Keyloggers record computer keystrokes either through software or hardware. Hardware keyloggers are installed on a computer as an attachment between the computer and the keyboard or they are built into the keyboard itself. When a keylogger is built into a keyboard it is virtually undetectable. Some available hardware keyloggers are KeyGhost, KeySpyer and KeyKatcher, which all work basically the same way.
Keyloggers attached to the keyboard are more easily spotted but when was the last time you did a visual inspection of the back of your computer? Older keyloggers connect to the standard keyboard serial port while newer ones are also available in USB configuation and may be used on Macs as well as PCs. Because the keyboard is built into laptop computers, hardware keyloggers don’t work with laptops.
Click To Play
This is a video I made a couple years ago about the Keyghost hardware keylogger. Several people have emailed me asking my opinion about using a keylogger to catch a cyber cheat. The Keyghost is a hardware keylogger; it attaches to the computer.
Software keyloggers can be installed via floppy disk, an email attachment, or from a CD or DVD. While the software “should” be invisible, power computer users may be able to find evidence of the program having been installed to their computer, which would then enable them to delete or disable the program.
Software keyloggers are often the programs hidden in “tojan” email viruses or worms and can be extremely difficult or impossible to detect and/or remove.
Keyloggers record every keystroke on the monitored (or infected) computer from the time it is turned on until it is turned off. Those keystrokes include passwords, banking and credit card information, and any other information you may have input while using the computer whether you have typed it into an accounting program such as QuickBooks or gone online to make a credit card purchase or banking transaction.
What happens to the information gathered by the keylogger?
Hardware Keylogger: The keylogger itself is a flash drive to which all the keystrokes are saved. Information is retrieved by moving the keylogger to another computer (or leaving it on the monitored computer), opening up a standard text program, and entering a password. The keylogger will empty the keystrokes into the text program which can then be saved, downloaded to disk, or emailed elsewhere.
Software Keylogger: Depending upon the set-up chosen, the keylogger can forward keystroke files to another computer or store them in a password protected area of the monitored computer for later retrieval.
Keyloggers distributed as email attachments: Keyloggers have been sent out as attachments to spam emails for years, many with enticing file names such as ParisHiltonVideo.mpeg.exe. Clicking the attachment to view this spicy video activates the installer (.exe) and the computer is infected with any number of nasty programs. Computer users who naive enough to click on such files are probably far too naive to know their computer security has been compromised.
It’s not just strangers who might send a keylogger via email but also suspicious spouses or other people you may know who want access to your computer.
Keylogger hardware and software have a multitude of uses:
Parents monitoring their children’s online activities.
People concerned that another person (or persons) may be using their computer without permission or for illegal activities.
Spouses looking for cyber cheat evidence or porn addiction.
Companies monitoring the online (and offline) activities of their employees such as visits to porn sites, gambling, or spending company time in chat rooms.
Schools, universities, libraries, associations, and institutions concerned about inappropriate and misuse of computers by users.
Anyone who has access to someone else’s computer who wants to have access to information on the computer. For example, someone who routinely visits one or more Internet Cafes could install keyloggers on one or more computers and gain access to other users’ email passwords, banking and credit card information, or other confidential information.
Employees seeking access to confidential company information.
Government agencies monitoring for leaks in national security.
Hackers gaining access to confidential information in unprotected computers via email “trojans.” Of all the ways that keyloggers are introduced to computers, this is the number one distribution method.
I would be concerned about privacy issues if I was thinking about installing a keylogger on or in another computer. If I could justify the use of a keylogger (to myself), I wouldn’t install one on a computer of someone who was more computer savvy than I am. And, before I installed any type of keylogger, I certainly would want to make sure I wasn’t doing anything illegal.