First things, first! Always try to avoid accessing your online accounts from public computers (cybercafe, etc.). With all the keyloggers that may be stuffed in public computers, they pose a severe security risk to users. Keyloggers mean not just trojans, but commercial keyloggers as well. In this post, we will share how you can find, avoid, and confuse keyloggers by scrambling keystrokes in Public computers.
What are keyloggers?
Key Loggers are software or hardware tools that capture the user’s keystrokes from the keyboard. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on specific clerical tasks. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others hence stealing users private data.
Aim of this post on keyloggers
Our goal here is to confuse the keylogger by making it log some gibberish instead of our valid password. Of course, this is not entirely foolproof, though. Nothing is foolproof on the internet. We only have to make it harder for the hacker. (Note: These are tips I follow. If you have better ones, let everyone know by commenting here.)
Types of Key Loggers
We’ll be dealing with two kinds of keyloggers; software and hardware keyloggers.
- Hardware keyloggers are much easier to detect. They are mostly attached between the keyboard and the CPU. A manual inspection should be enough in most cases.
- Software keyloggers, on the other hand, are much more complex and hence challenging to deal. Most of them record keystrokes, mouse events, clipboard activity.etc. So our best bet is to scramble the keystrokes smartly.
How to avoid Keyloggers by scramble Keystrokes on Public computers?
Let’s say we have to enter a password ‘jazz.’
- Click the password box, type any random key. Select the entered random key with the mouse and type j. So we entered the first letter of the password.
- Click the password box, type a random key. Again click and type a random key. Select the last two letters with your mouse and type the next valid key of your password.
In this case, we managed to enter two unwanted characters as against one in the first step.
Continue in a similar way to finish typing the password. You can choose any number of random characters between your password.
So the keylogger will log something like:
Note how we used unwanted mouse clicks so that a mouse click is recorded before the random letters also. You can also experiment entering the password in the reverse order, in fact, any order.
This method can be used for entering the username too since most banks have account numbers as the username. If you are suffering from some keylogger phobia, use this technique while typing the URL also.
Another way is utilizing the browser’s search bar or address bar to camouflage the password. For, e.g., Click the password box and type a letter of the password. Now click the browser’s address bar or search bar and type some unwanted letters. Alternate between the password box and address/search bar till you finish. The result will be the same as the former method.
How to find the hardware keyloggers?
Hardware key loggers are easy to find. They are devices which are attached in between keyboard and CPU junction. If you are suspicious about them, check the backside of CPU and notice if something is fishy. The images will give you a better idea.
Is it feeling secure? Well, this sort of stuff may not work against the smart keyloggers. Yeah, the ones that also take a screenshot when a keystroke or mouse event is detected.
There’s a solution for that too, but it is cumbersome. Take a Live CD of any of the Linux distributions. Insert and use ( and hope Linux will detect the hardware so you can start surfing; I have read Ubuntu Linux is good.). Even if you can successfully access from the Live CD, don’t forget to use the above tips to work around the hardware keylogger.
How to find software keyloggers?
Open Task Manager by doing a right-click on the task manager, and selecting it. Look for any suspicious program which is running in the background. If you find something, I would suggest not using the computer at all. You may think of killing the process, but they usually respawn.
If it is urgent, best would be to use the virtual keys offered by websites. Avoid anything on the computer.
Again as I mentioned in the beginning, always try to avoid dealing with confidential data from Public Computers. What are the precautions you take? Do you know a better technique? Feel free to comment.