Do Internet Cafes have Keyloggers? - Page 2 - Ajarn Forum

Eric C · 23rd November 2007, 16:41

Assume the worst is my advice. Don't do any important business, e.g. banking or credit card purchases, at internet cafe computers.

Whitey · 23rd November 2007, 17:14

Exactly, I assume when using any computer that is not my own or that I do not have control over that it will have a keylogger installed.

But just to be my clear this is what I said:

Quote:

Software keyloggers and spyware are found on just about every computer you will come into contact with.

I hate the spyware, but it's even easier to ifnd spyware on a computer than a keylogger. All of these idiots who wreally think they are getting a better, free program and then decide to download it. I've seen spyware infesting student computers. I hardly think they behave any more cautiously at an internet cafe than they do at school.

I think keyloggers are a bit less common, but think about it. If you are of a nefarious mind and you know that if you install a keylogger, you can get access to bank accounts, credit cards and even more. Just go into the net cafe in a tourist area, install a software keylogger and have the results emailed to you. You don't need someone to log into their bank account even. If they just log into their base email account, they are just as vulnerable. Why? They probably have their bank accounts linked to the email. Just do a simple lost password request. If you were a nefarious person.....

For best security, keep your financial email separate from your personal email. Have a different password for each of them.

Also make sure you use a different password for forums than any of your other passwords. Why? Most good forum software like SMF and Vbulletin encrypts the passwords in such a way to prevent anyone getting access to the password even if you have access to the database. Unfortunately, unscrupulous forum owners(read SPAM forums), can modify the script to cause the password to be entered in the database twice. Once in a plain text field that they can read easily and the second in the normal forum password table.

Eric C · 23rd November 2007, 17:22

All great advice

dexter · 23rd November 2007, 17:34

Quote:

Originally Posted by Whitey

Exactly, I assume when using any computer that is not my own or that I do not have control over that it will have a keylogger installed.

But just to be my clear this is what I said:

I hate the spyware, but it's even easier to ifnd spyware on a computer than a keylogger. All of these idiots who wreally think they are getting a better, free program and then decide to download it. I've seen spyware infesting student computers. I hardly think they behave any more cautiously at an internet cafe than they do at school.

I think keyloggers are a bit less common, but think about it. If you are of a nefarious mind and you know that if you install a keylogger, you can get access to bank accounts, credit cards and even more. Just go into the net cafe in a tourist area, install a software keylogger and have the results emailed to you. You don't need someone to log into their bank account even. If they just log into their base email account, they are just as vulnerable. Why? They probably have their bank accounts linked to the email. Just do a simple lost password request. If you were a nefarious person.....

For best security, keep your financial email separate from your personal email. Have a different password for each of them.

Also make sure you use a different password for forums than any of your other passwords. Why? Most good forum software like SMF and Vbulletin encrypts the passwords in such a way to prevent anyone getting access to the password even if you have access to the database. Unfortunately, unscrupulous forum owners(read SPAM forums), can modify the script to cause the password to be entered in the database twice. Once in a plain text field that they can read easily and the second in the normal forum password table.

Frightfully good advice mate.

Earlyant · 11th December 2007, 05:42

I used a small Net cafe in Sukhapiban 3 in Bangkok, and it did have a keylogger. I used the cafe to check on Ebay.

Next day, when I used a PC at someones house, had messages from Ebay saying that someone had tried to access my credit card details and change address, password details, etc.

Luckily the card had expired. But, I don't think I'll be using a Net cafe over there again anytime soon.

bewildered wanderer · 11th December 2007, 08:05

^IME most of the internet cafes have keyloggers. The kids usually install them to steal others game accounts. If they pick up a CC#, that is a plus, but I have never had had problems cards, just game accounts.

Citan · 15th February 2008, 09:35

Considering the ease with which a keylogger can be installed and hidden in Windows XP sp2 or 3, I will say yes. Let me give an example.

I use a keylogger on my own computer which sends logs to my computer on localhost through the postfix mail protocol (think new sendmail). Why? To keep track of data flow into my computer, since logging is disabled except for event management and in the event of kernel discrepencies or when the system needs to know something (HAL or uDev for example). Now granted I use a Linux keylogger but the idea is the same.

On any computer, unless you built the OS, or are using something truely unique like HaikuOS or Amiga OS4 then there is a place where a keylogger can hide and nothing will find it except tools designed to tunnel out a keylogger. In Windows XP, this golden nugget would be (of many places) the System Restore Point, or the MBR. In Linux it is also the MBR, as is the same with Unix/BSD and Solaris.

Now I am not a Windows Guru by any strech of the imagination, but I do keep Windows Servers online at my home for playing with, testing, and beating up remotely for fun. I do know a little about Keyloggers so I hope sharing this information with you can help keep you safe.

Most software keyloggers to two things. First they start as a daemon (a background process in the memory module) and run, capturing key strokes as they are entered, and at a preset threshold (default is full memory) they export their log (defaulted on most software side loggers as an email address). This is a good and a bad thing. Keyloggers, on the software side come in memory flavors and have different functions, the main weakness being they can only run once the user has logged in, as this opens the runtime libraries on windows and allows memory and processes to allocate and doll themselves out for the run session. Most internet cafes I went to in Thailand never had anyone log out, they just used the timer.log thing which fakes a login screen until you pay the fee then they hit a switch in the main box to free up the lame ass screensaver they have. This means it could run all the time.

The issue is that the person using it has to have a goal, and be able to read keylogger hash. Most good (read, keylogger whereby you have to know how to read the manual...) do not export their files in plain text, they do so in a hash algorithm that you have to decode once it is on your local machine of choice. I am going to not give the peoples at internet cafes the benefit of the doubt and assume they are using whatever free keelog tool they found on google.co.th.

My experience in Thailand showed that, the majority of keylogged data people were doing was what we would call noodling. Like, how rednecks catch catfish. Same idea. You fish for specific traffic with a keylogger and export it to a non-local (out of country) site, for filtering and shipping out to whomever is your overlord. In Thailand, the hot ticket keylog item is game accounts. Stolen game accounts are big business in the underground. I do not care if you do not believe me, you're the one who can't find a google keylogger on a windows box, not me. Go to pantip and ask someone about how you "lost your RO account" and "are in need of a new one" and about how "oh shit I just dropped 100 baht, damn I miss my level 99 Blacksmith with x x x x and x item specs" watch how fast it appears back to you, in cd format too!

I assume most of them are using a keylogger from keelog.com as this is the most common and is considered to be a very high quality tool. It also has the advantage of being able to hide in many places, and starts are bootime (Linux/Unix/Anything System V= runlevel 1) and logs the login screen in its own hash, such that on Windows Xp after decrypting you get something like "$login=asdf && $pass=1234" (or well I would get something like that being on Linux anyway)

I would caution against USB keys. On Windows there is a regedit functon, something like Enable/Disable Autorun on all devices. I'm going to bet that that is on on almost any internet cafe in Thailand. this means it is disabled so all devices have autorun, which is very similar to executive permissions on a windows machine. Anything that wants to can jump from the autorun level into one of many hiding places on the machine and get to work, a good example being a tool called OPHcrack which runs from a bootable live CD and cracks the SAM hash (the file windows stores passwords and sensitive info in) when the auto run kicks in.

There is a thing which I won't go into detail on called the usbHacksaw. This is why you do not use usbkeys to carry your personal data unless you protect it, and disable any autorun before launching it.

**MORE TO COME, NEED TO EDIT AND GET MORE RELEVENT INFO FOR THAILAND PROPER**

Killing Me Softly 101 · 23rd February 2008, 05:01

Go to control panel, acessibility options and use the onscreen keyboard for password. I also do the control alt delete and see what processes are running. Sometimes a keylogger is called something like keylog.exe