Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........
Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........A KEYLOGGER!
I know what you're thinking, why didn't a simple virus or spyware scan detect the keylogger? Before answering that question, it helps to understand why some keyloggers are so difficult to detect. Some software based keyloggers are easy to discover. Someone with some Win32 skill could easily tap into several functions exposed in various Windows API's to record keystoke events. Problem here is that you typically need to poll each key at a relatively fast frequency for this technique to work. Multiply an aggresive polling interval by all of the keys on a typical 101 button keyboard, and you're going to see a noticable CPU hit, which is probably enough to tip off the victim pretty quickly.
Other spyware based keyloggers do the job a tad more intelligently by hooking into the OS and subscribing to keyboard events more passively, but other keyloggers, such as the infamous WebWatcher keylogger, run at the kernel level. WebWatcher is particularly nefarious because its hides its payload so well. No detectable registry keys, running processes or services. Some spyware tools pick up on WebWatcher, but they might call it something else and definitely won't be able to remove it (if you know of one that does please let me know which one).
In the case of my friend, the keylogger wasn't software based at all, it was actually an inline hardware keylogger dongol, and I found it accident while popping a thumb drive into the back of his PC. There's no defense to my knowledge from a hardware keylogger, a favorite tool among law enforcement and a great tool for forensics. You can buy them anywhere online, just google "hardware keylogger". The indexing and searching capabilities built into some of these buggers are impressive to say the least, and with storage support ranging from several MB to several GB's, theses devices can compile a ton of data that can be discovered and used against you pretty quickly.
The moral of the story....if your enemy plants one of these suckers on you, you're toast. Say sayanora (goodbye), arrivaderci (goodbye), adios (you know).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.