Super glue, bank heists and keyloggers . . . - Antionline Forums

hesperus · April 22nd, 2006, 02:53 PM

I just nabbed this from Digg so some of you may have seen it, but I thought it was worth a post:

Quote:

This wonderful little gadget is for sale over at Thinkgeek. It is colored an innocuous IBM grey so no one will notice when you attach it to their keyboard. It fits between the back of the PC and the keyboard cable. It needs no power and it can record 130,000 keystrokes. It works like a software keystroke logger. Once it is installed it just captures anything that is typed: usernames, passwords, URLs, email, banking info, everything. To access the data the owner of the device just types the password into any word processor and then you start to communicate with the device. It is very slick. Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.

Of course this is exactly how the greatest attempted bank heist in history was pulled off. The bank robbers installed these devices on machines inside the bank and eventually got access to Sumitomo Bank's wire transfer capability. They then proceeded to transfer more that $440 million to various accounts in other countries. Read all the gory details in this article I just published.

The one thing I do not mention in the article is that it is reported that Sumitomo Bank's best practice for avoiding a repeat attack is that they now super-glue the keyboard connections into the backs of their PCs.

http://blogs.zdnet.com/threatchaos/?p=319

Thats the article, but there is a pic and links.

ZT3000 · April 22nd, 2006, 04:05 PM

After reading the article I noted the statement: "Luckily the police were involved by that time and were able to stymie the attack."

Not sure if that means the authorities prevented the entire attack, just partially or make it look like the monies were transferred in order to bring a heavier sentence on the crooks?

I also wonder about how much "luck" was involved in finding the keystroke monitors?
Did a technician find it when performing his daily/weekly rounds?

It seems a better solution than superglueing the keyboard cable, is to perform better background investigations of bank personnel.

Which reminds me of a comedy by Steve Martin.
He's (Navin) a nerdy gas station attendant responsible for daily operations when some nutjob/madman with a rifle randomly picks his name from the phone book and comes a calling.
At the gas station the madman sits in his car across the street peering at Steve through a rifle scope waiting for an opportune time.
Madman Dead centre: - say you're prayers, half breed!
(oil cans begin to pop on the pyramid display Navin is standing next to)
Navin: Hey Harry, look at this! What's the matter with these cans?
Madman: Die milk face!
(more oil cans pop and oil pours out)
Navin: These cans are defective - they're springing leaks! Come
over here and look at this!
Harry: Listen, you better run for cover or you're going to spring
a leak!
Navin: Huh?
Harry: We don't have defective cans, we have a defective person
out there!
Navin (excitedly): HE HATES THESE CANS!! STAY AWAY FROM THE CANS!!
Madman: Die gas pumper!
(the glass on a pump breaks)
Navin: GET AWAY FROM THOSE CANS!!
(Navin hides beside a soda pop machine while madman peppers the machine with bullets)
Navin: THERE'S CANS IN THERE TOO!
(Navin runs inside the station and crouchs behind another display of oil cans)
(the gas station window breaks)
Navin: MORE CANS!!
Madman: Die you bastard!
Harry: He doesn't want to put holes in the cans, he want to put
holes in you!
Navin: What?
Madman: Milk faced bastard!
Navin: Oh my God, I'm endangering your life! Cover me!
Harry (shrugging): You're covered.
Madman: Suck my toes!
Navin: You stay here, I'll distract him.
(Navin pulls away in a car with no tires on, Madman follows
behind)

CLASSIC !!

devpon · April 22nd, 2006, 06:05 PM

Quote:

Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it.

You can't detect or remove this device, or you can't detect and remove a software keylogger? Either of them are removable. The software keylogger might be harder to detect though.

*The Texan* · April 22nd, 2006, 07:13 PM

ZT3000, I have seen what your talking about and its very funny

*brokencrow* · April 22nd, 2006, 07:37 PM

...and don't forget the usb models.

***nihil*** · April 22nd, 2006, 07:58 PM

The worst are ones hidden inside the keyboard itself

*brokencrow* · April 22nd, 2006, 10:20 PM

Do they make 'em for laptop keyboards?

***nihil*** · April 22nd, 2006, 10:28 PM

Yes,

Obviously you need physical access to install it.

.:front2back:. · April 23rd, 2006, 01:08 PM

I had to install a few of them at the Cafe, as i had suspicions that one of the employees was short changing the till.
as the till is hooked to the computer, and they have to type everything in, then click a button on the screen and the till will open and reciept is printed.

anyhow after installing the device i gathered evidence for a 2week period, as the police insisted.
And had a very good case against the ex employee, who is now paying me back 2bucks a week.

so much for believing in the court system to punish criminals..

f2b

*i2c* · April 23rd, 2006, 09:16 PM

The worst ones are soldered to the motherboard or built inside the connector bodies, or placed under discrete components.

It really wouldnt be beyond the realms of possibility to modify the bios either.

brokencrow: it still uses PS/2 within a laptop and I think seen as PS/2 is a serial comms protocol that it would be possible to just either attack the "bus" or attach something to the external connector on the inside.

The thing with the device mentioned is that it use a program to download the memory of the device, why is it not possible to poll the keyboard with the data that this program uses, and if it detects a response then you know you have a problem,

i2c