back to article Hardware keyloggers found in Manchester library PCs

Hardware keyloggers have been discovered in public libraries in Greater Manchester. Two USB devices, attached to keyboard sockets on the back of computers in Wilmslow and Handforth libraries, would have enabled baddies to record every keystroke made on compromised PCs. It's unclear who placed the snooping devices on the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Public computer use Vs unprotected sex

    There is very little difference.*

    * although I know which one is more enjoyable!

  2. Anonymous Coward
    Anonymous Coward

    It's unclear who placed the snooping devices

    Here's an idea, and I doubt I'll be the only one to point this out, but wait and see who comes to collect them.

  3. sprouty76

    Not in Greater Manc

    For the record, neither Wilmslow nor Handforth are actually in Greater Manchester - despite being essentially up-market suburbs, they're both in Cheshire (and always have been).

  4. Sampler

    One has to question..

    The use of bank account details of someone unable to afford a home computer and internet connection..

    1. Annihilator

      Good idea

      But the odds of success have probably gone out the window since the news articles.. :-)

    2. Just Thinking

      Also

      Why would such a person have online banking?

      They probably have to walk past the bank to get to the library.

      1. Anonymous Coward
        Anonymous Coward

        "Why would such a person have online banking?"

        Just listen to yourself being superior !

        Out on business, holiday ( unlikely in Handforth I admit )

        Why do people use internet cafes ?

        The question really is why would anyone use public computers for sensitive matters

      2. Anonymous Coward
        Anonymous Coward

        @ Just Thinking

        In Handforth you would only walk past your bank on the way to the library if it was RBS as thats the only bank we have here, And then only if you lived in the northern half of the village!

        Wilmslow is similar in that a great deal of the town you would have to walk past the library to get to the banks (coming from the south this time)

    3. Anonymous Coward
      Anonymous Coward

      That's a relief

      I found the terms "up-market" and "Manchester" in the same sentence rather difficult to reconcile.

      </ignorant southerner>

      1. Anonymous Coward
        Anonymous Coward

        Ignorant indeed

        I've not seen the figures recently but as far as I remember the crescent in north Cheshire that includes Knutsford Wilmslow, Alderley Edge, Prestbury, Poynton and others had the greatest disposable income in the country outside of certain parts of London

        1. Anonymous Coward
          Anonymous Coward

          Apparently that is so, but...

          ...a curse on all Wayne Rooney's houses would surely bring that to an end though?

    4. Anonymous Coward
      Unhappy

      Scum will be scum!

      If it means just a few more quid in their pockets, sadly some scum have no problems with ripping off even those with sweet FA to their name.

    5. spodula

      Not nesseserilly

      When Pipex (Tiscali) "Upgraded" my internet connection two years ago, and i was internetless for over a month, i used the library internet quite a bit. Not a huge stretch for me as i do use the library quite a bit anyway.

    6. Oliver 7

      Doh!

      The police presumably don't have the wit / manpower (delete as appropriate, or not!).

    7. sT0rNG b4R3 duRiD
      Thumb Up

      Downvoted?

      Dunno why you were. Here's an upvote for you, good one :P

  5. Rob Quinn
    FAIL

    Not Manchester

    Handforth and Wilmslow are in North East Cheshire not Manchester, and it surprises me that they even found the devices with the slowness of the usually old and decrepit nature of the workers usually manning these facilities.

  6. Ubuntu Is a Better Slide Rule
    Flame

    Any

    ..terrarizt scares in that area, maybe ??

  7. Anonymous Coward
    Anonymous Coward

    So, the library staff are either...

    "A third detected device was discovered but disappeared before it was turned over to local police"

    So, the library staff are either...

    1. Stupid and just left it plugged in for the crook to come collect before they could give it to the police.

    2. Monumentally disorganised and lost the device before they could hand it over.

    -or-

    3. Engaged in online fraud/identity theft themselves.

    1. Anonymous Coward
      Anonymous Coward

      Library staff probably not thieves or idots.

      Or the IT staff only came out to look at the machine when one of them stopped working properly. Finding the device was probably told of other machines having had similar devices on before, hence the missing key logger.

      It is unlikely that the library staff would subject themselves to the typical abuse IT staff hand out by removing any devices.

  8. Anonymous Coward
    FAIL

    Doh

    What moron would use a public PC to log into anything private ?

    Wow there really is a sucker born every minute.

  9. Destroy All Monsters Silver badge
    WTF?

    A third detected device was discovered...

    "... but disappeared before it was turned over to local police"

    Keyloggers from the 4th dimension? A case for the X-files?

    1. Charles Calthrop

      not everyone works in IT Security

      Re who would use a public pc etc, I bet if you took a sample of library users >50% would trust the PCs in their library to be secure. So that is a fairly large user base.

      then you'll have school children / students who might think that logging onto facebook is not the same as using a pc for something private, regadless of the fact they use the same password for everything

      Then you have people who have no internet at home who want to check their email.

      so my answer is, unfortunately, quite a lot.

      I don't think it unreasonable to differentiate between doing online banking in a dodgy cyber cafe / unsecured wireless and doing it somewhere where you are constantly being educated and encouraged to get online by the government.

      What would YOU do if you had no PC at home, would you just dissapear offline and never check your email again?

      1. Anonymous Coward
        FAIL

        re: What would YOU do if you had no PC at home

        Well obviously I'd get a PC and an Internet connection.

    2. Anonymous Coward
      Pint

      Sigh

      What moron doesn't know how to fix their own boiler?

      What moron doesn't know how to service their own car?

      What moron can't perform open heart surgery?

      What moron <insert something you have personal knowledge of because you work in the industry which obviously means anyone who doesn't have the exact same interests and knowledge is a moron>

      Tedious. Get over yourself.

    3. json
      Pint

      why not?

      you go to the public toilet to do something private right?

      1. Anonymous Coward
        Stop

        You support my case

        Lots of strange things go on in public toilets, holes drilled through walls etc.

        You only use a public toilet is you are really desperate, even then you hover the seat.

        1. sT0rNG b4R3 duRiD
          Thumb Up

          "You only use a public toilet is you are really desperate,"

          ^ This.

  10. Anonymous Coward
    Grenade

    Why online banking?

    More use to go for paypal, ebay or amazon credentials...

  11. Anonymous Coward
    Anonymous Coward

    face

    WHATWG showed they don't have a clue with this living standard HTML tripe.

  12. Harry

    "keyboards are plugged into the more visible front ports"

    I'm not sure how that would help.

    If the keyboards are now to be plugged into the front ports, then keyloggers can be plugged into the rear ports ... where they are even *less* likely to be noticed than a keylogger plugged into the front.

    OK, so the staff are perhaps more likely to notice somebody delving round the back, but that presumes its a member of the public that's planting the keyloggers but it could equally well be a member of staff who is planting them.

    1. Dave Gregory
      WTF?

      But

      The keyloggers are attached in line with the keyboard, i.e. between the keyboard & the box. Using the usb ports on the front of the machine makes the keylogger instantly visible.

    2. Anonymous Coward
      FAIL

      @Harry

      Err, I think you are missing the point. The idea is that the keyboard signals have to go THROUGH the device to get hardware logged. Not much good just stuffing it into an empty socket.

    3. spodula
      FAIL

      Lol!

      Hardware Keyloggers work by reading the signals as they go between the keyboard and the computer. They dont need drivers because there transparent as far as the computer is concerned. (They simply pass the signal through)

      If you plug the key logger into a socket which *doesnt* have the keyboard plugged in. its not passing the signals through, therefore cant record them.

      Software keyloggers require you to install software, indeed probably Low level drivers. They dont need things plugged in, although its possible they may have so you can install the software from it or as a target for the logging.

      It sounds as if these computers were locked down enough that you couldnt install a software keylogger, so they had to use a hardware one, Which TBH, it substantially better security than i have experienced in general from government, local or otherwise, so Qudos there.

      1. Your Retarded
        Happy

        Qudos

        Wasn't that a really archaic DOS-based careers advice program that I came across in high school in the 90s?

        Anyone else remember that?!

      2. peterrat

        But

        Why not just lock the base unit inside a cupboard - as is quite a common practice ?

  13. Anonymous Coward
    Pirate

    Come to West Lothian

    Hackers should go to any library in West Lothian.

    Not only is the AV software on them over a year out of date. But if you stand outside and use a wireless laptop, you get free access to the Internet (and the public pcs) without any security checks.

    Who needs a physical device... :)

  14. sT0rNG b4R3 duRiD
    Megaphone

    How about I coin an appropriate maxim?

    Your system is keylogged until proven* otherwise.

    *Obviously the degree this is taken to will vary from individual to individual, also on their level of know-how. I simply will not do internet banking on a machine on my family windows box. Nor any windows box for that matter.

    Not to mention another maxim, "The lock you buy for your gate can only ever be as good as your gate." - big thing in local news here at any rate, apparently Lush got hacked and credit card details have been compromised. Sure, things may not screw up at your end, but once past... up further up the pipe... God knows.

    Which is again what this article actually illustrates. I seen those before. They are pretty much undetectable if you don't inspect your kit. visually.

    Nothing like a healthy dose of paranoia now and then, folks! Drink up. It's not too bitter and it'll be good for you.

  15. Elmer Phud

    No problems?

    This sort of situation is unlikely to be a problem in the future - there won't be the libraries.

    However, if 'BigSociety' is to work then places like libraries (if there are any left) will need unpaid support workers like 'I.T. experts'.

    The great unwashed will also need to go to the 'libraries' (local community support venues) to be able to do everything online as there will be no council or governement workers left.

    Solution - get USB keyboard similar to library ones and swap them over - install small devices and pick up all the info you need via proximity transfer as you sit there wit your phone next to the keyboard.

    Hardware key loggers? thing of the past.

    1. Anonymous Coward
      Anonymous Coward

      hardware keyloggers come with integarted wireless now

      No need for hardware keyloggers to be collected anymore to extract data since they can be purchased with integrated wireless transmitters.. so risk only exists for the fraudster on the initial connection of the keylogger. Of course, these keyloggers are more pricey but the cost/benefit is irrelevant if you get access to a few dozen credit card numbers or bank login details.

    2. Anonymous Coward
      Pint

      Right

      Prove your system doesn't have a keylogger.

      When you're done with that. prove Nessie doesn't exist.

      1. Daniel 4
        Joke

        Proving Nessie doesn't exist

        10x 200 megaton bombs should do the trick...

        ;)

        Still not certain how that's going to take care of keyboard logging, though.

        -d

      2. sT0rNG b4R3 duRiD

        Don't be obtuse.

        The point of what I said was to be as certain as you can that your system is not compromised. Read it again.

  16. Allan 1
    Megaphone

    @Just Thinking

    A number of banks (RBS, Halifax) will only let "such a person" open very restricted bank accounts. Restrictions include...

    *) No credit facilities.

    *) No credit cards

    *) This is the relevant one - No Branch Counter Service, all transactions must be done online.

    I don't really understand the reason for the last restriction, but yeah, they can't go into the branch, except to use the "drop-box" to deposit money, or the ATM to withdraw money. All other transactions have to be done online (or via an automated telephone system).

    Also these are the people who are most vulnerable to asshats stealing their funds with stunts like this, as they have little or no safety net.

    1. Anonymous Coward
      Anonymous Coward

      re: the reason for the last restriction

      The cynical might suggest it's a personal hygiene issue, but it's really just a matter of keeping costs down and not impinging on the service provided for paying customers. I think it's great that people now have what amounts to the right to hold a bank account, even if it was only introduced as a cost cutting measure by the DWP or whatever they're called this week.

      ;

  17. Anonymous Coward
    Anonymous Coward

    @Allan 1

    My dear Allan, not that I want to start a relationship or anything but you've got be careful as many seem to take things too literally in here.

    >Also these are the people who are most vulnerable

    Don't you understand, we are for more tech savvy, probably more financially secure and definitely more full of ourselves than these sort of people so we don't give a toss. We just sneer and look down at them and make enlightened comments as to their sorry state.

    Please, get with the program

    HTH

  18. despairing citizen
    Grenade

    Liability

    Interesting question for the tax payers of GMC, if accounts are broken into as a result of secuirty breaches at these libraries, who is picking up the liability bill?

    The hacker who is never traced,

    or the council?

    Question is, did the council take "reasonable" measures to ensure the security of the machines, and/or post warnings that these are public machines, and hence would advise against use for personal or financial transactions?

  19. Anonymous Coward
    Anonymous Coward

    Bollocks

    They'll be bloody USB to PS/2 adapters that some paranoid dick spotted.

  20. pompurin
    Coffee/keyboard

    Virtual Keyboard

    is the only thing I would use for sensitive data on a Public PC. And that's a very rare occasion.

    I would be more worried when they have a mouse logger :)

    1. sT0rNG b4R3 duRiD

      Even then I don't know..

      I'll have to look this up but I'm not convinced a virtual keyboard is completely safe...

      I have however, seen some online games where you have an option of using a virtual keyboard built into the game client itself, to log in, where the layout of the keyboard is completely randomly regenerated for _every_ keystroke, just presumably to foil mouse loggers, so these guys must have presumably been worried enough.

  21. Joe 3
    WTF?

    Why were the USB ports even accessible?

    Surely a locked cage of some sort with one hole for wires (and some air vents!) should be all that's visible to the public? Even a non-techy librarian can understand that type of security.

  22. Anonymous Coward
    WTF?

    @despairing citizen

    "Interesting question for the tax payers of GMC, if accounts are broken into as a result of secuirty breaches at these libraries, who is picking up the liability bill?"

    Not *that* interesting for GMC taxpayers, indeed I don't think they will even give a shit, seeing as these libraries are run by Cheshire East Council, not GMC.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019