The indicative case of theft of confidential information by means of the keyboard spy - a keylogger (keylogger) happened quite recently in the USA. It is known that presidential race there grows. And fight between two possible candidates from democratic party - Hillary Clinton and Barack Obama - gained special sharpness.
Not so long ago Hillary Clinton with a crash dismissed the head of the campaign headquarters Patti Doyle. Before within two months Barack Obama looked good too prepared for debate. As though foreknew contents of speeches of Hillary Clinton. It allowed it to carry theses Clinton totally and promoted success on preliminary elections. When a staff Clinton made internal investigation, it became clear that on the computer of one of her assistants - the speech writer Geraldine Ferraro - there was a program - a keylogger. And all texts of pre-election speeches which she prepared, really could be available for rivals. As the fault of a staff of Barack Obama was unprovable and besides incident happened within one party, judicial proceedings weren't - were limited to dismissals. However problems of keylogger, especially for business - communities, it doesn't cancel.
After all business, as a rule, isn't connected with public debate, and therefore can't calculate a keylogger a method of comparison of level of preparation for them. Simply competitors suddenly start doing constantly to suppliers and other contractors of firm the best offers - as though foreknow, what conditions to them will be offered by other participants of the market. Or to interested persons the company accounts department becomes suddenly known primary (not to tell "gray"). Or someone starts blackmailing a top - management by the list of sites of questionable content with the indication of exact time of their visit during the working day.
Thus the IT department makes a helpless gesture: antiviruses are bought, experts are employed, the echeloned system of computer safety is built, computer help
it is made - everything purely. And the security service echoes:all employees having access to confidential information, are checked; their loyalty to firm is confirmed. Meanwhile confidential information continues to flow away.
Channels of leak
Keyloggera are programs (program spies) or devices (hardware spies) which allow to trace, which buttons were pressed on the keyboard, and also which points of the screen were activated using a mouse. Data on pressing of buttons or images of the screen (screenshots) are illegally copied in the file, and then transferred to the malefactor.
Transfer can be carried out both on the Internet, and by means of, for example, passive microphone (a sound from pressing of keys). Or even on the low-power laser beam directed on a windowpane. Today more than 6 thousand kinds of keylogger are. For comparison: There were about 300 types of keylogger 8 years ago.
Program keylogger are most often used, and unauthorized data transmission is carried out on the Internet. The program keylogger after hit on the computer on the Internet or the removable carrier starts reading out data from the keyboard handler. In case of use of the Windows operating system it is standard BIOS-the handler. At the first connection to the Internet the program - the spy sends data to a web - a resource of the malefactor. Unfortunately, it is the most difficult detectable way of information leakage as the file of the stolen data in kilobytes "weighs" very little (strong algorithms of compression are used), and it can be transferred to an e-mail address (IP-the address) the computer which is, for example, in an Internet cafe. The malefactor will simply "incidentally" come there and will download information. Legally it will be very difficult to prove theft of data in this case.
The hardware spy represents the independent tiny device of autonomous work which is implanted directly in the keyboard or simply fastens to its surface. It reads out скен - a key code (an electronic impulse), passing program handlers. It raises level of its reliability as in the serious organizations for a set of confidential texts keyboard shifrator are often used. The program keylogger too can transfer the ciphered data, however the qualified cryptanalyst can be necessary for their interpretation. The hardware spy is relieved of these problems - he tells that was pressed, instead of that was highlighted thus on the screen.
One more type of keylogger are sound spies. They are similar to equipment rooms and possess practically the same merits and demerits. The sound keylogger is established in a radius up to 4 m from the keyboard. Tracking is carried out due to reception and processing of a sound of pressing of keys. The device is able to distinguish a sound of each separate key. Despite advantage of the contactless tracking, an essential minus of such device is the high probability of an error, as a result of casual sliding of fingers from keys and extraneous noises. Data are transferred by means of a passive microphone - as in the ordinary tap. However narrow specialization allows to use a microphone of midget power and it is essential to reduce its sizes. The case when the sound keylogger was executed in a look … an office paper clip is known.
Protection by attack
Though hardware keylogger happen quite exotic, malefactors achieved the greatest progress by means of program spies. To that there are some reasons - from imperfection of anti-virus protection to human psychology. It is impossible to tell that existing antiviruses can't find keyboard spies. Can, but, unfortunately, they don't identify them as viruses.
First of all the program keylogger should get to the computer. Unlike a virus this program very small. Therefore one of widespread methods of penetration is "to saddle a known virus". In this case the virus - the carrier of the spy will be destroyed by protection on what with pride it will be reported on the user. Keylogger will be most often taken by an antivirus for a harmless fragment of a program code. Such fragments after destruction of viruses in system remains very much. Keylogger doesn't try to copy himself (to breed) and intercept management of an operating system as it is done by viruses. It in general is inactive for the time being and doesn't do any visible harm. And the antivirus doesn't notice it.
Only when typing the keylogger starts working at the keyboard. Thus it does the same, as any office program of a text editor, for example WORDa, - scans codes of keys and forms of them the file. To adjust an antivirus so that it traced these actions, quite probably. One hitch: protection will warn the user about each such action, including carried out by harmless text editors.As a result at a set, for example, each letter in WORDe the user will receive the prevention from an antivirus: "potentially dangerous action". Besides, for each letter it will be necessary to give to an antivirus confirmation: "to resolve". It is clear that it much will increase time of a set of any text, and the user, most likely, will quickly go crazy.
For this reason for potentially dangerous ON at antiviruses the majority of users ruthlessly disconnects function of tracking. Even in standard settings of anti-virus systems it isn't present - it is necessary to look for and connect specially. The systems, able to distinguish work of a keylogger from actions of WORDa, a notebook or a media player, in the nature don't exist. And hardly they will appear, as the principle of work of the spy the same, as at useful programs. The author felt results on himself when held testing of a keylogger on the computer with the included antivirus (Kaspersky 6.0) and a firewall (Comodo Personal Firewall) with standard settings. The protection which is considered as quite powerful for the ordinary user, - the spy didn't react to program start in any way.
Nakhodka for the spy
It would seem, the spy can be caught in date of transmission of the stolen data on the remote computer. However in practice it is difficult to achieve. Everything put in the built-in mechanism of accession of files which is available in each program of e-mail. The user doesn't see that the keylogger attached the file with data to the usual letter. And pressing of the send team authorizes a release of the letter in the Network. The same fact that the letter left to one address, and the file with data - on another, protection doesn't excite: the user allowed sending.
To be fair we will notice that to trace the spy everything - it is possible if protection strictly watches a traffic, doesn't allow to split the message on part and to transfer them to different addresses, and also forbids to send the hidden files. However such settings for certain will cause objections of any user, especially high-ranking. After all it is equivalent to perlustration of electronic letters, and while nobody cancelled secret of correspondence. Nevertheless really it is possible to find the spy only at the time of sending data by him.
One more danger of keylogger - in their low cost. It is very simple, even the primitive program which can be successfully written by the advanced student - the programmer. Therefore to get the keylogger is possible.Having spent a little time for search, the program - the spy it is possible to download with ease on the Internet. On inquiry in a search engine - "how to write a keylogger" - over 15 links were issued. From them 4 the first were working (didn't check further). Completely ignoring the current legislation, the Internet - figures suggested to buy and even to download free of charge full program code of various keylogger with detailed instructions on their independent creation. In case of the individual order on a keylogger it was recommended to address to hackers (references were had). The last after short negotiations agreed to develop a keylogger for theft of texts from the computer the chief - the EV editor only for $400.
Attempt to buy in Moscow a hardware keylogger also, unfortunately, was crowned with success. Concrete addresses where at the prices from 4 to 25 thousand rubles it was possible to get anything were offered. It would be desirable to remind only that use of hardware, sound and program keylogger is qualified by the Criminal code of the Russian Federation as "attempt at a personal or trade secret". And term for it is provided considerable - till 6 years of imprisonment.