|Commercial Keyloggers : Exclusives : Blog : Home|
I’m sure we’re all familiar with the world of malware keyloggers – the ones installed through drive-by-downloads or received as attachments embedded within the latest batch of spam email messages. They’re often bundled with stealthy functions that hide them from popular anti-virus products and have the ability to regularly email criminals any passwords or login credentials they happen collect on the infected host.
While that kind of malware keylogger is typically developed and deployed by criminal gangs, did you know that there is a whole bundle of commercial-grade software-based keyloggers as well? These commercial keyloggers are designed for use by corporate IT/Security/Audit teams and law enforcement agencies, and they’re way more advanced than their malware cousins.
To a lot of security professionals, the mere mention of commercial keyloggers brings thoughts of thinly veiled spyware and browser popups. While there is still a gray-market for that kind of spyware, today’s commercial keyloggers are polished (and dare I say “trustworthy”) software monitoring applications geared towards corporate deployment and use.
The quality and feature-sets of these commercial keyloggers have matured in to very advanced monitoring and surveillance toolkits, and there is a pretty clear demarcation between those geared to a corporate clientele and those for use in monitoring spouses and children on home PC’s.
New regulatory requirements and high profile data losses have reinvigorated the commercial keylogger business. Data Leakage Prevention (DLP) has become a growth industry with major security vendors clamoring to purchase or secure exclusive rights to software companies specializing in on-the-fly data classification and extrusion blocking. As such, many of the newer developments in keyloggers have been honed or tuned to address this market (in some cases it’s just been to change the advertising literature and use the latest buzzwords).
What sort of corporate features can you expect from a commercial software keylogger?
While they still go by the name “keylogger”, the tools themselves have evolved beyond the name used to describe them and can best be described as local surveillance systems. What sort of monitoring capabilities do these commercial keyloggers typically provide?
By way of example, here are some screen shots of a popular commercial keylogger suite – Spy Lantern.
Getting your hands on a keylogger
The keyloggers themselves are very easy to get hold of. Most can be purchased online and range from $40-$200, with heavy discounts for bulk license purchases, and can be downloaded from the publishers site after receiving a credit card payment.
Many of the commercial keylogger suits marketed as home computer monitoring systems (e.g. keeping track of the spouse and children) also provide avenues to ‘trial’ the software before purchase.
There are a great number of commercial keylogger software providers out there – with many concentrating on local markets (to take account of language and popular peer-to-peer messaging applications specific to a country) – but luckily there are several good keylogger review sites. One of the better keylogger sites is KEYLOGGER.ORG.
Why would a criminal use a commercial keylogger?
One problem with the online purchase and download of these keyloggers is the fact that they are so easy to get your hands on. For only a few dollars, advanced monitoring solutions can be acquired by all and sundry, and easily deployed on hosts for which the attacker has no rights to install upon. Therefore, the barrier to entry for criminal identity theft and fraud is very low – you can almost think of it as a “no assembly required” sticker on the box – and any unskilled attacker can quickly get up to speed and begin their latest criminal endeavor.
Just as interestingly, a quick analysis of the top-10 rated keyloggers on KEYLOGGER.ORG revealed that 80% of them already had publicly available cracks or keygens (quick searches on KeyGen.US) – effectively meaning that the cost of these keylogging suites is $0 to any criminals.
Another interesting perspective in using a commercial keylogger over some uber-elite one-of-a-kind malware keylogger (rather than concerns over quality and reliability) is the fact that many of these keyloggers have been designed for, and are in use within, corporate environments. Consequently, whilst almost all anti-virus products are capable of detecting their presence, many commercial and popular anti-virus products downgrade their alerts when detecting them. Why? Because, in a lot of cases, corporations deploy this keylogger software inside their own networks and don’t want any “false alerts” popping up on the monitored hosts.