Keyboard logging is the name of the technique used to record all keys pressed by the user of a computer so we can know what he has been doing and all the text he has entered. Of course, if he has used that computer to log into his email account he will have entered the password so it will be recorded with the rest of the data.
There are two different types of keyloggers, software-based and hardware-based ones. The hardware based ones have to be connected between the keyboard and the computer, so you need to have physical access to it to install and to recover the data. On the other hand, these can not be detected with software so they can be hidden quite easily if the keyboard connector is not at plain sight.
Hardware keyboard loggers are not always a malign tool, they can also be used to keep a backup of text written in your computer. For example, Keyghost sells loggers with up to 1 megabyte of memory, where you can save lots of keypresses. If you are a writer or are writing something really important for you, as your thesis, it might be handy to have one of this in case something happens to your harddisk. Any way, this should be no substitute of correct and timely backups, but can be of great help.
The software based ones are simple programs which remain resident in the memory of the computer, monitoring all pressed keys and recording them to a file which can be later retrieved by the attacker. The most sophisticated ones are really stealthy and can even send the collected data by email, so the process is automated.
To protect against keyloggers the most important measure we can take is not to use critical passwords in computers not owned by us. So, don’t login into your bank or your email account in an Internet cafĂ©, at university or from work, only do so from your home machine. If you must do it, then you better check the connection from the keyboard to the computer to see if there’s some strange gadget attached to it.
To protect against software keyloggers, we can use classical antivirus or antispyware but some keyloggers (mainly custom made ones) are not detected by these utilities, so we can use KL-Detector, a software that checks if any program is recording the keys to a file.
3 Responses to “How to get a Hotmail password (IV): Keyboard logging”