Public libraries in Manchester, England, have been advised to keep their eyes peeled for USB bugs after two devices were discovered monitoring every keystroke made by every user of affected PCs.
According to local media reports, the small surveillance devices were found attached to the keyboard sockets at the back of two PCs in Wilmslow and Handforth libraries.
The devices – which look similar to USB drives – capture all keyboard activity, meaning that if everything you type (such as when you log into your email, book a holiday, check your bank account or make an online purchase) can be gathered by a returning criminal for later exploitation.
It’s not known how long the devices have been in place at the libraries, or what information may have been stolen, but as the affected computers are used by a wide range of people (and are frequently accessed by members of the public who may not be able to afford internet access at home) the impact could be considerable.
According to reports, staff have been advised to conduct frequent checks on computers to try to reduce the chance of hardware keyloggers being deployed again, and rules have been in put in place advising that all keyboards must be plugged in to the (more visible) front of the PC’s base unit rather than the rear.
But with human nature being what it is, and the cheap price and easy availability of hardware keyloggers in both USB and PS/2 connection forms, it’s unlikely that we’ve heard the last of similar identity thefts on public computers.
Organisations concerned about the possibility of hardware keyloggers in the business environment may wish to investigate Sophos’s SafeGuard Enterprise Configuration Protection facility.
BBC News reporter David Guest made a short video describing the threat, at one of the affected library computers.