Hardware keyloggers discovered at public libraries

Filed Under: Data loss, Privacy

Hardware keyloggerPublic libraries in Manchester, England, have been advised to keep their eyes peeled for USB bugs after two devices were discovered monitoring every keystroke made by every user of affected PCs.

According to local media reports, the small surveillance devices were found attached to the keyboard sockets at the back of two PCs in Wilmslow and Handforth libraries.

The devices - which look similar to USB drives - capture all keyboard activity, meaning that if everything you type (such as when you log into your email, book a holiday, check your bank account or make an online purchase) can be gathered by a returning criminal for later exploitation.

BBC News report

It's not known how long the devices have been in place at the libraries, or what information may have been stolen, but as the affected computers are used by a wide range of people (and are frequently accessed by members of the public who may not be able to afford internet access at home) the impact could be considerable.

According to reports, staff have been advised to conduct frequent checks on computers to try to reduce the chance of hardware keyloggers being deployed again, and rules have been in put in place advising that all keyboards must be plugged in to the (more visible) front of the PC's base unit rather than the rear.

But with human nature being what it is, and the cheap price and easy availability of hardware keyloggers in both USB and PS/2 connection forms, it's unlikely that we've heard the last of similar identity thefts on public computers.

Organisations concerned about the possibility of hardware keyloggers in the business environment may wish to investigate Sophos's SafeGuard Enterprise Configuration Protection facility.

BBC News reporter David Guest made a short video describing the threat, at one of the affected library computers.

, , , , ,

You might like

10 Responses to Hardware keyloggers discovered at public libraries

  1. This comes as no surprise....

    My local town council building has public access terminals that are supposed to only allow you to access council web services. They have removed the address bar from IE but do not employ any DNS or address filtering. This allows you to access other services such as twitter. (Clicking the link from the council website to the council's twitter then logging in) You can then click links contained within Twitter to access other websites.

    This brings down to the point where malware could be installed on the system...that could spread within the council network.

    • William · 1294 days ago

      You don't even NEED to do that, by pressing CTRL+O (the Open Shortcut) in Internet Explorer you can go to what ever website you want without jumping through hoops of links, the only thing you need to do is type it in as normal. My Highschool used a similar method (locking out installing of other browsers, and removing the Address Bar) once I pointed out that flaw, they quickly employed DNS and address filtering.

      The thing public libraries SHOULD do, is disallow USB devices, I know it may hurt the legitimate user, but there are software keyloggers, that someone could potentially install, unless the libraries implement software such DEEPFREEZE (locks the computer so upon logging out/restarting the system returns to the state it was in when locked) and combine that with a logout/reboot after so many minutes of being idle the keylogger fight will continue.

  2. Thu Win · 1295 days ago

    Problem with hardware keylogger is that it is not detected by conventional AV/antimalware software!

    Also, my library (Truro Community Library) have an open library running WIndows XP that is NOT fully updated *SP2 & flash version 9* with USBs and other jacks fully accessable to anyone! Also some software like ccleaner can run on it!

  3. Tech Doc · 1295 days ago

    I agree, why don't these councils use something like OpenDNS on their network to block content and filter sites.

    Why are the machines not locked down fully or they should use Wintel terminals. Any public terminal should have lots of extra security added & should not be a standard PC built.

    These councils are asking 4 all sorts of trouble if they can't get the basics correct.

    • Mrs. W · 1295 days ago

      I may not fully understand the hardware here, but how does one prevent the use of a keylogger that plugs in as a peripheral device?

      You can block USB storage, but you can't very well block a USB keyboard. How would the PC know the difference between that and this keylogger?

      • William. · 1294 days ago

        The hardware Keylogger's must have the device (USB/PS2 keyboard) plugged into it, and it captures all the keys hit so when plugged in and read via software, it will show you what was typed, by making sure keyboards are plugged into the front, a vigilant person can detect, remove and report these peripherals. When using a public computer, I ALWAYS check to make sure there isn't a Keylogger attached to the back between the keyboard and the computer, might be a bit over cautious but better safe than sorry.

  4. Richard · 1295 days ago

    This is shocking! Not the key-logger - the fact that there are still public libraries open in Manchester! :o)

  5. I would have thought that application and device control measures should be one of the first things on the agenda. Also physical separation of the system unit from the input devices should be common place. Authorities not using a combination of defenses (physical and software) may aswell leave the vault open!

  6. anon · 1295 days ago

    I always assume all public machines have horrible stuff like this attached. The best way to subvert this is when you log in to a site is to do this:
    1) Type part of the username/password
    2) Click off the input box somewhere on the background
    3) Type a bunch of random junk
    4) Click back on the input box and continue to type
    5) Repeat steps 1-4 as desired

    ...This way keyloggers don't have an uninterrupted stream of your login...in most situations, at least.

  7. Kevin B. · 1294 days ago

    The previous post is on the mark for a great way to confound any sort of keystroke tracking. Also, just employ some basic common sense by doing a visual inspection of the machine you are about to use. If you see anything plugged into a USB port (the keyboard itself is not usually a hazard), report it immediately to the staff and clarify exactly what belongs plugged into the PC. Don't be afraid to ask questions! Your security is at stake, so speak up to protect yourself.

    If one is about to use a public machine and if one is going to input sensitive information, ask the staff what precautions are being taken to keep the machines clean and safe. Is the virus software up to date? Is there a schedule for running anti-malware software? Are these scans conducted daily? There will always be some risk when on the internet -- even from home -- so some basic vigilance is called for to keep your information safe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.