First things first! Always try to avoid accessing your online accounts from public computers (cyber cafes…etc). With all the keyloggers that may be stuffed in public computers, they pose a serious security risk to users. Keyloggers mean not just trojans, but commercial keyloggers as well.
What are keyloggers ?Key Loggers are software or hardware tools to that captures the user’s keystrokes from keyboard. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. However, keyloggers are widely available on the Internet and can be used by private parties to
spy on the computer usage of others hence stealing users private data.
Aim of this post on keyloggersOur aim here is to confuse the keylogger by making it log some gibberish instead of our valid password. Off course, this is not completely foolproof though. Nothing is foolproof on the net. We only have to make it harder for the
hacker.
(Note: These are tips I personally follow. If you have better ones, let everyone know by commenting here.)
Types of Key LoggersWe’ll be dealing with two types of keyloggers; software and hardware keyloggers.
Software keyloggers on the other hand are much more complex and hence difficult to deal with. Most of them record keystrokes, mouse events, clipboard activity..etc. So our best bet is to scramble the keystokes smartly.
Hardware keyloggers are much easier to detect. They are mostly attached between the keyboard and the CPU. A manual inspection should be enough in most cases.
How to confuse and avoid the software keyloggers ?Let’s say we have to enter a password ‘jazz’.
Click the password box, type any random key. Select the entered random key with the mouse and type j. So we entered the first letter of the password.
Click the password box, type a random key. Again click and type a random key. Select the last two letters with your mouse and type the next valid key of your password.
In this case we managed to enter 2 unwanted characters as against one in the first step.
Continue in a similar way to finish typing the
password. You can choose any number of random characters between your password.
So the keylogger will log something like:[click]b[click]j[click]g[click]m[click]a[click]v[click] z[click]t[click]c[click]z
Note how we used unwanted mouse clicks so that a mouse click is recorded before the random letters also. You can also experiment entering the password in the reverse order, infarct any order.
This method can be used for entering the username too, since most banks have account numbers as username. If you are suffering from some keylogger phobia, use this technique while typing the url too.
Another way is utilizing the browser’s search bar or address bar to camouflage the password.For eg. Click the password box and type a letter of the password. Now click the browser’s address bar or search bar and type some unwanted letters. Alternate between the password box and address/search bar till you finish. The result will be the same as the former method.
How to find the hardware keyloggers ?Hardware key loggers are easy to find. They are devices which is attached in between keyboard and cpu junction. If you are really suspicious about them just check the back side of cpu and find if something is fishy. The images will give you a better idea.
Feeling secure? Well, this sort of stuff may not work against the really smart keyloggers. Yeah, the one’s that also take a screenshot when a keystroke or mouse event is detected.There’s is a solution for that too, but it is cumbersome. Take a Live CD of any of the
Linux distributions. Insert and use ( and hope Linux will detect the hardware so you can start surfing; I have read Ubuntu Linux is good.). Even if you can successfully access from the Live CD, don’t forget to use the above tips to workaround the hardware keylogger.
Again as I mentioned in the beginning, always try to avoid dealing with confidential data from Public Computers. What are the precautions you take? Do you know a better technique? Feel free to comment….