Hardware keyloggers found in Manchester library PCs Hardware keyloggers have been discovered in public libraries in Greater Manchester. Two USB devices, attached to keyboard sockets on the back of computers in Wilmslow and Handforth libraries, would have enabled baddies to record every keystroke made on compromised PCs. It's unclear who placed the snooping devices on the …
In Handforth you would only walk past your bank on the way to the library if it was RBS as thats the only bank we have here, And then only if you lived in the northern half of the village!
Wilmslow is similar in that a great deal of the town you would have to walk past the library to get to the banks (coming from the south this time)
"A third detected device was discovered but disappeared before it was turned over to local police"
So, the library staff are either...
1. Stupid and just left it plugged in for the crook to come collect before they could give it to the police.
2. Monumentally disorganised and lost the device before they could hand it over.
-or-
3. Engaged in online fraud/identity theft themselves.
Or the IT staff only came out to look at the machine when one of them stopped working properly. Finding the device was probably told of other machines having had similar devices on before, hence the missing key logger.
It is unlikely that the library staff would subject themselves to the typical abuse IT staff hand out by removing any devices.
Re who would use a public pc etc, I bet if you took a sample of library users >50% would trust the PCs in their library to be secure. So that is a fairly large user base.
then you'll have school children / students who might think that logging onto facebook is not the same as using a pc for something private, regadless of the fact they use the same password for everything
Then you have people who have no internet at home who want to check their email.
so my answer is, unfortunately, quite a lot.
I don't think it unreasonable to differentiate between doing online banking in a dodgy cyber cafe / unsecured wireless and doing it somewhere where you are constantly being educated and encouraged to get online by the government.
What would YOU do if you had no PC at home, would you just dissapear offline and never check your email again?
What moron doesn't know how to fix their own boiler?
What moron doesn't know how to service their own car?
What moron can't perform open heart surgery?
What moron <insert something you have personal knowledge of because you work in the industry which obviously means anyone who doesn't have the exact same interests and knowledge is a moron>
Tedious. Get over yourself.
I'm not sure how that would help.
If the keyboards are now to be plugged into the front ports, then keyloggers can be plugged into the rear ports ... where they are even *less* likely to be noticed than a keylogger plugged into the front.
OK, so the staff are perhaps more likely to notice somebody delving round the back, but that presumes its a member of the public that's planting the keyloggers but it could equally well be a member of staff who is planting them.
Hardware Keyloggers work by reading the signals as they go between the keyboard and the computer. They dont need drivers because there transparent as far as the computer is concerned. (They simply pass the signal through)
If you plug the key logger into a socket which *doesnt* have the keyboard plugged in. its not passing the signals through, therefore cant record them.
Software keyloggers require you to install software, indeed probably Low level drivers. They dont need things plugged in, although its possible they may have so you can install the software from it or as a target for the logging.
It sounds as if these computers were locked down enough that you couldnt install a software keylogger, so they had to use a hardware one, Which TBH, it substantially better security than i have experienced in general from government, local or otherwise, so Qudos there.
Hackers should go to any library in West Lothian.
Not only is the AV software on them over a year out of date. But if you stand outside and use a wireless laptop, you get free access to the Internet (and the public pcs) without any security checks.
Who needs a physical device... :)
Your system is keylogged until proven* otherwise.
*Obviously the degree this is taken to will vary from individual to individual, also on their level of know-how. I simply will not do internet banking on a machine on my family windows box. Nor any windows box for that matter.
Not to mention another maxim, "The lock you buy for your gate can only ever be as good as your gate." - big thing in local news here at any rate, apparently Lush got hacked and credit card details have been compromised. Sure, things may not screw up at your end, but once past... up further up the pipe... God knows.
Which is again what this article actually illustrates. I seen those before. They are pretty much undetectable if you don't inspect your kit. visually.
Nothing like a healthy dose of paranoia now and then, folks! Drink up. It's not too bitter and it'll be good for you.
This sort of situation is unlikely to be a problem in the future - there won't be the libraries.
However, if 'BigSociety' is to work then places like libraries (if there are any left) will need unpaid support workers like 'I.T. experts'.
The great unwashed will also need to go to the 'libraries' (local community support venues) to be able to do everything online as there will be no council or governement workers left.
Solution - get USB keyboard similar to library ones and swap them over - install small devices and pick up all the info you need via proximity transfer as you sit there wit your phone next to the keyboard.
Hardware key loggers? thing of the past.
No need for hardware keyloggers to be collected anymore to extract data since they can be purchased with integrated wireless transmitters.. so risk only exists for the fraudster on the initial connection of the keylogger. Of course, these keyloggers are more pricey but the cost/benefit is irrelevant if you get access to a few dozen credit card numbers or bank login details.
A number of banks (RBS, Halifax) will only let "such a person" open very restricted bank accounts. Restrictions include...
*) No credit facilities.
*) No credit cards
*) This is the relevant one - No Branch Counter Service, all transactions must be done online.
I don't really understand the reason for the last restriction, but yeah, they can't go into the branch, except to use the "drop-box" to deposit money, or the ATM to withdraw money. All other transactions have to be done online (or via an automated telephone system).
Also these are the people who are most vulnerable to asshats stealing their funds with stunts like this, as they have little or no safety net.
The cynical might suggest it's a personal hygiene issue, but it's really just a matter of keeping costs down and not impinging on the service provided for paying customers. I think it's great that people now have what amounts to the right to hold a bank account, even if it was only introduced as a cost cutting measure by the DWP or whatever they're called this week.
;
My dear Allan, not that I want to start a relationship or anything but you've got be careful as many seem to take things too literally in here.
>Also these are the people who are most vulnerable
Don't you understand, we are for more tech savvy, probably more financially secure and definitely more full of ourselves than these sort of people so we don't give a toss. We just sneer and look down at them and make enlightened comments as to their sorry state.
Please, get with the program
HTH
Interesting question for the tax payers of GMC, if accounts are broken into as a result of secuirty breaches at these libraries, who is picking up the liability bill?
The hacker who is never traced,
or the council?
Question is, did the council take "reasonable" measures to ensure the security of the machines, and/or post warnings that these are public machines, and hence would advise against use for personal or financial transactions?
I'll have to look this up but I'm not convinced a virtual keyboard is completely safe...
I have however, seen some online games where you have an option of using a virtual keyboard built into the game client itself, to log in, where the layout of the keyboard is completely randomly regenerated for _every_ keystroke, just presumably to foil mouse loggers, so these guys must have presumably been worried enough.
"Interesting question for the tax payers of GMC, if accounts are broken into as a result of secuirty breaches at these libraries, who is picking up the liability bill?"
Not *that* interesting for GMC taxpayers, indeed I don't think they will even give a shit, seeing as these libraries are run by Cheshire East Council, not GMC.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
