Reconnaissance and Surveillance: Keyloggers

An important tool for reconnaissance and surveillance, the keylogger is a program that records keystrokes on a device and maps them to a log. By reviewing this log, one can collect a wide range of useful and important information. As users enter their login credentials or other sensitive information into their keyboards, the keylogger collects this input. It does so in a way that the information can be found and extracted.

How is a keylogger installed?

There are many programs out there that offer keylogging functionality. One of which includes old-school Linux terminal applications like LogKeys and advanced programs with graphical interfaces and paid features. Whichever program is being used, the function is the same: Collect and store keystrokes. These programs can be installed simply and indiscreetly from the internet with physical access, but a skilled user could even install keyloggers remotely. This is done through compromised networks, remote access, phishing, and other methods of spreading malware. As for how a keylogger is used, the process is simple. Enable the keylogger and collect information from its output in the log file. By configuring the program, you can choose where the log is stored, how frequently the keylogger is active, which keywords to scan for, and several other secondary features. As with many other tools, the keylogger can be used for both malicious and beneficial purposes.How can a user protect themselves from keyloggers? Protection from keyloggers is accomplished in a few ways.

1. A user can take steps to prevent their installation.
2. Detect keyloggers already installed on a device.
3. Remove keylogging programs from devices entirely.

Specialized software has been designed to detect keyloggers on computers, but it can also be done manually. A user can disable all applications from communicating over the network. Of course, exceptions can be made for pre-approved applications. This is known as whitelisting. A user could also use the use of network monitoring programs like Wireshark to detect programs communicating data to unknown devices.While there is a variety of keylogging tools available, keyloggers fall into two categories; software, and hardware. The keyloggers just described are software keyloggers. However, there also exists physical devices that can record keypresses. These may be:

1. Faux connectors between the keyboard and the PC
2. Devices installed directly into keyboards
3. Or wireless devices that can detect and reveal keypresses sent between a PC and a wireless keyboard.

Beyond the method of how the individual keyloggers work, it is important to know about each tool, how to it, and how to prevent their installation.