Project Gunman

In 1984, a covert NSA operation called Project Gunman quietly swapped out eleven tons of communication equipment from the US embassy in Moscow. President Reagan had quickly authorized the creation of Project Gunman after receiving information from France about a surveillance device they’d discovered while repairing one of the teleprinters from their embassy in Moscow. Concerned that the United States had also been targeted, but not wanting to attract attention from Russia, a plan was formed to catalog and quietly replace the communication equipment from all sensitive areas within the embassy. It was then sent back to the NSA and carefully studied. Project Gunman led to the discovery of sixteen bugs, all contained within IBM Selectric typewriters. The typewriters had been in use for at least eight years.

The “Selectric Bug”

These surveillance bugs, since nicknamed “Selectric bugs,” functioned as the first known keystroke loggers. As the name suggests, these devices were developed to detect print head movements as sensitive documents and communications were typed and then remotely transmit the information to a nearby listening post.

Keystroke Loggers

Keystroke loggers or keyloggers, as they’re referred to today, do still exist as hardware devices; however, the challenge to gain physical access to a system makes them far less practical. Instead, the vast majority of keyloggers now in use around the world are in the form of software programs. Instead of keys on an electric typewriter, these software programs detect and record everything typed on a computer or mobile keyboard.

While keylogging software has one specific functionality, there are two separate categories for it: monitoring software, and malware (malicious software).

Monitoring Software

Legitimate monitoring software is developed and supported by a software company. It could be used by law enforcement to collect information, or by a company wanting to monitor employees, by information technology firms collecting diagnostic information, or by concerned parents or spouses desiring answers. These are all legally permitted if installed by the device owner and can be used to monitor other users on that system.

Keylogging Malware

Keylogging malware is a computer program or mobile application covertly installed without permission to collect private information about a person or organization. After installation, the software begins collecting passwords, account credentials, credit card numbers, email accounts, search histories, and other private information. Keylogger programs can also be designed to operate a computer webcam or microphone on a mobile phone. The collected data is critical for committing cyber crimes, such as stalking, extortion, financial fraud, or corporate espionage.

Social Engineering Tricks

Tricking a specific person into installing keylogger malware usually involves a little social engineering. By gathering a few public details, such as the name of the accountant in a corporation and their email address, hackers can send out an email posing as a coworker. In this example, the email might describe an urgent financial error that the accountant needs to fix and then refer to the “attached invoice.” The accountant might even reply to the email; however, the entire exchange is a charade, and the attached file contains the keylogger malware.

Once installed, the keylogger begins collecting information that a cybercriminal can use to create financial transactions or other social engineering schemes as they move through the organization. Social engineering is a highly successful approach that cybercriminals use to steal massive sums of money from corporations. Other scenarios could utilize peer-to-peer file sharing or sending attachments through social media, text, or instant messages. The success of entire hacking operations often hinges on the security training and awareness of individuals.

Keyloggers on a System

Keyloggers are notoriously covert in their operation. However, some people may notice slower browser performance, mouse or keyboard lag, error messages, or keystrokes that aren’t appearing on the monitor. Keyloggers are typically installed in hard-to-reach locations within a computer system, increasing the likelihood that they will go unnoticed. They also rarely travel alone, bundled together with various collections of other adware, spyware or viruses. Use a reputable antivirus or malware removal software program to locate and remove them.

The Best Keylogger Defense

Security training and awareness is a valuable defense against many common social engineering tactics. Creating strong and unique passwords for every account is also helpful to prevent a hacker from gaining access. Regularly update the operating system, applications, and web browsers. These are common and yet fundamental best practices to increase overall security. Use an antivirus or cybersecurity software to perform scans regularly. Consider using security software with endpoint protection and email scanning tools to block emails that may contain malware.

Final Thoughts

There will always be people seeking to gain by exploiting a system, but there’s a lot that individuals can do to protect both their personal information and the information of the companies and organizations where they work. The most common best practices can often be the most important.

References:

IBM Selectric Bug. (2018, September 29). Retrieved from https://www.cryptomuseum.com/covert/bugs/selectric/#gunman

What is a Keylogger? (2013, July 23). Retrieved from https://securingtomorrow.mcafee.com/consumer/family-safety/what-is-a-keylogger//

Immanuel. (2018, July 21). What is a keylogger? How to Remove Them. Retrieved from https://antivirus.comodo.com/blog/computer-safety/what-is-a-keylogger/

What is a Keylogger? Retrieved May 30, 2019 from https://usa.kaspersky.com/resource-center/definitions/keylogger

Keylogger. Retrieved May 30, 2019 from https://www.malwarebytes.com/keylogger/

Flores, Ryan. (2016, March 16). Olympic Vision Business Email Compromise Campaign Targets middle East and Asia Pacific Companies. Retrieved from https://blog.trendmicro.com/trendlabs-security-intelligence/olympic-vision-business-email-compromise/

Osborne, Charlie. (2018, October 3). Zoho domains central to keylogger, data theft campaigns worldwide. Retrieved from https://www.zdnet.com/article/zoho-domains-central-to-keylogger-data-theft-campaigns-worldwide/