Super glue, bank heists and keyloggers . . .
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Super glue, bank heists and keyloggers . . .

  1. #1
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416

    Super glue, bank heists and keyloggers . . .

    I just nabbed this from Digg so some of you may have seen it, but I thought it was worth a post:

    This wonderful little gadget is for sale over at Thinkgeek. It is colored an innocuous IBM grey so no one will notice when you attach it to their keyboard. It fits between the back of the PC and the keyboard cable. It needs no power and it can record 130,000 keystrokes. It works like a software keystroke logger. Once it is installed it just captures anything that is typed: usernames, passwords, URLs, email, banking info, everything. To access the data the owner of the device just types the password into any word processor and then you start to communicate with the device. It is very slick. Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.

    Of course this is exactly how the greatest attempted bank heist in history was pulled off. The bank robbers installed these devices on machines inside the bank and eventually got access to Sumitomo Bank's wire transfer capability. They then proceeded to transfer more that $440 million to various accounts in other countries. Read all the gory details in this article I just published.

    The one thing I do not mention in the article is that it is reported that Sumitomo Bank's best practice for avoiding a repeat attack is that they now super-glue the keyboard connections into the backs of their PCs.
    http://blogs.zdnet.com/threatchaos/?p=319

    Thats the article, but there is a pic and links.
    .

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    After reading the article I noted the statement: "Luckily the police were involved by that time and were able to stymie the attack."

    Not sure if that means the authorities prevented the entire attack, just partially or make it look like the monies were transferred in order to bring a heavier sentence on the crooks?

    I also wonder about how much "luck" was involved in finding the keystroke monitors?
    Did a technician find it when performing his daily/weekly rounds?

    It seems a better solution than superglueing the keyboard cable, is to perform better background investigations of bank personnel.

    Which reminds me of a comedy by Steve Martin.
    He's (Navin) a nerdy gas station attendant responsible for daily operations when some nutjob/madman with a rifle randomly picks his name from the phone book and comes a calling.
    At the gas station the madman sits in his car across the street peering at Steve through a rifle scope waiting for an opportune time.
    Madman Dead centre: - say you're prayers, half breed!
    (oil cans begin to pop on the pyramid display Navin is standing next to)
    Navin: Hey Harry, look at this! What's the matter with these cans?
    Madman: Die milk face!
    (more oil cans pop and oil pours out)
    Navin: These cans are defective - they're springing leaks! Come
    over here and look at this!
    Harry: Listen, you better run for cover or you're going to spring
    a leak!
    Navin: Huh?
    Harry: We don't have defective cans, we have a defective person
    out there!
    Navin (excitedly): HE HATES THESE CANS!! STAY AWAY FROM THE CANS!!
    Madman: Die gas pumper!
    (the glass on a pump breaks)
    Navin: GET AWAY FROM THOSE CANS!!
    (Navin hides beside a soda pop machine while madman peppers the machine with bullets)
    Navin: THERE'S CANS IN THERE TOO!
    (Navin runs inside the station and crouchs behind another display of oil cans)
    (the gas station window breaks)
    Navin: MORE CANS!!
    Madman: Die you bastard!
    Harry: He doesn't want to put holes in the cans, he want to put
    holes in you!
    Navin: What?
    Madman: Milk faced bastard!
    Navin: Oh my God, I'm endangering your life! Cover me!
    Harry (shrugging): You're covered.
    Madman: Suck my toes!
    Navin: You stay here, I'll distract him.
    (Navin pulls away in a car with no tires on, Madman follows
    behind)

    CLASSIC !!
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.

    You can't detect or remove this device, or you can't detect and remove a software keylogger? Either of them are removable. The software keylogger might be harder to detect though.

  4. #4
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    ZT3000, I have seen what your talking about and its very funny
    Git R Dun - Ty
    A tribe is wanted

  5. #5
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    ...and don't forget the usb models.

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    The worst are ones hidden inside the keyboard itself

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Do they make 'em for laptop keyboards?

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes,

    Obviously you need physical access to install it.


  9. #9
    I had to install a few of them at the Cafe, as i had suspicions that one of the employees was short changing the till.
    as the till is hooked to the computer, and they have to type everything in, then click a button on the screen and the till will open and reciept is printed.

    anyhow after installing the device i gathered evidence for a 2week period, as the police insisted.
    And had a very good case against the ex employee, who is now paying me back 2bucks a week.
    so much for believing in the court system to punish criminals..

    f2b

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    The worst ones are soldered to the motherboard or built inside the connector bodies, or placed under discrete components.

    It really wouldnt be beyond the realms of possibility to modify the bios either.

    brokencrow: it still uses PS/2 within a laptop and I think seen as PS/2 is a serial comms protocol that it would be possible to just either attack the "bus" or attach something to the external connector on the inside.

    The thing with the device mentioned is that it use a program to download the memory of the device, why is it not possible to poll the keyboard with the data that this program uses, and if it detects a response then you know you have a problem,

    i2c

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •