MODULE 8:- System Hacking
Keystroke logging with keystroke recorder software
Keystroke logging is a process to record keys pressed by Keyboard, and you can do this by hardware and software. keystroke recorder software records keyboards activity and store into a log file.
In Company, managers use this software to track employees’ activity similar Parents use this software to secure their children from internet spam.
In other hand, hackers used remote keystroke rocorder software used to capture usernames and password, Credit card information.
What is a Key logger?
A keylogger is a hardware device or a software program that records the real-time activity of a computer user including the keyboard keys they press.
Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks.
Keyloggers ( keystroke recorder) can also be used by a family (or business) to monitor the network usage of people without their direct knowledge.
Finally, malicious individuals may use keyloggers on public computers to steal usernames and passwords or credit card information.
Most keyloggers (Keystroke recorder) allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer.
Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Webserver.
Keyloggers are sometimes part of malware packages downloaded onto computers without the owners’ knowledge.
Types of Keylogger:
There are two types of keyloggers are here hardware device keylogger or Software keylogger.
1. Software Keylogger (Keystroke recorder):
These are computer programs designed to work on the target computer’s software. Working as keylogger from a technical perspective there are several categories:
- Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes a virtual-machine.
- Kernel-based: A program on the machine obtains root access to hide in the OS and starts intercepting keystrokes that pass through the kernel. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications who don’t have root access. They are frequently implemented as rootkits.
- API-based: These keyloggers hook keyboard APIs inside a running application. The keylogger registers for keystroke events as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key. The keylogger simply records it.
- Form grabbing based: Form grabbing -based keyloggers log web form submissions by recording the web browsing on submit events. These happen when the user finishes filling in a form and submits it usually by clicking a button or hitting enter. These records form data before it is passed over the Internet.
- Packet Analyzer: This involves capturing network traffic associated with HTTP Post events to retrieve unencrypted passwords. This is made more difficult when connecting via HTTPS.
- Remote access software keyloggers
These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:
- Data is uploaded to a website, database or an FTP
- Data is periodically emailed to a pre-defined email address.
- Data is wirelessly transmitted by means of an attached hardware system.
- The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.
2. Hardware Keylogger:
- Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
- Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard’s cable connector. There are also USB connectors based Hardware keyloggers as well as ones for Laptop.
- Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver.
- Keyboard overlays: Criminals have been known to use keyboard overlays ATMs to capture people’s PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal’s keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.
- Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via a static method such as frequency analysis.
- Optical surveillance: A strategically placed camera, such as a hidden surveillance camera at an ATM can allow a criminal to watch a PIN or password being entered.
- Smartphone sensors: Researchers have demonstrated that it is possible to capture the keystrokes of nearby computer keyboards using only the commodity accelerometer found in smartphones. The attack is made possible by placing a smartphone nearby a keyboard on the same desk. The smartphone’s accelerometer can then detect the vibrations created by typing on the keyboard and then translate this raw accelerometer signal into readable sentences with as much as 80 percent accuracy.