1. By: Maxwell Varner

2.  Description/Background  Uses for Keyloggers  Types of Keyloggers  Prevention Methods  Causes for Concern  Wrap-up  Questions/Discussion

3.  Logs key strokes on most any keyboard  Wide verity of uses  Acceptable  Malicious  Different Types  Hardware based  Software based  No known date of creation  First appeared in the late 80s early 90s  Perry Kivolowitz

4.  Acceptable uses:  Parent monitoring child’s computer usage  Boss monitoring employee’s computer usage  Government retrieving information pertinent to a crime  Malicious uses:  Cracking passwords  Gaining unauthorized information  Stealing credit card numbers  Reading sent emails or messages not intended for public viewing  Retrieving secret names  Stealing account numbers

5.  Software Based  hypervisor-based  API-based  Form grabbing based  Memory injected based  Kernel-based  Hardware Based  Acoustic  Circuit  In-line  Wireless  BIOS

6.  Hypervisor-based loggers  Embedded into malware  Runs behind Operating System  Blue Pill  API-based loggers  Simple programs  Hook to keyboard’s API  Notified each time a key is pressed  Easily detected when large amounts of keystrokes are pulled

7.  Form Grabbing Logger  Confined to web browser forms  Captured when the user clicks “submit”  Done on Host Side Bypasses any security set up by HTTPS websites  Memory Injection  Inject directly into memory  Alter memory tables to capture keystrokes  Used commonly when bypassing Windows UAC (user access control)

8.  Kernel-based Loggers  Most difficult to program and implement  Allows for greatest discrepancy  Logger acts like keyboard driver  Typically implemented using rootkits

9.  Types:  Acoustic  Circuit  In-line  Wireless  BIOS  Virtually Undetectable  Begin recording at system startup  Captures keystrokes related to BIOS and system encryption

10.  Consist of two parts  Microcontroller Processes the data stream between computer and keyboard  Non-volatile memory Stores the information collected even after power to the computer is lost Can range from a few kilobytes (KB) to several gigabytes (GB) in size  Each keystroke typically takes up one byte of space

11.  Designed to blend in with computer system cabling  Typically resemble a PS/2 connection or a USB inline connection  Circuit attachments can be soldered into keyboards  Move covert  No visual changes to most users  BIOS reprogramming  No extra hardware needed  Store logs on computer’s harddrive

12.  Acoustic loggers  Key presses make unique sound signature  Frequency analyzer Creates keystroke signatures  Timing and User language combine to make map to letters  Need a fairly long string to ensure proper mapping About 1000 characters

13.  Wireless loggers  Most keyboards are wireless today  Collect data that is transmitted between keyboard and receiver  Attempts to crack encryption  Can retrieve captured information wirelessly Lower risk of getting caught during device retrieval

14.  Takes little computer knowledge to install and use most keyloggers  Makes sensitive data vulnerable  Allows for unauthorized access to compute system

15.  Run malware scans regularly  Some software loggers contain a malware signature  Typing in different windows  Half of password in field, random characters in notepad, finish password in field.  Appears to be garbage in log  Using a non-default keyboard layout  Prevent unauthorized access to computer system.

16.  Background  Uses for keyloggers  Types of keyloggers  Causes for Concern  Prevention Methods