Key Loggers
Key loggers enable one to capture every keystroke entered on a computer and then to replay them later. There are a number of reasons, both legitimate and illegitimate, to do this. One would be to act as an emergency backup, allowing the recreation of everything that had been done, keystroke by keystroke. Another, used by employers checking on their employees as well as by those engaged in industrial (and other) espionage, would be to intercept what others have typed, keystroke by keystroke.
There are four capture formats:
a) a module containing a flash memory (to store the information for later extraction and playback) connected to the wire between the keyboard and the computer
b) a module containing a transmitter (to send the intercepted information to a receiver elsewhere) connected to the wire between the keyboard and the computer
c) a board containing a transmitter inserted within keyboard itself
d) software that stores the keystrokes on the computer’s hard drive, so that the information can be recovered later. We are given to understand that some computer companies are now supplying this software as standard, so that parents can track what their children are doing online.
In formats a and b, installation is simple: Unplug the existing keyboard cable from the computer; then plug the module into the computer and plug the keyboard into the module. One advertisement says of its product: “The KeyKatch is a tiny inexpensive supervision module that clips onto your keyboard cable. It logs all keystrokes typed on the computer. It doesn’t require an external power source and it installs in less than 10 seconds. http://www.codexdatasystems.com/keykatch.html. Dealer inquiries invited.”
Format c is more difficult as it requires opening the keyboard to install the board. (Note that it is useful to know in advance what keyboard is being used so that opening and closing it is not too frustrating in situ.)
Format d is just a matter of installing the software.
All four formats require access to the keyboard and computer — but not for too long.
In flash memory, the memory chip can be extracted and placed in a reader (or the whole module can be removed). In formats b and c, transmission occurs as each stroke is made; at a remote radio receiver the character can be displayed in real time and simultaneously recorded.
Variations to the system are available and start around $2,500 for the basic 10-milliWatt transmitter module and receiver. The price rises along with the module’s capabilities. For example, one version has a test beacon to confirm that the unit is functioning, as the system only works when the target computer/keyboard is switched on.
Performance on most keyboards is accurate and reliable.
We purchased two devices for testing. The average installation time was 25 seconds for the in-line model. We were able to capture everything a that was typed. They do have some limitations, however. For example, moving to a bookmarked Web page will not be captured because it does not require a keyboard entry. We took the device off the computer, then reinstalled it on another machine and recovered all the data. Laptops don’t have cables connecting the keyboard to the computer, so some devices can’t be used on them. As part of security checks, we are now checking all keyboards. The device looks like an adapter of some sort, and the average person would believe it was supposed to be there.
The key loggers we have seen have 128K of flash memory, require no power supply, and need no software. About 500,000 keystrokes can be stored (to make this a trifle more meaningful, typing in this e-Journal would require fewer than 35,000 keystrokes), and they can record keystrokes even if the computer is started from a floppy disk, unlike software that is required for the versions that are on computer hard drives.
How do you tell if a key logger has been installed? By physical inspection of the device, and by examination of the system for large files or programs that are automatically started and are creating an increasingly large file (the filling of which sometimes makes the system run slower). If you don’t know anything about computers, you will need a more technically skilled person to do this for you.
