Jump to content

Suggestions about keyloggers


Wetwork

Recommended Posts

I have a client who wants to implement a keylogger on his network but after researching the web about this for a bit he is unhappy with the choices that are out there for so-called commercial use

He is running a windows based network and wants it to be invisible to his staff who he feels more than one of them might be violating there non compete clause in there contracts but wants proof of such actions

can anyone suggest some either created keylogger or a commercial product that can be implemented on either a server based or workstation based system with auto dump to e-mail or secured file to a remote terminal via SSH?

Note: he has assured me in writing that this software will NOT be used to scam CC #'s or passwords

your input is appreciated

Link to comment
Share on other sites

If the client only wants to monitor IM perhaps a IM gateway should be implemented which logs all conversations.

that was one of my suggestions and he wants to go for the full keylogger package and i got to do what i can to make the client happy

Link to comment
Share on other sites

what he explained to me was that most of the commercial packages come wrapped up with other forms of network monitoring such as screenshots, web monitoring and other monitoring packages. the other issues that he has is that for most of the pre-packaged commercial products its cost prohibitive when it comes to a network of over 50 systems

if i can find a client based key logging program that just does key logging i thin that he will be happy and continue to use my company for the extended future and that = good revenue for me :)

Link to comment
Share on other sites

Your client probably needs to higher a programmer if there are no solutions that serve his purpose.

You probably also need to explain that software should not be solely used to implicate blame. This is a horrific idea, the software could stop working for any number of reasons, if alerts that the software has stopped working fail to be generated or are ignored, then how useful was it. More over, the key logging system could be compromised which would either render the system useless or worse. Worse been, some one makes a copy of all the logs and takes them away. Now all the companies email, IM's, usernames and passwords are all in evil hands, which of course means you need to go in to incident (or in this case disaster) response mode. Change every ones password and preferably username, contact every one emailed since the logs started explaining what's happened and what risk they are at as a result of the companies idiocy.

As an IT professional you need to make the risks clear to your client involved with such a system rather than saying "ok, I'll make it work". If your client asks about making it secure, only so much can be done to make any thing secure.

More on the technical aspects of what needs to be done (if this is what I gather needs to be done) If I where to make such a system I would make it a separate server/client system. I would use simple http post requests over SSL to transmit all captured data (easy to implement). The server would save it in some way. This method is fairly secure in the sense that data sent can't be sniffed, and since the server application is essentially acting as write once storage, it can't be accessed as if it where saving files straight to a windows share. This doesn't stop the server from been compromised in other ways however. E-mail is ok but can be sniffed easily.

Link to comment
Share on other sites

Your client probably needs to higher a programmer if there are no solutions that serve his purpose.

You probably also need to explain that software should not be solely used to implicate blame. This is a horrific idea, the software could stop working for any number of reasons, if alerts that the software has stopped working fail to be generated or are ignored, then how useful was it. More over, the key logging system could be compromised which would either render the system useless or worse. Worse been, some one makes a copy of all the logs and takes them away. Now all the companies email, IM's, usernames and passwords are all in evil hands, which of course means you need to go in to incident (or in this case disaster) response mode. Change every ones password and preferably username, contact every one emailed since the logs started explaining what's happened and what risk they are at as a result of the companies idiocy.

As an IT professional you need to make the risks clear to your client involved with such a system rather than saying "ok, I'll make it work". If your client asks about making it secure, only so much can be done to make any thing secure.

More on the technical aspects of what needs to be done (if this is what I gather needs to be done) If I where to make such a system I would make it a separate server/client system. I would use simple http post requests over SSL to transmit all captured data (easy to implement). The server would save it in some way. This method is fairly secure in the sense that data sent can't be sniffed, and since the server application is essentially acting as write once storage, it can't be accessed as if it where saving files straight to a windows share. This doesn't stop the server from been compromised in other ways however. E-mail is ok but can be sniffed easily.

That goes without saying but the original question still stands for recommendations of either written or precomplied software key loggers

I am not one to implement a job without trying to explain the ramifications of a particular hardware or software choice to a client. I have been in this game for far too long (over 10 years) to base my reputation on "just getting the job done" because when the music stops i am the one that will get the heat. When a client asks me to investigate a possibility i must by my own ethical code do my best to explore that direction.

the security of this situation is more by obfuscation in the fact that the only two people that will know if its exisitance is the owner of the company and myself. SSL implementation of the transfered logs was a consideration that was going to go into effect before posting my query to the forums. If i was more of a coder i would just write the damn thing myself and be done with it but being that my coding sucks i must look to my peers to see if they have a suggestion

Link to comment
Share on other sites

more importantly how will all this infomation be stored securely and who is going to run through all this log , it will contain everything typed ever on that keyboard thats going to mount to 1000's of lines of genuine text, in there somewhere is going to be the 1% of capture your after x this by 50 users = a headache and massive amounts of logged passwords and usernames sitting everywhere on your infrastructure !

its not the way to pratice. if messenger is a problem - block it or like mentioned above force it through a gateway.

+ if you block messenger it will force users to use outlook which you have much better control over monitoring etc.

Link to comment
Share on other sites

a search parameter in the log can solve that problem of finding the proverbial needle in the haystack. The file will be stored in an encrypted folder on an offside SSH protected drive and like i said there will be security by obfuscation. Closing off instant messengers wont work with outside e-mail programs such as yahoo, gmail or meebo that work over port 80 and is necessary for web access.

I guess that i will close the topic and look around some more to meet my clients needs since the answer isnt going to be found here. Thank you for all that replied to this thread

Link to comment
Share on other sites

Irongeek has studied a number of keyloggers. Here he details Keymail, a keylogger for Windows that emails the logs to you; and here is a video in which he covers a number of hardware keyloggers.

But, to repeat a point that you've already been told several times: no matter how sneaky you or your client are, there's still the possibility that one of the employees will discover the logger on his computer. Obviously he will feel aggrieved; and if/when he realizes that he isn't being targeted specifically and that all his colleagues' machines are also being keylogged, he'll see the potential value of this logging and may decide to get revenge by copying the logs for himself. And then your client will really be screwed. Maybe the employee wasn't doing anything underhand; but once he learns he's being spied on, he probably will get up to some bad stuff, possibly using his boss's spying utilities against him.

I know, you've already said that you've told your client all this and he doesn't care. But I'd suggest that the fact he doesn't care indicates that he doesn't really understand the risks. So maybe you need to tell him some more. Explain to him that you cannot make the spying 100% secure, and that if it backfires it could cost him big time. And there are other ways to monitor his staff's activities - ways that do not involve installing spyware on individual computers that the employee may discover.

But hey, you know all this already, right?

Link to comment
Share on other sites

thats my point tho what are you going to search for ?

it's sounding abit like entrapment

After continuing discussions with my client on the topics that were discussed in this thread he has informed me that the search will be limited to keywords aimed at proprietary data that the company produces. I have had multiple discussions with him regarding the safety of said data and that no system is 100% secure (being a CEH pentester i can attest to this fact) but recent losses of clients to "other" providers of "similar" products have enraged him and wants to in his own words "plug the leaks" within his company. Other suggestions outside of key loggers such as exchange monitoring (and is in place as i find out and is not where the leak is coming from) were put forth by my company but he likes the idea of a keylogger.

In discussions of the ramifications if the logs were discovered he has stated and i will investigate this on my own by looking at the non-compete and the non-disclosure contracts that every employee had to sign. he states its within his rights as owner of the company and of the products and data that the company produces. If i do find a solution and implement it there will be a Hold-Harmless contract that i will have him sign so i don't get dragged down into the mud if something goes wrong.

First and foremost i am going to cover my ass and if he is going to burn its on him but a job is a job

@ Firebrand

Thanks.....this is a good suggestion and will investigate it, Hardware keyloggers isn't a direction that i had considered going with but it might be a possibility for this job

thanks all for your input

Link to comment
Share on other sites

If your client is trying to find how information is leaking, you don't need to know what is been typed on the keyboards, you need to know who is accessing what and when then attempt to follow where it goes, this is not some thing a keylogger can do. Tbh, the only way to do this is to do realtime monitoring of all computers in the company combined with access logs.

Use the access logs to figure out who accessed the data and when, use the monitoring software to see what happened on the computer at that time.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...