back to article Hardware keyloggers found in Manchester library PCs

Hardware keyloggers have been discovered in public libraries in Greater Manchester. Two USB devices, attached to keyboard sockets on the back of computers in Wilmslow and Handforth libraries, would have enabled baddies to record every keystroke made on compromised PCs. It's unclear who placed the snooping devices on the machines …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

It's unclear who placed the snooping devices

Here's an idea, and I doubt I'll be the only one to point this out, but wait and see who comes to collect them.

9
0
Silver badge

Good idea

But the odds of success have probably gone out the window since the news articles.. :-)

2
0

Doh!

The police presumably don't have the wit / manpower (delete as appropriate, or not!).

0
0

One has to question..

The use of bank account details of someone unable to afford a home computer and internet connection..

9
1

Also

Why would such a person have online banking?

They probably have to walk past the bank to get to the library.

4
2
Anonymous Coward

"Why would such a person have online banking?"

Just listen to yourself being superior !

Out on business, holiday ( unlikely in Handforth I admit )

Why do people use internet cafes ?

The question really is why would anyone use public computers for sensitive matters

3
1
Unhappy

Scum will be scum!

If it means just a few more quid in their pockets, sadly some scum have no problems with ripping off even those with sweet FA to their name.

2
0

Not nesseserilly

When Pipex (Tiscali) "Upgraded" my internet connection two years ago, and i was internetless for over a month, i used the library internet quite a bit. Not a huge stretch for me as i do use the library quite a bit anyway.

3
0
Anonymous Coward

@ Just Thinking

In Handforth you would only walk past your bank on the way to the library if it was RBS as thats the only bank we have here, And then only if you lived in the northern half of the village!

Wilmslow is similar in that a great deal of the town you would have to walk past the library to get to the banks (coming from the south this time)

0
0

Not in Greater Manc

For the record, neither Wilmslow nor Handforth are actually in Greater Manchester - despite being essentially up-market suburbs, they're both in Cheshire (and always have been).

5
0
Anonymous Coward

That's a relief

I found the terms "up-market" and "Manchester" in the same sentence rather difficult to reconcile.

</ignorant southerner>

5
1
Anonymous Coward

Ignorant indeed

I've not seen the figures recently but as far as I remember the crescent in north Cheshire that includes Knutsford Wilmslow, Alderley Edge, Prestbury, Poynton and others had the greatest disposable income in the country outside of certain parts of London

2
0
Anonymous Coward

Apparently that is so, but...

...a curse on all Wayne Rooney's houses would surely bring that to an end though?

0
1
Coat

Public computer use Vs unprotected sex

There is very little difference.*

* although I know which one is more enjoyable!

2
2
Thumb Up

Downvoted?

Dunno why you were. Here's an upvote for you, good one :P

0
0
FAIL

Not Manchester

Handforth and Wilmslow are in North East Cheshire not Manchester, and it surprises me that they even found the devices with the slowness of the usually old and decrepit nature of the workers usually manning these facilities.

0
3
Flame

Any

..terrarizt scares in that area, maybe ??

0
3
Anonymous Coward

So, the library staff are either...

"A third detected device was discovered but disappeared before it was turned over to local police"

So, the library staff are either...

1. Stupid and just left it plugged in for the crook to come collect before they could give it to the police.

2. Monumentally disorganised and lost the device before they could hand it over.

-or-

3. Engaged in online fraud/identity theft themselves.

5
0
Anonymous Coward

Library staff probably not thieves or idots.

Or the IT staff only came out to look at the machine when one of them stopped working properly. Finding the device was probably told of other machines having had similar devices on before, hence the missing key logger.

It is unlikely that the library staff would subject themselves to the typical abuse IT staff hand out by removing any devices.

0
0
FAIL

Doh

What moron would use a public PC to log into anything private ?

Wow there really is a sucker born every minute.

2
6

not everyone works in IT Security

Re who would use a public pc etc, I bet if you took a sample of library users >50% would trust the PCs in their library to be secure. So that is a fairly large user base.

then you'll have school children / students who might think that logging onto facebook is not the same as using a pc for something private, regadless of the fact they use the same password for everything

Then you have people who have no internet at home who want to check their email.

so my answer is, unfortunately, quite a lot.

I don't think it unreasonable to differentiate between doing online banking in a dodgy cyber cafe / unsecured wireless and doing it somewhere where you are constantly being educated and encouraged to get online by the government.

What would YOU do if you had no PC at home, would you just dissapear offline and never check your email again?

2
2
Pint

Sigh

What moron doesn't know how to fix their own boiler?

What moron doesn't know how to service their own car?

What moron can't perform open heart surgery?

What moron <insert something you have personal knowledge of because you work in the industry which obviously means anyone who doesn't have the exact same interests and knowledge is a moron>

Tedious. Get over yourself.

13
1
FAIL

re: What would YOU do if you had no PC at home

Well obviously I'd get a PC and an Internet connection.

2
6
Pint

why not?

you go to the public toilet to do something private right?

0
0
Stop

You support my case

Lots of strange things go on in public toilets, holes drilled through walls etc.

You only use a public toilet is you are really desperate, even then you hover the seat.

1
0
Thumb Up

"You only use a public toilet is you are really desperate,"

^ This.

0
0
Silver badge
WTF?

A third detected device was discovered...

"... but disappeared before it was turned over to local police"

Keyloggers from the 4th dimension? A case for the X-files?

0
0
Grenade

Why online banking?

More use to go for paypal, ebay or amazon credentials...

0
0
Anonymous Coward

face

WHATWG showed they don't have a clue with this living standard HTML tripe.

0
0

"keyboards are plugged into the more visible front ports"

I'm not sure how that would help.

If the keyboards are now to be plugged into the front ports, then keyloggers can be plugged into the rear ports ... where they are even *less* likely to be noticed than a keylogger plugged into the front.

OK, so the staff are perhaps more likely to notice somebody delving round the back, but that presumes its a member of the public that's planting the keyloggers but it could equally well be a member of staff who is planting them.

0
14
FAIL

@Harry

Err, I think you are missing the point. The idea is that the keyboard signals have to go THROUGH the device to get hardware logged. Not much good just stuffing it into an empty socket.

9
0
WTF?

But

The keyloggers are attached in line with the keyboard, i.e. between the keyboard & the box. Using the usb ports on the front of the machine makes the keylogger instantly visible.

6
0
FAIL

Lol!

Hardware Keyloggers work by reading the signals as they go between the keyboard and the computer. They dont need drivers because there transparent as far as the computer is concerned. (They simply pass the signal through)

If you plug the key logger into a socket which *doesnt* have the keyboard plugged in. its not passing the signals through, therefore cant record them.

Software keyloggers require you to install software, indeed probably Low level drivers. They dont need things plugged in, although its possible they may have so you can install the software from it or as a target for the logging.

It sounds as if these computers were locked down enough that you couldnt install a software keylogger, so they had to use a hardware one, Which TBH, it substantially better security than i have experienced in general from government, local or otherwise, so Qudos there.

6
0
Happy

Qudos

Wasn't that a really archaic DOS-based careers advice program that I came across in high school in the 90s?

Anyone else remember that?!

0
0

But

Why not just lock the base unit inside a cupboard - as is quite a common practice ?

0
0
Pirate

Come to West Lothian

Hackers should go to any library in West Lothian.

Not only is the AV software on them over a year out of date. But if you stand outside and use a wireless laptop, you get free access to the Internet (and the public pcs) without any security checks.

Who needs a physical device... :)

0
0
Megaphone

How about I coin an appropriate maxim?

Your system is keylogged until proven* otherwise.

*Obviously the degree this is taken to will vary from individual to individual, also on their level of know-how. I simply will not do internet banking on a machine on my family windows box. Nor any windows box for that matter.

Not to mention another maxim, "The lock you buy for your gate can only ever be as good as your gate." - big thing in local news here at any rate, apparently Lush got hacked and credit card details have been compromised. Sure, things may not screw up at your end, but once past... up further up the pipe... God knows.

Which is again what this article actually illustrates. I seen those before. They are pretty much undetectable if you don't inspect your kit. visually.

Nothing like a healthy dose of paranoia now and then, folks! Drink up. It's not too bitter and it'll be good for you.

0
0
Pint

Right

Prove your system doesn't have a keylogger.

When you're done with that. prove Nessie doesn't exist.

0
0
Joke

Proving Nessie doesn't exist

10x 200 megaton bombs should do the trick...

;)

Still not certain how that's going to take care of keyboard logging, though.

-d

0
0

Don't be obtuse.

The point of what I said was to be as certain as you can that your system is not compromised. Read it again.

0
0
Silver badge

No problems?

This sort of situation is unlikely to be a problem in the future - there won't be the libraries.

However, if 'BigSociety' is to work then places like libraries (if there are any left) will need unpaid support workers like 'I.T. experts'.

The great unwashed will also need to go to the 'libraries' (local community support venues) to be able to do everything online as there will be no council or governement workers left.

Solution - get USB keyboard similar to library ones and swap them over - install small devices and pick up all the info you need via proximity transfer as you sit there wit your phone next to the keyboard.

Hardware key loggers? thing of the past.

0
0
Anonymous Coward

hardware keyloggers come with integarted wireless now

No need for hardware keyloggers to be collected anymore to extract data since they can be purchased with integrated wireless transmitters.. so risk only exists for the fraudster on the initial connection of the keylogger. Of course, these keyloggers are more pricey but the cost/benefit is irrelevant if you get access to a few dozen credit card numbers or bank login details.

0
0
Megaphone

@Just Thinking

A number of banks (RBS, Halifax) will only let "such a person" open very restricted bank accounts. Restrictions include...

*) No credit facilities.

*) No credit cards

*) This is the relevant one - No Branch Counter Service, all transactions must be done online.

I don't really understand the reason for the last restriction, but yeah, they can't go into the branch, except to use the "drop-box" to deposit money, or the ATM to withdraw money. All other transactions have to be done online (or via an automated telephone system).

Also these are the people who are most vulnerable to asshats stealing their funds with stunts like this, as they have little or no safety net.

2
0
Anonymous Coward

re: the reason for the last restriction

The cynical might suggest it's a personal hygiene issue, but it's really just a matter of keeping costs down and not impinging on the service provided for paying customers. I think it's great that people now have what amounts to the right to hold a bank account, even if it was only introduced as a cost cutting measure by the DWP or whatever they're called this week.

;

0
1
Anonymous Coward

@Allan 1

My dear Allan, not that I want to start a relationship or anything but you've got be careful as many seem to take things too literally in here.

>Also these are the people who are most vulnerable

Don't you understand, we are for more tech savvy, probably more financially secure and definitely more full of ourselves than these sort of people so we don't give a toss. We just sneer and look down at them and make enlightened comments as to their sorry state.

Please, get with the program

HTH

0
0
Grenade

Liability

Interesting question for the tax payers of GMC, if accounts are broken into as a result of secuirty breaches at these libraries, who is picking up the liability bill?

The hacker who is never traced,

or the council?

Question is, did the council take "reasonable" measures to ensure the security of the machines, and/or post warnings that these are public machines, and hence would advise against use for personal or financial transactions?

0
1
Anonymous Coward

Bollocks

They'll be bloody USB to PS/2 adapters that some paranoid dick spotted.

0
0
Coffee/keyboard

Virtual Keyboard

is the only thing I would use for sensitive data on a Public PC. And that's a very rare occasion.

I would be more worried when they have a mouse logger :)

0
0

Even then I don't know..

I'll have to look this up but I'm not convinced a virtual keyboard is completely safe...

I have however, seen some online games where you have an option of using a virtual keyboard built into the game client itself, to log in, where the layout of the keyboard is completely randomly regenerated for _every_ keystroke, just presumably to foil mouse loggers, so these guys must have presumably been worried enough.

0
0
WTF?

Why were the USB ports even accessible?

Surely a locked cage of some sort with one hole for wires (and some air vents!) should be all that's visible to the public? Even a non-techy librarian can understand that type of security.

0
0

Page:

This topic is closed for new posts.

Forums