Thursday 17 February 2011

The Spy Next Door: Stealing your life for £44

How easy can it be to steal your life?  For less than 44 quid is it possible to steal your bank account username, password and bank account security questions? For less than 44 quid is it possible to harvest your credit card details, including your credit card security code and Verified by Visa or MasterCard SecureCode password? Is it possible to read your private Emails and access your Email account?  Is it possible to monitor all your private web surfing habits and instant messenger conversations, and obtain your username and passwords for all your websites?
Well for £43.83 all this is possible by using the Spy Cobra USB drive.  Once plugged into your Windows PC, it installs a hidden monitoring application in less than 20 seconds, after which the drive can be removed. From that point on every single key stroke is recorded, it records all websites visited and even takes screenshots of what is displayed on the screen, and stores these screenshots at regular intervals. The device even encrypts the information it stores locally on the drive, so you can’t tell what is being stolen.
All a perpetrator needs to do is to plug the Spy Cobra USB device into your PC, and return to collect your most important personal information which it has harvested from your PC at a later date, information which can be truly life stealing from an identity thieves perspective. You might think twice about allowing that friend or neighbour to use your home PC, or even leaving folk unattended in the presence of your PC while it is still logged on.

In the past I created such devices, however I found most Anti-Virus protection eventually caught up and stopped it from working, this is good reason to keep your anti-virus up-to-date, while disabling media auto-run within Windows can also help defend from similar spy USB devices from automatically installing. However looking at the way the Spy Cobra installs its spyware payload, I think it is likely it will not be detected by most Anti-Virus at present, this is something I will be researching further and reporting back on.
Hardware Key Logger

There are also hardware based keystroke recorders available for anyone to buy openly in the UK which most anti-virus applications can never detect. For the same £44 price as the Spy Cobra you could purchase the LM Technologies USB Keyboard Logger (see picture above). This ‘hardware’ key logger fits snugly between the keyboard and PC USB connection, and will record weeks of your keystrokes.  Hardware key loggers like this don’t require the computer to be in use or even switched on to be installed and often go undetectable by the operating system (PC) and anti-virus. Furthermore these devices are very difficult to spot, when is the last time you checked the keyboard cable going into the back of your PC?

Only twos days ago at libraries just around the corner from the Information Commissioner's Office in Wilmslow, hardware keyloggers were found attached to publicly used computers, no doubt the bad guys were trying to steal credit card and bank account credentials. http://www.theregister.co.uk/2011/02/15/hardware_keyloggers_manchester_libraries/

7 comments:

0wasp said...

Dave, you may already know but a batch of hardware keyloggers were recently discovered attached to the public computers in a Manchester library. May be worth you adding a link to that story

SecurityExpert said...

Speak of the devil and so close to home too, thanks for the heads up with that story, linked added.

PS OWASP are one of my favourite security communities

Chatback Security said...

Excellent article. Hardware key loggers can be spotted (if you look) but this is a new threat. Do you consider them to be a threat to networked PC's also? I have a put a link to the story on my blog www.chatbacksecurity.com

Olivia said...

Nice post which All a perpetrator needs to do is to plug the Spy Cobra USB device into your PC, and return to collect your most important personal information which it has harvested from your PC at a later date, information which can be truly life stealing from an identity thieves perspective. You might think twice about allowing that friend or neighbour to use your home PC, or even leaving folk unattended in the presence of your PC while it is still logged on. Thanks a lot for posting this article.

Connie said...

It is almost scary what technology can do these days.

Anonymous said...

Thanks , I have recently been searching for information approximately this
topic for ages and yours is the greatest I have came upon till
now. However, what in regards to the bottom line?
Are you certain in regards to the source?

Feel free to surf to my webpage ... windows 7 password reset

Anonymous said...

Everything is very open with a very clear description of the challenges.
It was truly informative. Your website is extremely helpful.
Many thanks for sharing!

Feel free to surf to my page :: kickasstorrents