Keylogging : The New Online Threat

Keylogging is a newly-developed method of stealing sensitive information on the internet. In this variation of phishing, hackers illegally obtain information by recording a person's keystrokes the moment they occur. Capturing keystrokes can be done in the following ways : by secretly installing malicious software (malware) into a PC without the user's knowledge or by directing a person to a fraudulent website that resembles a legitimate website, such as that of the user's bank, from which the hackers request sensitive data.

Data is compromised as soon as the user enters it into the keyboard. With stolen information, hackers overtake existing accounts and deplete them of funds or create new accounts for financial gain. Devastating results such as financial and irreversible credit damage can ensue, not to mention the process of trying to rectify losses incurred.

Threat to Privacy

Increasing dependence on the internet to conduct business and financial transactions comes with greater risk of data theft. Hackers are continuously becoming more sophisticated in their information pilfering schemes. IDs, passwords, social security numbers, and bank account numbers are all vulnerable. The advantages of protection are two-fold : to prevent fraud and add credibility to a business, thereby giving it a competitive edge.

Protective Measures

Protective measures include anti-virus and anti-spyware solutions, firewalls, SSL-equipped websites, and anti-keylogging software.

Anti-virus and anti-spyware solutions can be effective against online fraud because they identify existing threats and match those patterns to eliminate them. However, this method is not effective against attacks that have not yet been identified. Moreover, as soon as hackers detect countermeasures against their spyware or viruses, they easily modify and render them effective again.

Personal firewalls are another way to prevent hackers from accessing sensitive information. Firewalls filter and block data flow according to the user's preferences. However, these firewalls are often difficult to use because they require multiple configurations. As a result, there is a high probability of oversights even for the most experienced PC users.

2,683 - Number of unique Web sites that hosted key-logging software in April of 2005. (Source: Anti-Phishing Working Group) 17,490 - Number of unique phishing attempts in April of 2005. (Source: Anti-Phishing Working Group) 255,000 - Complaints of ID theft filed in the United States in 2005. (Source: Federal Trade Commission) 1 - U.S. rank among countries that host phishing sites. (Source: RSA Security)

SSL-equipped websites are common among banks and online marketplaces. SSL protects the user during data transmission from the time the user submits information to the time it reaches the intended destination. However, users are still left vulnerable from the moment they type information into their keyboard and submit it. Theft occurs during that time by capturing keystrokes. SSL websites are no guarantee against theft.

"One bank wrote me that more than 100 customers had been infected by the SSL Trojan. I wonder how many customers are infected, don't know it, and haven't contacted the bank" - InfoWorld Test Center Contributing Editor Roger A. Grimes

Information theft was widely-believed to be the result of flawed authentication procedures. As a result, online businesses and banks enacted multifactor authentication but found that even complex authentication processes did not prevent attacks : SSL Trojans can bypass authentication procedures by accessing data before authentication data is submitted. Keylogging preempts authentication. Keystrokes are the point of vulnerability.

Defense Against Key Logging

The aforementioned security measures decrease the risk of theft but they cannot guarantee protection. To ensure that hackers do not catch a single keystroke, an anti-keylogging solution is necessary to secure information transmission. Our dedicated product provides the utmost in anti-keylogging security.