Difference between revisions of "What is:Keylogger/ko"

From Information Security Terms
Jump to navigation Jump to search
(Created page with "소프트웨어 키로거 및 하드웨어 대응 물 (하드웨어 키로거)의 작동은 완전히 다른 두 가지 기술을 기반으로합니다. 즉, 키 입력을 다...")
(Created page with "PC 사용자는 다릅니다. 그들은 정보 처리에서 다른 역할을합니다. 특정 사용자는 다음과 같습니다. 운영 체제의 개발자 * 소프트웨어...")
Line 12: Line 12:
 
소프트웨어 키로거 및 하드웨어 대응 물 (하드웨어 키로거)의 작동은 완전히 다른 두 가지 기술을 기반으로합니다. 즉, 키 입력을 다른 방식으로 기록합니다.
 
소프트웨어 키로거 및 하드웨어 대응 물 (하드웨어 키로거)의 작동은 완전히 다른 두 가지 기술을 기반으로합니다. 즉, 키 입력을 다른 방식으로 기록합니다.
  
Well, PC users do differ; they play different role in processing of information. Any particular user could be:
+
PC 사용자는 다릅니다. 그들은 정보 처리에서 다른 역할을합니다. 특정 사용자는 다음과 같습니다.
* a developer of an operating system;
+
운영 체제의 개발자
* a software developer;
+
* 소프트웨어 개발자;
* a CEO of an enterprise;
+
* 기업의 CEO;
* a business owner;
+
* 사업주;
* an administrator of a corporate computer network;
+
* 회사 컴퓨터 네트워크의 관리자;
* a computer user with an administrative privilege;
+
* 관리 권한이있는 컴퓨터 사용자
* a workplace PC user;
+
* 직장 PC 사용자;
* a user who owns the computer;
+
* 컴퓨터를 소유 한 사용자
* an Information Security Specialist;
+
* 정보 보안 전문가;
* etc.
+
*
  
 
It is these people who determine whether it is reasonable to use keyloggers in their activities.
 
It is these people who determine whether it is reasonable to use keyloggers in their activities.

Revision as of 03:57, 3 March 2020

Other languages:
Bahasa Indonesia • ‎Bahasa Melayu • ‎Deutsch • ‎English • ‎Tiếng Việt • ‎Türkçe • ‎español • ‎français • ‎italiano • ‎português • ‎русский • ‎العربية • ‎فارسی • ‎हिन्दी • ‎中文 • ‎日本語 • ‎한국어

키로거 란 무엇인가

웹에는 키로거에 대한 많은 정보가 있지만 키로거의 개발 및 사용에 대한 수많은 뉘앙스를 자세히 설명하는 기사를 찾기가 실제로 어렵습니다.

이것이이 기사가 작성된 이유입니다.

키로거또는 키 스트로크 로거는 컴퓨터 키보드에서 누른 키를 기록하는 소프트웨어 프로그램 또는 하드웨어 장치입니다.

키로거의 동의어는 키 스트로크 로거이며, 수행하는 작업을 키 스트로크 로깅또는 키보드 캡처라고합니다.

소프트웨어 키로거 및 하드웨어 대응 물 (하드웨어 키로거)의 작동은 완전히 다른 두 가지 기술을 기반으로합니다. 즉, 키 입력을 다른 방식으로 기록합니다.

PC 사용자는 다릅니다. 그들은 정보 처리에서 다른 역할을합니다. 특정 사용자는 다음과 같습니다. 운영 체제의 개발자

  • 소프트웨어 개발자;
  • 기업의 CEO;
  • 사업주;
  • 회사 컴퓨터 네트워크의 관리자;
  • 관리 권한이있는 컴퓨터 사용자
  • 직장 PC 사용자;
  • 컴퓨터를 소유 한 사용자
  • 정보 보안 전문가;

It is these people who determine whether it is reasonable to use keyloggers in their activities.

It is common knowledge that use of any technology can be either beneficial or harmful; this also applies to processing of information using computers.

Where is the vague line between the legal and illegal use of keyloggers?

The answer is simple – it could be distinguished only according to how these keyloggers are applied! It is the method of their application that allows you to see the line between security management and security violation.

The term “unauthorized use” (“illegal use”) means that the keylogger was installed without the knowledge of the owner (security administrator) of a local network (e.g. of a company or an organization) or a particular personal computer. The concept of "unauthorized activity" is pretty close to the concept of "illegal activity" in almost all countries of the world.

Unauthorized keyloggers (both software and hardware ones) are referred to as spying devices or spyware (spy software, spy program, keylogger).

Their unauthorized use is usually associated with illegal activities. As a rule, spyware products for unauthorized use are capable of configuring and receiving a bundled executable file, which neither displays any messages nor opens windows during installation. Also, these products have built-in tools that can deliver and remotely install a pre-configured module on the user's computer, i.e. the installation process takes place without direct physical access to the user's computer and often does not require administrative privilege.

The term “authorized use” (“legitimate/legal use”) means that the keylogger was installed with the knowledge of the owner (security administrator) of a local network (e.g. of a company or an organization) or a particular personal computer. Legally used keyloggers (software or hardware ones) are usually referred to as employee monitoring software, parental control software, access control software, personnel security programs, etc. As a rule, such software products require physical access to the user's computer and the administrator must have administrative privilege to configure and install them.

What they are used for

Authorized use of keyloggers allows the owner (security administrator) of a local computer network or the owner (administrator) of a computer to:

  • identify all the cases when critical words or phrases (i.e. the ones, disclosure of which to third parties will lead to material loss) are typed;
  • be able to access the information stored on the computer’s hard drive if the access password is lost due to any reason (the employee’s illness, deliberate actions of the personnel, etc.);
  • promptly identify (localize) all cases of brute force attacks;
  • check whether corporate personal computers are used outside working time, and if yes, identify what was typed at that time;
  • investigate computer incidents;
  • conduct scientific research determining how accurate, efficient and adequate were the personnel’s reactions to external influences;
  • recover critical information after computer systems’ failures.

Developers of commercial software products can use keylogger-containing modules for many purposes, including the following:

  • to develop quick word search systems (e.g. electronic dictionaries, electronic translators);
  • to develop programs for quick search for names, companies, addresses (e.g. electronic phonebooks)

Unauthorized use of keyloggers (including hardware or software products with a keylogging module) allows an attacker to:

  • intercept other people's information typed on the keyboard;
  • get unauthorized access to usernames and passwords people use to access various systems, including bank-client systems;
  • get unauthorized access to cryptographic protection of computer users’ information (passphrases);
  • gain unauthorized access to credit card authorization data;

Classification of keyloggers

Classification according to the type

Software keyloggers belong to the group of software products that exercise control over activities of a PC user. Initially, software products of this type were intended solely for recording keystrokes pressed of the keyboard, including system keys, and saving these data into a special log file, which was subsequently studied by the person who installed this program. The log file could be sent over the network to a network drive, an FTP server in the Internet, to an email address, etc.

But nowadays, software products that retained the name “keyloggers” perform many additional functions, such as intercepting information from windows, mouse clicks, the clipboard contents, making screenshots of the screen and active windows, keeping records of all received and sent e-mails, tracking file activity and changes in the system registry, recording tasks sent to the printer, intercepting sound from a microphone and images from a webcam, etc.

Hardware keyloggers are miniature devices that can be placed between the keyboard and the computer or integrated into the keyboard itself. They log all the keystrokes made on the keyboard. The keylogging process is completely invisible to the PC user. Hardware keyloggers do not require installation of any software on the target PC in order to successfully intercept all keystrokes. When a hardware keylogger is attached, it does not matter whether the computer is in on or off. Once installed, a hardware keylogger can work for unlimited time, since it does not require an additional power source.

Volume of these devices’ internal non-volatile memory allows recording up to 20 million keystrokes, even with Unicode support. These devices come in lots of shapes, so that even a specialist sometimes fails to detect such a device during an information audit. Depending on the place they are attached, hardware keyloggers can be external and internal.

Acoustic keyloggers are hardware devices that record the sounds from the keys being pressed on the keyboard, analyze these sounds and convert them into text.

Classification by the log file storage location

  • HDD;
  • RAM;
  • registry;
  • a local network;
  • remote server;

Classification by the means of sending the log file

  • E-mail;
  • FTP or HTTP (in the local network or the Internet);
  • any wireless connection (radio, IrDA, Bluetooth, WiFi, etc. for devices in the immediate vicinity, or, in advanced systems they are used for overcoming air gaps and enabling data leakage from physically isolated systems).

Classification by presence in signature databases

Signatures (small clips of code) of well-known keyloggers are already included into signature databases of reputable manufacturers of antispyware and antiviruses.

Some of unknown keyloggers, whose signatures are not included into signature databases, are likely to remain unknown for a number of reasons, namely:

  • keyloggers (keylogging modules) can be developed under the auspices of various governmental organizations;
  • keyloggers (keylogging modules) can be incorporated into the core of a proprietary operating system by its developers;
  • keyloggers can be developed in a limited number (e.g. in one or several copies) to fulfil a specific task, related to theft of critical information from a user's computer (for example, software products used by professional hackers). These spyware products can be slightly modified open source keyloggers taken from the Internet and compiled by the attacker, which changes the signature of the keylogger;
  • commercial keyloggers, especially the ones included as modules into corporate software products, are very rarely included into signature databases of well-known manufacturers of anti-spyware and/or anti-viruses. As a result, if a fully functional version of this software product leaks into the Internet, cybercriminals can turn it into a spyware product that is not detected with common antispyware or antiviruses;
  • keyloggers, which are modules for intercepting keystrokes on a user's computer, which are included in virus programs. Before the signature data is entered into the virus database, these modules are unknown. An example is the world-famous viruses that have done a lot of trouble in recent years, incorporating a module for intercepting keystrokes and sending received information to the Internet.

Protection from unauthorized keyloggers

Protection against unauthorized software keyloggers, which are ‘known’, i.e. its signatures are included into signature databases:

  • use of antispyware software and/or antivirus software products from reputable manufacturers with automatic updating of signature databases.

Protection from ‘unknown’ unauthorized software keyloggers:

  • use of anti-spyware software products and/or anti-virus software products of reputable manufacturers that use so-called heuristic (behavioral) analyzers to counter spyware products, that is, they do not require a signature base.
  • use of programs that encrypt data entered from the keyboard. Also, you can use keyboards that perform such encryption at the hardware level.

Protection against unauthorized software keyloggers, both “known” and “unknown”, includes using anti-spyware products and/or anti-viruses from reputable developers. These products counteract spyware products by means of:

  • constantly updated signature database of spyware products; or
  • heuristic (behavioral) analyzers that do not require a signature base.

Protection against unauthorized hardware keyloggers includes:

  • thorough external and internal inspections of the computer systems;
  • using virtual keyboards.

The main signs that developers included a keylogging module into a software product

If a software product has a built-in functionality that prompts options for typing the word after a few keystrokes, it means that a keylogging module does its job.

Keylogging modules are an integral part of modern instant messengers, text editors, dictionaries, spell checkers, keyboard layout switching programs, etc.

The danger of such software products lies in the fact that they are not officially considered malicious, as they perform very necessary functions for computer users. But unlike software for parental control or employee monitoring, where all functions are openly announced by their manufacturers (developers), users are not aware of side functions of such seemingly benign programs - even their developers and manufacturers are often silent about them... Nevertheless, cybercriminals can make use of keylogging functions in these products, if they manage to configure this software without your knowledge.