Thursday 17 February 2011

The Spy Next Door: Stealing your life for £44

How easy can it be to steal your life?  For less than 44 quid is it possible to steal your bank account username, password and bank account security questions? For less than 44 quid is it possible to harvest your credit card details, including your credit card security code and Verified by Visa or MasterCard SecureCode password? Is it possible to read your private Emails and access your Email account?  Is it possible to monitor all your private web surfing habits and instant messenger conversations, and obtain your username and passwords for all your websites?
Well for £43.83 all this is possible by using the Spy Cobra USB drive.  Once plugged into your Windows PC, it installs a hidden monitoring application in less than 20 seconds, after which the drive can be removed. From that point on every single key stroke is recorded, it records all websites visited and even takes screenshots of what is displayed on the screen, and stores these screenshots at regular intervals. The device even encrypts the information it stores locally on the drive, so you can’t tell what is being stolen.
All a perpetrator needs to do is to plug the Spy Cobra USB device into your PC, and return to collect your most important personal information which it has harvested from your PC at a later date, information which can be truly life stealing from an identity thieves perspective. You might think twice about allowing that friend or neighbour to use your home PC, or even leaving folk unattended in the presence of your PC while it is still logged on.

In the past I created such devices, however I found most Anti-Virus protection eventually caught up and stopped it from working, this is good reason to keep your anti-virus up-to-date, while disabling media auto-run within Windows can also help defend from similar spy USB devices from automatically installing. However looking at the way the Spy Cobra installs its spyware payload, I think it is likely it will not be detected by most Anti-Virus at present, this is something I will be researching further and reporting back on.
Hardware Key Logger

There are also hardware based keystroke recorders available for anyone to buy openly in the UK which most anti-virus applications can never detect. For the same £44 price as the Spy Cobra you could purchase the LM Technologies USB Keyboard Logger (see picture above). This ‘hardware’ key logger fits snugly between the keyboard and PC USB connection, and will record weeks of your keystrokes.  Hardware key loggers like this don’t require the computer to be in use or even switched on to be installed and often go undetectable by the operating system (PC) and anti-virus. Furthermore these devices are very difficult to spot, when is the last time you checked the keyboard cable going into the back of your PC?

Only twos days ago at libraries just around the corner from the Information Commissioner's Office in Wilmslow, hardware keyloggers were found attached to publicly used computers, no doubt the bad guys were trying to steal credit card and bank account credentials. http://www.theregister.co.uk/2011/02/15/hardware_keyloggers_manchester_libraries/