Now, Every Keystroke Can Betray You

LA Times ^ | 9/18/05 | Joseph Menn

[Crackingham]

Bank customers know to shield their ATM passwords from prying eyes. But with the rise of online banking, computer users may not realize electronic snoops might be peeking over their shoulder every time they type. In a twist on online fraud, hackers and identity thieves are infecting computers with increasingly sophisticated programs that record bank passwords and other key financial data and send them to crooks over the Internet.

That's what happened to Tim Brown, who had account information swiped out of the PC at his Simi Valley store.

"It's scary they could see my keystrokes," said Brown, owner of Kingdom Sewing & Vacuum. "It freaks me out."

Brown learned of the scam only after security researchers stumbled onto a computer harvesting information from hundreds of PCs and felt compelled to alert some of the people who had the most data exposed. Realizing he was lucky to get the call last month, Brown changed his passwords and is hoping for the best.

"This even staggered us," said Alex Eckelberry, president of Sunbelt Software Inc., which found that the so-called keylogger program installed itself in a way most antivirus software could not block. "Online institutions now have to assume that the account holder may have been compromised."

SNIP

"We're seeing explosive growth in 'crimeware,' " said Peter Cassidy, the working group's secretary general. "It's really galloping."

Consumers are increasingly jittery: 42% say security concerns have caused them to change their electronic shopping habits, according to research firm Gartner Inc.

[TheHound]

There is only one thing I can say - Whenever you allow, keyloggers, viruses, trogans and the like on your computer, it is GWB's fault. ;>)

[mother22wife21]

Ping

[beef]

Microsoft and companies like them work their butts off on mandatory unpaid overtime to develop the rich and flexible APIs that make this possible. Then they go into mandatory unpaid double overtime to patch all the errors they made. Then it's 7 days a week, 16+ hours a day to fix the errors in the patches. Sometimes I think the whole world would be a lot better off if they would just relax a little, write *less* software, and make sure what they do write actually works.

[Lancey Howard]

bttt

[Tarpon]

A surefire fix is to boot and run from a Linux LiveCD like knoppix. A second way is to run Linux or do like I do, I run OpenSolaris.

[Gondring]

Sometimes I think the whole world would be a lot better off if they would just relax a little, write *less* software, and make sure what they do write actually works.

Like in the old days? Why, you right-wing, conservative, reactionary luddite! ;-)

I agree 100%.

[Jorge]

... the so-called keylogger program installed itself in a way most antivirus software could not block

Does this mean if you don't type your password it can't see it?
How about if you copy and paste?

[goldstategop]

Two rules to live up: keep your anti-virus software up to date and install Preempt and Spywareblaster to keep the crud from being installed in the first place. And as an additional safeguard, install Eric L. Howe's free Agnis blocklist to make sure no trojan-infested or crimeware site can run on your computer to install unwanted drive by software on it. With vigilance you can safely enjoy, bank and shop on the Internet without becoming a victim.

(Denny Crane: "Sometimes you can only look for answers from God and failing that... and Fox News".)

[Terpfen]

A third way is to run OS X. That way you can actually use the OS in a convenient manner.

[Tarpon]

True, but a LiveCD affords you of knowing what exactly is loaded and keeps anything from being added. You can even make them for yourself.

Mac OS-X is a reasonable alternative, as good as any of the disk based *NIXes.

[Terpfen]

True, but running a LiveCD as a primary OS is just asking for trouble, IMO. Better to use it as an option for recovering a computer that's been completely screwed over by junkware, IMO.

[rbg81]

A third way is to run OS X. That way you can actually use the OS in a convenient manner.


Hate to burst your bubble, but the reason Hackers target Windows and Explorer is because they are the dominant OS & browser. More bang for the buck for their effort don't ya know. If something else were on top, that would get targeted (and compromised) too. The more code, the more flaws to exploit.

[Izzy Dunne]

the reason Hackers target Windows and Explorer is because they are the dominant OS & browser.

Same old tired argument gets trotted out every time, no matter how many times it's debunked.

Did you ever wonder why a freakin' CELL PHONE, with 100,000 installed units, gets more viruses than a computer with 20+ million?

[Tarpon]

running a LiveCD as a primary OS is just asking for trouble,

Why do you say that? I use a Knoppix liveCD all the time. I put my information, bookmarks and other stuff on a USB key, boot and run. When I am done banking I shutdown and remove the usb key.

[Terpfen]

As a primary OS... for one, it's impossible to apply updates, and you can't quite burn an updated CD when you're using the Live CD to begin with. You're also stuck with the inability to install anything, from programs to program updates.

The LiveCD is a nice concept, but as a primary OS... nah.

[Tarpon]

Well you are right. But as I said you use it for only one purpose, running in a protected mode where you want to do just a couple of things with high security, like online banking, stock trading, buying on line. You don't need the latest updates, just functional. My trusty LiveCD is about a year old.

For normal use I run OpenSolaris from disk where the account is locked down. Only problem is multimedia which sucks on Solaris unless it's realplayer.

[Terpfen]

Running it for one or two tasks, I can understand: I wasn't rejecting it out of hand for such a thing. I'm just saying that as a primary OS, meaning a replacement for an OS installed on a hard drive, it wouldn't work.

[359Henrie]

I just got the bad taste of "progressives" out of my mouth. Now we call them keystrokes?

[Tarpon]

Well it does work, you're right, it's just not convenient. With knoppix you can use other storage as read-write, usb keys or usb hard drives for that matter. The key is main memory, I have 1.5 Gbytes in my on line box, so there is plenty to run completely out of memory. If you only have 512 mB it will be slower but still usable. For what I do, specifically sensitive things, the inconvenience makes up for the assurance in what I am doing.

Do you get many security updates with Mac OS-X? I quit using RH ES Linux because the security updates come out frequently. Solaris has very few updates and a simple patch system by comparison.