This wonderful little gadget is for sale over at Thinkgeek. It is colored an innocuous IBM grey so no one will notice when you attach it to their keyboard. It fits between the back of the PC and the keyboard cable. It needs no power and it can record 130,000 keystrokes. It works like a software keystroke logger. Once it is installed it just captures anything that is typed: usernames, passwords, URLs, email, banking info, everything. To access the data the owner of the device just types the password into any word processor and then you start to communicate with the device. It is very slick. Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.
Of course this is exactly how the greatest attempted bank heist in history was pulled off. The bank robbers installed these devices on machines inside the bank and eventually got access to Sumitomo Bank’s wire transfer capability. They then proceeded to transfer more that $440 million to various accounts in other countries. Read all the gory details in this article I just published.
The one thing I do not mention in the article is that it is reported that Sumitomo Bank’s best practice for avoiding a repeat attack is that they now super-glue the keyboard connections into the backs of their PCs.
Saturday, August 28, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment