Key Logging

Rich Tehrani : Communications and Technology Blog -
Rich Tehrani
| Communications and Technology Blog - Latest news in IP communications, telecom, VoIP, call center & CRM space

Key Logging

Tom Cross does some excellent work over at TECHtionary. Here is a recent entry into his extensive database on keylogging. To further the plug, advertising on his site or licensing his library are two ways to support his excellent efforts to educate many of us on technology via animation and simple to understand definitions.

TECHtionary Responds to ABC News Special Report – Key Loggers

The animated TECH-Tip tutorial is available at

Last night a special report on ABC News identified key loggers as "causing at least one-third of all online crime." This is a special TECHtionary report on this insidious crime. To begin with, keylogging, VoIP phone keypad trackers, keyboard sniffers, system monitors, loggers and trackers are programs that monitor every keystroke and data flow to and from the keyboard.

There are generally three types:

  • Software loaded into computer memory
  • Wireline physical connector device connections including telephones
  • Wireless "sugar cubes," Trojan Horse (fake) WiFi AP-Access Points or other "bugged" spy devices such as wireless video cameras & phones.

While various types of encryption systems are widely available, they are not used enough to prevent attacks. For example, MD5-Message Digest 5 is a 128-bit "digital code" (such as 34b7da764b21d298ef307d04d8152dc5). MD5 is one of many "hash" algorithms used in SSH-Secure SHell, SIP-Session Initiation Protocol, Java and other systems. Other hash algorithms include CRC-Cyclic Redundancy Check and SHA-1 Secure Hash Algorithm.  Hash comes from "corn-beef hash" or ground up beef (words) which is created from private or public encryption creating unreadable code characters with a nonce (time stamp or other randomly generated code or word).

Cookies are scripts to record access to a host/server. Cookies fall into the script-centric domain, not in the page-centric domain. Like a "laundry ticket," a cookie lets the server/host record your access. Cookies were created because HTTP-HyperText Transfer Protocol is a "stateless" (without record) protocol. That is, HTTP does not create/save a session with the server/host. That is, in order to keep track of the laundry, Amazon and thousand of other sites to use cookies to create special presentations in your browser such as recommended list of products to buy based on your purchasing history. A cookie contains text-only that is placed in the RAM-Random Access Memory on your computer and the saved to the hard disk drive when the browser is closed (X). Let's look at how cookies get inside your computer "cookie jar." Cookies are brought to your PC as text along with web site images inside the browser HTTP-Hyper Text Transfer Protocol. Cookie ingredient can also include cookie "bytes" called Location IDs, Location Poisoning or URL Poisoning (explained next). Shown here are the "ingredients" (commonly known as spyware, adware, malware, etc.) inside the cookies. Like with any technology, there are many benefits but open to even more abuses.

Location Poisoning or URL Poisoning uses the HTTP Error 302 - Moved Temporarily - designed to redirect low-level URL sub pages) web requests in case of server failure to redirect (send) to another site called a virtual server. Error 302 redirection can send the user to a server which may track user behavior (poison).  That is, add key logging programs.  Another type of URL Poisoning places additional content (such as a virus) on your PC. On a positive note, SSL-Secure SHell digital certificates use a single specific host name and not subject to URL Poisoning.

GUID-Global Unique IDentifier is a text-character string (message) based on an IP-INternet Protocol address contained (embedded) in the down-loaded software program or a browser cookie. The GUID is a type of spyware/adware that identifies the user to the provider's server/host program. Some programs require the user to enter an email address to download the program or access certain areas in the web site.

Spyware-Adware - GUID (and associated IP address), telephone keypad tracking, email and other content tracking systems can be saved in a log of IP-Internet Protocol addresses accessed by the user and saved in a database for marketing, audit, legal or other reasons. This database can be cross-referenced against other databases such as credit-banking, public information (driver's license, marriage, police, tax) and location services such as telephone number, address, etc. This information can be sold with few legal restrictions regarding transfer of this information to any third-party. Anti-Spyware programs remove even the most devious spyware programs using a constantly updated database of thousands of known threats. You can schedule regular scans or perform one manually to find and remove spyware and adware from your PC. Smart software (shields) block browser hijacks before they happen.

Bottom Line - "There is no absolute system to protect your from network slowdowns, spam, libelous postings, offensive e-mails, recreational surf abuse, hacker or any other legal liability." The remainder of this discussion is an introduction to cookies, spyware, adware, GUID-Global Unique Identifier and other network intrusion systems.

Featured Events