Skip to main content
Local

Keylogging programs pose cyber security threat to campus

 width=

Keylogging device connects the computer and the keyboard, allowing every keystroke to be recorded. (Creative Commons)

A BYU student only wanted to obtain lecture slides that the professor had refused to give him. So he broke into his professor's office to steal them from the professor's computer. Then the student realized how easy it was to change his grades. The next thing he knew, he was being arrested by BYU University Police.

This student gained access to usernames and passwords by installing a USB keylogger, which recorded all the keystrokes on the computer.

Professors are not the only people victimized by the use of keyloggers. According to University Police, the student first practiced using the keylogger on public BYU computers and acquired private information from students. Even though the police have only made two arrests involving students using keyloggers, they are concerned that the problem might be more extensive.

Many websites protect against hackers by encrypting passwords, adding security questions and using Completely Automated Public Turing Test To Tell Computers and Humans Apart, or CAPTCHA, codes. But with keylogging, these protections are nullified.

'Most of us are not security minded,' said Officer Jake Styer, a University Police investigator. USB keyloggers are small and inconspicuous. They connect to the end of a keyboard USB cord and then into the computer. Styer explained that unless a person is constantly checking their computer USB ports, they might not detect it.

'They are probably a bigger issue than most people realize,' said Richard Crookston, the information technology manager in the religious education department. 'Most of the time they go completely undetected and they are not discovered. That's what they are for. They are there to be discreet.'

Some types of malware download keyloggers onto a computer, hiding this dangerous software from a person's view. Visible or not, keyloggers make it possible to deliver private information to computer hackers. With a keylogger, not only can a hacker change grades, they can change the balance of a bank account or the amount of money charged on a credit card.

Carlos Enrique Perez-Melara is on the Federal Bureau of Investigation's cyber most wanted list for manufacturing and distributing a keylogger software program called 'Lover Spy,' according to the FBI's website. Melara advertised this program on a website to help customers 'catch a cheating lover.' The program was activated by a greeting card send to victims' email addresses and captured passwords, lists of visited websites, intercepted email messages and keystroke logs and sent them to the purchaser's email.

In 2012 Penneco Oil, located in Pittsburgh, lost $3.5 million because of a malware which installed a keylogger, according to Forbes. The malware was installed on the treasurer's computer and the keylogger captured login details for the company's bank account. The company still doesn't know how the malware infected the computer.

There are ways to protect computers from keyloggers. Some companies produce anti-keylogging software, which scans computers for foreign software, provide virtual keyboards and can encrypt keystrokes and/or remove a keylogger software. Avoiding websites and links that are questionable or unfamiliar is the easiest way to protect against downloaded software. USB keyloggers are easily detected, if a person is constantly vigilant.

'Suck it up, climb under your desk and check (USB ports) out,' Styer said. He also recommends locking doors when leaving computers in an office, checking USB ports on public computers, logging out of computers after using them, being careful of confidential sites visited on public computers, avoiding websites infamous for malware and updating protection software.

Keyloggers are not always used illegally. Some companies, schools and individuals use keylogging to monitor people using computers and to keep track of personal passwords and user names. Styer said anyone who finds a foreign device on a computer should report it so the police can do something about it.

'In order to install (an illegal keylogger) you have to be somewhere where you shouldn't be,' Styer said.

In general, persons who illegally install keyloggers commit burglary and computer crimes, which often lead to 3rd degree felony charges. Both BYU students who were caught keylogging were dismissed from school and one served time in jail.