Currently available programs include WinWhatWhere Investigator, Spector Pro, Key Ghost and D.I.R.T.
Here's a close-up on keystroke logging programs:
Federal authorities used keystroke logging in the successful prosecution of an accused Mafia loan shark in New Jersey. The case helped establish keystroke logging as a legal tool similar to a wiretap, in that authorities must first get a warrant from a judge before installing it on a suspect's computer.
In 1999, FBI agents in New Jersey got a judge to give them permission to break into the office of Nicodemo S. Scarfo Jr., son of jailed mob boss Little Nicky Scarfo. The agents installed a keystroke logging program on Scarfo Jr.'s personal computers, and the computer evidence obtained by the program was later used against Scarfo in a 200l trial in which he was accused of running a sports betting ring.
Scarfo's lawyers attempted to have the computer evidence thrown out on the grounds that it violated his constitutional rights. But in December 2001, a judge upheld the use of the evidence, noting that as criminals embrace new technology, law enforcement authorities must do likewise. In March 2002, Scarfo pleaded guilty to a federal gambling charge, and is due to be sentenced later this year.
The CERT Coordination Center, a well-known, federally funded reporting agency for Internet security problems, first put the spotlight on keystroke logging in 1992. In a revised memo from 1997, CERT outlines some recommendations for its use that were developed in coordination with the Justice Department.
The center agreed with the Justice Department that there are legal uses for keystroke logging in the investigation and prosecution of criminals. However, the CERT Coordination Center recommended that network administrators in the workplace inform workers that the keystroke logging software was in place. They suggested that some sort of warning banner come up on the computer screen when someone signed on to a network that used a keystroke logging system.
CERT Coordination Center:
Employers Need To Warn Workers They're Being Monitored
Most keystroke logging programs are software that needs to be physically installed on the computer, either with a CD-ROM, diskette, from a network connection or from a program attached to an e-mail.
The software programs have become increasingly sophisticated in their ability to hide themselves in a computer's hard drive. The Investigator program, for example, periodically renames itself and moves to a different location in the computer's hard drive to avoid detection. However, if a user was suspicious about his computer, there are ways to look for suspicious programs that load when a computers starts.
In a new wrinkle, manufacturers are now offering keyboards and keyboard cables that have the snooping technology hardwired directly inside. Thus, someone could look for software inside a computer's hard drive, and never know that it was actually machinery within the keyboard or cable itself.
The FBI is developing keystroke logging programs that can invade a user's computer via an Internet worm in an e-mail. The program will have to be sophisticated enough to avoid detection from typical anti-virus software. Agents, depending on the circumstances of the investigation, would still require authorization by either a state or U.S. attorney general or a judge.
By Dave Hancock