A hardware device or small program monitoring each keystroke a user types on a computer’s keyboard. It is sometimes called a system monitor.
As a hardware device, a keystroke logger is a small plug serving as a connector between the user’s keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user’s behavior—a hacker or a cracker—to physically hide such a device. (It helps that most workstation keyboards plug into the back of the computer.) As the user types, the hardware device collects each keystroke and saves it as text in its own miniature storage device. Later, the person who installed the keystroke logger can return and remove the device to access the gathered information.
A keystroke logger program does not require physical access to the user’s computer. It can be downloaded by someone who wants to monitor activity on a particular computer, or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT) Trojan.
According to reports, a crack attack on Sumitomo Mitsui Bank in March 2005, involved the use of inexpensive keyboard logging devices. Apparently, cleaning staff or individuals posing as cleaning staff attached the devices to computers. When the exploit was discovered, bank investigators found some of the devices still attached to some of the PCs. To prevent such crack attacks, many banks are now believed to permanently connect keyboards into their computers or to ban wireless keyboards. The Sumitomo Bank—post exploit—is said to now use sophisticated software to monitor the electrical current in computer systems to determine whether the computers have been compromised.
A keystroke logger program for a Microsoft Windows Operating System typically consists of two files installed in the same directory: a dynamic link library (DLL) file, which does all the recording, and an executable file (.EXE), which installs the DLL file, triggering it to work. The keystroke logger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the logger program.
Although keystroke logger programs are promoted for benign purposes, such as to let parents keep track of their kids’ travels on the Internet, most privacy advocates argue that the potential for abuse is so large that laws should be passed to make the unauthorized use of keystroke loggers a criminal offense. Businesses, too, are becoming concerned about the legal ramifications of using keystroke loggers to track employees’ computer behaviors during workdays.
TechTarget. Keystroke Logger. [Online, July 19, 2004.] TechTarget Web Site. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci962518,00.html; Warren, P. Bank Attack Used Key-Loggers Costing Just 20 Sterling. [Online, April 21, 2005.] vnu.net europe Website: http://www.vnunet.com/news/1162595.