Free “Kid Logger 5.5” Key Logger and Activity Recorder

Looking for a good Key Logger program that is free? Check out the opensource program Kid Logger 5.5.

Recently I was in need of a key logger type program. As for my list of needs, it needed to record keys typed, websites visited and most of all needed to be low cost. Kid Logger meets all those needs and more.

Kid Logger not only records key strokes and webpages visited, but also logs chat room sessions, programs opened, pictures or videos viewed, copy/paste operations and USB drive usage. But that is not all; it also takes desktop screen captures at a defined interval, can be set to record audio chats, or can be triggered to record any sound by a definable sound level. And if that is not enough, the program can be password protected and encrypts all logs by default.

You can also record individual user’s activities from a user checklist.

 

That is an impressive list for a free program. But how well does it work? Exceptional, as you can see below, the program records every keystroke to a running log.

 

Also, it keeps screen captures in the log directory in .JPG format.

 

I was very impressed with Kid Logger, especially upon viewing the logs and seeing a log entry that stated “Internet History Deleted”. Very interesting indeed.

Because of its laundry list of capabilities, Kid Logger could be used in a variety of situations. It does a great job of keeping tabs on young children and what they are getting into. But be forewarned, logging a user’s actions without prior consent is illegal in many areas. So before you run out and install this on all your employee’s machines, you will need to check with your state and local laws.

Check out Kid Logger, you will not be disappointed.

Advertisements

Definition of Cyber War still in Flux

Interesting seminar today at Arcsight called “Hacking the Odds – Gaining a House Advantage over Modern Threats”. I must admit that it wasn’t at all what I was expecting. I thought it would be on modern defense techniques and tactics, but it ended up being an expo on cybercrime and defining cyberwar.

I was disappointed at first, but some interesting points did come out of the talk. First and foremost, defining Cyber War and what it is, is still a hot topic amongst policy makers. Dr. Prescott B. Winter of Arcsight (and former NSA Associate Deputy Director) had some very interesting points.

First and foremost, he compared cyberwar to physical war. In a physical war, we see troops in uniform forming up, arms preparations, ship and naval units moving into position. There are several tangible things that happen that we know lead to battle. You do not have that in Cyberwar. There are no early warning systems, no radar returns, no thermal images of the enemy advancing to attack. Also, it is hard to see which direction you are being attacked from in a cyber war. When Estonia faced cyber attacks in 2007, they had evidence pointing to over 100 nations where attacks came from, when in reality it was just the work of one nation.

Secondly, we are not the only nation having trouble defining cyberwar. With differences of opinions, policy and political stances, all the nations may never agree on set international rules and laws. Many times too, we are not facing a foreign country or rogue nation, but a lone hacker or cyber crime syndicate trying to make money.

This too brings up its own unique issues. How do you prosecute cyber crime? What may be illegal in one nation may not be in another. Also, if we have a hard time getting state, local and federal police to cooperate, how much harder is it when you get foreign police services involved? Then again what about when the case is taken to court? Cybercrime Expert Andy Crocker mentioned in the broadcast that when he was prosecuting a case in Russia that he used a Power Point presentation because the court was not up to speed on the technical issues of cyber crime. The result? The court argued for a week if Power Point presentations were legal in Russian courts.

To wrap up, I loved one of Dr. Winters analogies on policy. He said that we have strict policies on airplanes coming in and out of the US. Planes in disrepair are not allowed to fly over US cities. But, he said that we allow malicious foreign traffic on our systems every day.

Policy changes are indeed needed and quickly.

Spoofing a Website Address: How to Obscure a URL

I have been asked recently about the dangers of clicking on unknown links in e-mails. This lead to a discussion on how hackers disguise website addresses or URLs. There are actually several tactics that spammers and hackers will use to disguise a website address. Today, I wanted to take a quick look at some of them.

Microsoft released a good article on how to recognize spoofed sites. Spammers will try to register website names that are close to the website they are trying to spoof. For example, misspelled words like Micosoft, or Mircosoft would be options for someone trying to spoof Microsoft. Another common tactic is to use the number “0” in place of the letter “O”. Or adding extra words in the website name works as well, like security-microsoft.com. Internet Explorer 8 tries to help you recognize these tactics by always highlighting the domain name in bold so you can verify the spelling.

Also, spammers will use very long names in links to disguise the actual site that they are trying to send you too. A website address (also called Fully Qualified Domain Name) can be up to 255 characters long. So when displayed in the address bar, it wraps so you cannot see the whole address. They will add some official looking directories in the name to make it look more legit. For example:

http://www.malwarebadsite.com/up_to_no_good/exploited_machines/…lots_of_random_junk…/Official/Microsoft/Security/Updates/. When displayed, you will only see the “/Official/Microsoft/Security/Updates/” part of the address.

Okay these ones you could catch if you scrutinize the address closely enough. But there are other ways to write a domain name. For example, you can use the IP address instead of the name. If you open a command prompt and type “ping google.com” you will see “pinging Google.com [72.14.204.103]”. You can take that number and place it into the Internet Explorer address bar and you will end up at Google.com. That one is well known, but how else can you write the address? Here are some other less known ways to write an internet address:

  1. DoubleWord (dword): Google.com in dword is 1208929383
  2. Hexadecimal: Google.com in Hex is 0X480ecc67 (convert the IP to hex and then add “0x” in the front so IE known that it is a Hex number.)
  3. Octal: Google.com in Octal is 0110.016.0314.0147 (Convert the IP address to Octal, and then add a “0” in front of each number so IE knows that it is octal.)

Go ahead, copy and paste any of the numbers above in your IE browser and you will end up at Google.com. Or you can “ping 1208929383” from a command prompt and you will get a response from 72.14.204.103. Firefox seems much better than IE at parsing these out, placing these numbers in Firefox did not seem to work, I got a DNS error or BAD ADDRESS error message. Hackers will use the numbered IP addresses instead of a domain name to further mask the malware site.

If you want to know more, an excellent article for converting IP addresses to other forms and full instructions on how to do so can be found at PCHelp.com. Two sites that are helpful in converting the IP address are IPAddressLocation and IPAddressConverter.

One last point to keep in mind. Website spoofing is not just used by vicious hackers. Sometimes your users may be using this tactic also. When you set up your firewall filter and block sites that you don’t want your users on, some routers will allow users to bypass the filter by using the spoofing tactics listed above. So if you want to keep people off youtube.com, you may need to also block the actual IP address and possibly the other variants listed above as well. I have seen SOHO setups where specific sites were blocked by name, allowing no access to the domain name, but you could still get to them by putting in the IP address.

Internet Surfing Safety Tips – Part Two

Whenever you go to a website, everything you see is downloaded to your computer and stored. Also, whenever you select preferences on a website, this information is stored in what is called a “cookie”. That way, when you go to your favorite news website again, it reads your preferences from the cookie and takes you right to your personalized page. The settings for how long this information is to be stored are set in your browser. Also, your browser stores the history of websites that you have visited.

Herein lies the problem, hackers can setup a website that looks legitimate. When you go to this website, it could use a software program that reads your history cache and tell what sites that you have been on. They may also be able to access your cookies. Why is that so bad you ask? Well, say you give this bogus site a name and password, to sign up for a fake newsletter or such. Most people like to use the same name on many sites. It could also be the name you use for your company login. Also, you do use different passwords for different sites right? If you don’t, they now have your username, password and a list of your other sites that you visit. You didn’t give them your credit card number too did you??

Okay, so how to protect yourself? Don’t order online, unless you feel the site is legit. Don’t use the same password for your online backing and your social networking accounts. Delete your history and temporary internet cache whenever done on a secure site, like banking, ordering online, or any government or military accounts. Check your internet browser help for instructions on deleting your internet history.

Daniel Dieterle