboard, the keylogger secretly tracks it and stores it. More shockingly, the information is not stored in ASCII or some coded form. It is stored in readable form and is in the same sequence as it was when it was typed.

There are three ways of Keystroke logging. One simple way is to install the Keylogger software which magically does the trick and stores the tracked information in some place inside your computer. The second way is to connect an external cable or hardware to the keyboard such that whatever the user types in the keyboard, it gets tracked. Punch card is a very good example.

When someone gives a credit card for billing, it is possible to duplicate the card with someone else’s photo in it. This can be done by connecting the card reader to some external device. If the credit card user is careless, he might end up losing the credit card details. There have been cases of keystroke hacking even in ATMs, where some external device might have been connected to the keypad. The third way is to install micro hardware inside a keyboard. This method is the most difficult, but the more difficult is, the more difficult it is to detect it.

How can you know whether keylogger has been installed in a system or not? If you think it is easy, it is not! Keylogger generally runs in the background without the user’s knowledge and hence you wouldn’t know whether it is actually installed in the system. Shockingly, it doesn’t even appear in the task manager. Then how can the hacker open the tracked details and access it? The keylogger can be opened with only a specific sequence of characters, decided by the hacker. It can be Ctrl + Alt + K or Alt + Shift + F or anything. No one would know.

Yes it is really difficult to find out whether the keylogger has been installed in a system or not. But the user can make sure that his password doesn’t get hacked while logging on in a public computer. One of a researcher of Microsoft has come up with an algorithm to avoid getting hacked by keystroke logging. The algorithm is as follows.


For every character the password begin


Type a part of the username in the username field

Type the next character in the password

Focus somewhere except the input fields and type some random characters

Type the next character in the password field


If the password is “hello”, and if you had used the above algorithm while typing the password, the keylogger might store the resultant password as this.

“asasdfhask2dsfeoasfoiylwojojaslsdfnsdfokljklnaskl”. If that is the case, there is a least chance of your password getting hacked. “Prevention is better than cure” is applicable in this case as keystroke hacking is one of the simplest way of hacking people’s account without the user knowing it.

No comments:


The Web Blog