Free Essay

Hack

In:

Submitted By munib1
Words 1408
Pages 6
EXECUTIVE SUMMARY
The term ‘keylogger’ itself is neutral, and the word describes the program’s function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes. There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.
Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including: Parental control, Company security, law enforcement,Jealous spouses or partners can use a keylogger and many more reasons.
But today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.Furthermore, many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan programs. Although keylogger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse is so great that legislation should be enacted to clearly make the unauthorized use of keyloggers a criminal offense.
ADDITIONAL INFORMATION
Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.
Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user’s account or access the user’s online gaming account. Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual’s loss of a few dollars. Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).
Keyloggers, phishing and social engineering are currently the main methods being used in cyber fraud. Users who are aware of security issues can easily protect themselves against phishing by ignoring phishing emails and by not entering any personal information on suspicious websites. It is more difficult, however, for users to combat keyloggers; the only possible method is to use an appropriate security solution, as it's usually impossible for a user to tell that a keylogger has been installed on his/ her machine.
In recent years, we have seen a considerable increase in the number of different kinds of malicious programs which have keylogging functionality. No Internet user is immune to cyber criminals, no matter where in the world s/he is located and no matter what organization s/he works for.
EXPERIENCES,FACTS & OBSERVATIONS
One of VeriSign's recent reports notes that in recent years, the company has seen a rapid growth in the number of malicious programs that have keylogging functionality. Source: iDefense, a VeriSign Company
According to research conducted by John Bambenek, an analyst at the SANS Institute, approximately 10 million computers in the US alone are currently infected with a malicious program which has a keylogging function. Using these figures, together with the total number of American users of e-payment systems, possible losses are estimated to be $24.3 million.
In February 2006, the Brazilian police arrested 55 people involved in spreading malicious programs which were used to steal user information and passwords to banking systems. The keyloggers were activated when the users visited their banks’ websites, and secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The total amount of money stolen from 200 client accounts at six of the country’s banks totaled $4.7million.
In early 2005 the London police prevented a serious attempt to steal banking data. After attacking a banking system, the cyber criminals had planned to steal $423 million from Sumitomo Mitsui’s London-based offices. The main component of the Trojan used, which was created by the 32-year-old Yeron Bolondi, was a keylogger that allowed the criminals to track all the keystrokes entered when victims used the bank’s client interface.
Construction of keylogger
The most common methods used to construct keylogging software are as follows: * a system hook which intercepts notification that a key has been pressed (installed using WinAPI SetWindowsHook for messages sent by the window procedure. It is most often written in C) * a cyclical information keyboard request from the keyboard (using WinAPI Get(Async)KeyState or GetKeyboardState – most often written in Visual Basic, sometimes in Borland Delphi) * using a filter driver (requires specialized knowledge and is written in C).
A rough breakdown of the different types of keyloggers is shown in the pie chart below:

Recently, keyloggers that disguise their files to keep them from being found manually or by an antivirus program have become more numerous. These stealth techniques are called rootkit technologies. There are two main rootkit technologies used by keyloggers: * masking in user mode; * masking in kernel mode.
A rough breakdown of the techniques used by keyloggers to mask their activity is shown in the pie chart below:

How keyloggers spread
Keyloggers spread in much the same way that other malicious programs spread. Excluding cases where keyloggers are purchased and installed by a jealous spouse or partner, and the use of keyloggers by security services, keyloggers are mostly spread using the following methods): * a keylogger can be installed when a user opens a file attached to an email; * a keylogger can be installed when a file is launched from an open-access directory on a P2P network; * a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits a infected site; * a keylogger can be installed by another malicious program already present on the victim machine, if the program is capable of downloading and installing other malware to the system.

THOUGHT QUESTION
1)No, I don’t think my computer is monitored by any one. If you are honest and trustworthy no one would try to monitor your computer. Yes if an un-known person is doing it for his own personal benefits, then I’m unaware of it.
2) Definitely if they found out that I’m monitoring them they would get angry at me. I think breaking somebody’s privacy boundary isn’t right.
3)May be somebody would want to know the third parties private data(example email password).you can let others use your computer and get their personal information.
4)Having a good anti-virus is a good technique to know whether there is a keylogger in a computer or not. The anti-virus will itself get rid of it.

Conclusion & solutions * Even though keylogger developers market their products as legitimate software, most keyloggers can be used to steal personal user data and in political and industrial espionage. * At present, keyloggers – together with phishing and social engineering methods – are one of the most commonly used methods of cyber fraud. * IT security companies have recorded a steady increase in the number of malicious programs that have keylogging functionality. * Reports show that there is an increased tendency to use rootkit technologies in keylogging software, to help the keylogger evade manual detection and detection by antivirus solutions. * Only dedicated protection can detect that a keylogger is being used for spy purposes.

The following measures can be taken to protect against keyloggers:

* use a standard antivirus that can be adjusted to detect potentially malicious software (default settings for many products); * proactive protection will protect the system against new ,modifications of existing keyloggers; * use a virtual keyboard or a system to generate one-time passwords to protect against keylogging software and hardware.

SOURCE www.ip-guard.com www.webopedia.com/TERM/K/keylogger.html en.wikipedia.org/wiki/Keystroke_logging searchmidmarketsecurity.techtarget.com/definition/keylogger www.articles.forensicfocus.com/2011/07/12/computer-monitoring-software-vs-hardware-
Cached - Similar

Similar Documents

Free Essay

Hacking

...information exposed by hackers. In December 8 at New Hampshire the hackers are alleged to have collected the credit and debit card data from over 80,000 victims by hacking. China has highest percentage of hackers, is that 41%. Kevin Mitnick, he has the world best hacking recode and he’s known as “black hate”. In now times big multination brands or company offers prize to hack his own brand or company. For Example google offer $2.7 Million prize fund for those that can hack the chrome OS and Apple offers $1 Million. Hackers are problem because of cybercrime, cyber extortion and virus attack. Hackers are problem because of earning money through business (cybercrime) for example transection money, hack data and sell those data to some on else, hack social sites and expose personal information. Cybercrime is on the increase as new technology allows hackers to be even more anonymous and more dangerous when attacking your computer, network or site. The number, type and seriousness of cybercrime attacks have all increased. Black hat hacker claim he can make $15k to $20k an hour and also he claim like that they can hack 300 billion bits of data in second. Black hat says like that “making money by hacking is easier than brushing your teeth”. For example in 2014 international hacking rings has stolen as much as $1 Billion from more than 100 banks in 30 countries. In Australia, one hacking group hacked almost $154 Million data thru marketing company. Facebook is the King of social networks...

Words: 677 - Pages: 3

Free Essay

Biggest Challenges Today Are to Control the Network Security

...Biggest challenges today are to control the network security. Network security is having protection of networks and their services from unauthorized access, destruction, or disclosure. Malicious acts bring up the important topic of disaster recovery. Companies must have up to date copies of their important documents and software to prevent extended downtime. The saved information will let the company's employees continue to work while the IT department deals the damaged media. Hacking Into a Website Some being able to hack into a person’s web site is never going to be justifiable. A hacker is someone who illegally gets a hold to personal and private information in a computer system. This person then tampers with the information and start to cause problems. AT&T was a victim of someone hacking into their computer system and stealing the email addresses that Ipad buyers use when they were updating their information or activating there devices. There was a group called Goats Securite that uses different hacking ideas to get into AT&T website.   A total of 110,000 email addresses where obtained during this illegal entry into the website. During this attack on AT&T new technology that was only out for a month, they quickly shut the product down and website to deal with the problem that occurred. The problem was handled very quickly, AT&T was notified on Monday that there system was hacked into and peoples information was taken and compromised, the very next day the...

Words: 399 - Pages: 2

Premium Essay

Computer Memory Hacking

...dSniff, Netcat and John the Ripper. DSniff passively monitors a network for interesting data like passwords, e-mails, files etc. Netcat is designed to be a dependable back-end that has features that include port scanning, transferring files, port listening, and worse used as a backdoor. John the Ripper is a popular password testing and breaking programs but hackers would use it for the later. For dSniff, someone would have to first have access to your computer by the user either downloading the program by accident or the hacker pushing it to you. Then the tool is activated and monitors your computer for the right information. John the Ripper is used to break into computers and external hard drives. It would not be a tool that would be used to hack into a Facebook or Gmail account as they have extra measures for that method. Now that we know some different tools that hackers use we need to know some basic steps to stopping the hackers from entering your space. These few simple tasks will make it that much harder for someone that you don’t know have access to all of your valuable information. Keeping your system...

Words: 774 - Pages: 4

Premium Essay

Operation Get Rich or Die Tryin

...Operation Get Rich or Die Tryin Albert Gonzalez’s convicted TJX hacker Albert Gonzalez was sentenced to 20 years in prison crimes were committed mostly between 2005 and 2008 while he was drawing a $75,000 salary working for the U.S. Secret Service as a paid undercover informant. The string of hacks began in 2005 when Gonzalez and accomplices conducted war-driving expeditions along a Miami highway and other locations in search of poorly protected wireless networks, and found easy access into several retailer networks. Once inside a local TJX outlet’s network, the hackers forged their way upstream to its corporate network in Massachusetts. Gonzalez obtained a packet sniffer from best friend Stephen Watt, which he and accomplices installed on the TJX network to siphon transaction data in real time, including the magstripe data on the credit and debit cards. Gonzalez’s sentencing follows two others related to the TJX hacks. Stephen Watt, a former coder for Morgan Stanley, was sentenced to two years in prison for providing the sniffer that Gonzalez used in the TJX hack. Watt was also ordered to pay restitution to TJX, jointly with other accomplices, in the amount of $171.5 million. Humza Zaman, a former network security manager at Barclays Bank, was sentenced to 46 months in prison and fined $75,000 for serving as a money courier for Gonzalez. He was charged with laundering between $600,000 and $800,000 for Gonzalez. Gonzalez’s sentence is among the stiffest imposed for...

Words: 353 - Pages: 2

Premium Essay

Hacking

...understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some type of cyber crime, a study showing that nearly 90% of attacks happen on the inside [1] raising concerns of how easy it is to be working on the inside to be able to infiltrate attacks. Has ethical hacking finally come to the rescue for solving the problems or has it created new ones? 2. DISCUSSION A. Education and training The problem of teaching students to hack is still...

Words: 3982 - Pages: 16

Free Essay

Hacking

...prevent hacking, one must first understand what is at risk to be hacked and the way in which the act is done. Technology has become a constant part of every day life. People now manage their bank accounts, pay bills, deal with highly confidential information, and even personal information online. All these aspects of technology in daily life are a temptation to others throughout the internet. Those who find themselves tempted perform the task of hacking, which leaves others and their personal information vulnerable. This paper will discuss society’s reliance of technology in all aspects of life; thereby, leaving personal information vulnerable. Also being discussed will be information hackers find tempting, the steps that some take to hack into systems allowing them access to normally unavailable information and the steps that can be used to help prevent hacking from occurring. Method In the task of preventing hackers from gaining access to information that could be harmful to the individual, you must first understand what information is at risk and how hackers perform the task of hacking. In order to do this, I had to research what systems/files are at risk to be hacked and the way in which hackers perform the task of hacking. By assessing these factors, one can find the programs and actions they can take that can help protect their personal...

Words: 307 - Pages: 2

Premium Essay

Hacking

...similarity of all this three meaning, finding out weaknesses in a computer or computer network and exploiting them. The early hacker based on the internet article, wrote by Robert Trigaux, for St. Petersburg Times in 2000, this hacker is in early 1970, John Draper who hack the phone system by blowing a precise tone to ask the system to open the line for long-distance call for free. Nowadays, the internet has become the primary medium to perform business transaction and store the important data. Internet also is a primary medium for hacker to do their job. In a modern ways to make all thing easier, all the of a person can be find in internet nowadays, that make the term privacy is no more important to someone[1]. By using this medium also, a hacker can get an IP of a computer, and can breaking the computer system either to upload or download something from it. In the next paragraph will elaborate more on purpose of hacking, the effect of hacking and the way to prevent hacking. The purposes of hacking that are happen on internet or networking system in entire world today is to steal. Steal what? That was depended on the hacker. But, there is hackers who hack to earn money. Usually, this type of hacker hacks into a bank system to make a fake transaction by finding the point of entry into an information system to get banking data. Based on internet article, by, Brian Williams on Wednesday, March 21 2012, a group of hacker had been caught for stealing 70 million dollar...

Words: 2065 - Pages: 9

Free Essay

Hacking

...What Hacking means? To the popular press, "hacker" means someone who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense: someone who can make a computer do what he wants—whether the computer wants to or not. To add to the confusion, the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones. Believe it or not, the two senses of "hack" are also connected. Ugly and imaginative solutions have something in common: they both break the rules. And there is a gradual continuum between rule breaking that's merely ugly (using duct tape to attach something to your bike) and rule breaking that is brilliantly imaginative (discarding Euclidean space).Hacking predates computers. When he was working on the Manhattan Project, Richard Feynman used to amuse himself by breaking into safes containing secret documents. This tradition continues today. When we were in grad school, a hacker friend of mine who spent too much time around MIT had his own lock picking kit. (He now runs a hedge fund, a not unrelated enterprise.) It is sometimes hard to explain to authorities why...

Words: 931 - Pages: 4

Premium Essay

W131 Essay

...Elizabeth Scott Bits and Bytes Informatics 101 September 11, 2015 The article I have chosen to write about concerns the Internet cyber attacks that took place a few years back in South Korea. The cyber attack plagued over 32,000 computers and servers with a virus or “computer bug” (Bits and Bytes Powerpoint, Onesti & Richart). The virus crashed multiple computers and enabled them all to function extremely slow, or not function at all. This attack was targeted at banks and broadcasting computers (Pearson). Sources say that these attacks were traced to an IP address in China. However, this does not mean that China was at fault. The article states that North Korea is under suspicion for these cyber attacks. In lecture, we spoke a lot about the Internet and also something called a “computer bug” (Bits and Bytes Powerpoint, Onesti & Richart). Before lecture I did not know the origin behind the term computer bug, however, I learned that it was a literal bug found in the machine that was blocking one of the tubes in the computer, disabling it from doing its job. Later, the term eventually came to mean something that inhibited the computer from working properly. The hackers that caused disturbance in South Korea hacked the computers of many banks and broadcasting companies with a bug. In lecture we also discussed the importance and meaning of information. Information is data, and data is created by the users of the Internet (Onesti & Richart). During this hacking...

Words: 700 - Pages: 3

Premium Essay

Ethical Hacking

...to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some type of cyber crime, a study showing that nearly 90% of attacks happen on the inside [1] raising concerns of how easy it is to be working on the inside to be able to infiltrate attacks. Has ethical hacking finally come to the rescue for solving the problems or has it created new ones? 2. DISCUSSION A. Education and training The problem of teaching students to hack is still a very serious issue...

Words: 3974 - Pages: 16

Free Essay

Hacking

...prevent hacking, one must first understand what is at risk to be hacked and the way in which the act is done. Technology has become a constant part of every day life. People now manage their bank accounts, pay bills, deal with highly confidential information, and even personal information online. All these aspects of technology in daily life are a temptation to others throughout the internet. Those who find themselves tempted perform the task of hacking, which leaves others and their personal information vulnerable. This paper will discuss society’s reliance of technology in all aspects of life; thereby, leaving personal information vulnerable. Also being discussed will be information hackers find tempting, the steps that some take to hack into systems allowing them access to normally unavailable information and the steps that can be used to help prevent hacking from occurring. Method In the task of preventing hackers from gaining access to information that could be harmful to the individual, you must first understand what information is at risk and how hackers perform the task of hacking. In order to do this, I had to research what systems/files are at risk to be hacked and the way in which hackers perform the task of hacking. By assessing these factors, one can find the programs and actions they can take that can help protect their personal information. Results Vulnerability...

Words: 2876 - Pages: 12

Free Essay

Ethichs

...Ok so, there have been a few issues with the server that people are talking about. I understand a lot of people have issues and I appreciate on how fast the admins/Developer are taking care of these issues. I for one as a kohi player have never complained, but im here today to do just that *lul* I have no idea on how mods/admins do the banning, most likely reporting to the antiskid and the reports that come up in chat and responding to them as quickly as possible. (Sources: streams). I've died to hackers and understand the issue of people playing unlegit, so I do my part as a player, and ./report (name) him/her. In one scenario I've died countless amount of times to one hacker and nothing was done about it. Ive been acting professional about it and became so salty at the end, I screamed "help hacker, please tp" while getting a new bumhole from this hacker. I get that most of you reading up to this point will be arguing on how mods and admins are busy doing whats good for the server. Let me remind you, I was fighting a hacker, ./reported him/her, also did /helpop and screamed in chat while this person was blantely hacking and nothing was done about it. Minutes later, mods as well as admins are talking to each other about non - related issues, nothing to do with the server, streams, and something about Stimpay (cough fenboyz). I respect Kohi, the effort given by Prplz/ Travisvv as from what Ive seen is amazing. Im here suggesting that the server "hire, recruit" more mods/trials...

Words: 319 - Pages: 2

Free Essay

Lab1

...LAB 1 Tuesday Hacking and Countermeasures Reconnaissance, scanning, Gaining Access, Maintaining Access, Covering Tracks I would follow the fives steps of hacking and start with step number one, reconnaissance, and a bit of scanning. I believe google would be a great tool for performing the first step in hacking, there is a lot of information on most things there. Other tool sthat could be used are NMap, Paratrace, and ScanRand. Social engineering is one of the best ways to get information abotu a company or person. In social engineering one could pretend to be a higher up just trying to run a check and get all sorts of information. One of the most common forms of social engineereing is a method called phishing. Enumeration is similiar to scanning a system for vulnerabilitiesthat can be used to attack the system. This is vital to a hackers object since it reveals the information needed to access the target. To avoid detection a good hacker will always cover their tracks. This is done by purging any information in the system that could even minutely show the trace that someone was their. You must be careful when doing this because sometimes its not whats there that gets the hacker busted but what wasn’t. An attacker will leave some sort of backdoor into the system. This allows for re-entry at a later time that doesnt appear in scans by the company As the security professional your job is to find holes in the...

Words: 442 - Pages: 2

Premium Essay

Ecommerce

...Bibliofind Case 1) Due to Bibliofind's size the company they should have taken preventive measures to protect their information from attack. Many policies could have been enforced to protect the data and ensure a safe haven for their customer's information. Firewalls are essential to protect sensitive data in multitudes of ways. One of the steps would be to set up a secure channel in which to communicate with the client, such as SSL, TSL, PPTP, and/or L2TP. That way when a consuer trys to make a purchase through the website the transaction will be through a secure connection so that hackers cannot steal the information in transit. A firewall is able to perform many different tasks related to connection, including inspection, and application analysis. This makes sure the session isn't hijacked, and questionable code isn't injected into the packet stream. External firewalls can ensure that data is being processed from one system to another without interference. Also encryption streams can be established in the chance the data is moving internally along untrusted components such as a wan. The firewall could have also protected against brute force attacks by hiding the core machines that held the customer's transactions. It would create a wall that no one could see beyond. The only way to ensure this to work is to configure the firewall properly. When Bibliofind wanted to store their data they should have had a firewall as it's an important step in processing, log-ons...

Words: 640 - Pages: 3

Premium Essay

Hack a Mac

...Hack a Mac With only 30 minutes of physical access. by Jeff Browning Evan Savage and Alex Galvin Published by 2 Disclaimer: The information contained in this guide is for informational purposes only. Any instructions in this guide are intended to be performed on a machine that you have permission to use, as well as permission to execute the following commands and procedures upon. We take absolutely no responsibility for any damages of any kind resulting from the use of any knowledge in this guide. By reading further, you agree release HackMac.org from any and all liability, and assume all responsibility for your own actions. No part of this publication shall be reproduced, transmitted, or sold in whole or in part in any form, without the prior written consent of the author. All trademarks and registered trademarks appearing in this guide are the property of their respective owners. Users of this guide are advised to use their own due diligence when it comes to making any sort of decisions and all information, products, and services that have been provided should be independently verified by your own qualified professionals. By reading this guide, you agree that HackMac.org and its authors are not responsible for the success or failure of your decisions relating to any information presented in this guide. © 2011 HackMac.org All Rights Reserved 3 Table of Contents Chapter 1: The Admin Hack! Boot into Single-User Mode! Mount the Hard Drive! Remove the “Setup...

Words: 2647 - Pages: 11