XP, Linux and Keyloggers

[W. eWatson]

I posted the following a Linux NG.
===================
A friend believes that someone put a h/w keylogger on her laptop (Vista).
She doesn't have the experience to pull apart the laptop to find it, and I'm
too far away to help. She's recently had trouble with restoring Win Vista to
the laptop, and it may be because her install DVDs are bad. To get her back
on her feet, I told her to install Fedora, which she is in the process of
doing. My question is how likely is that the keylogger will be effective
under Linux? I might think 0, since it seems likely a h/w keylogger would
more likely built for Win than Linux. Comments?
=========end===========
There were many responses to this. Probably most of them thought the OS
doesn't make a difference, but there were a few who disagreed, or maybe got
tangled in the complexities of. Several days my friend called, and updated
me on the matter. I summarize it here.
=============================
She met a fellow who has extensive experience with h/w and s/w, and he
opened the laptop, and found several places where unconventional items
appear. He told her that installing neither Linux or Vista would help, but
XP would. Tomorrow they will finish off the XP install. I guess what I'd
like to see is turning the table on the culprit by using whatever these
items are to trace back to him.
=============end================
Several posts followed that disagreed that XP would make a difference. Does it?

--
W. eWatson

(121.015 Deg. W, 39.262 Deg. N) GMT-8 hr std. time)
Obz Site: 39° 15' 7" N, 121° 2' 32" W, 2700 feet

Web Page: <www.speckledwithstars.net/>

 

[Erwin Moller]

W. eWatson schreef:

I posted the following a Linux NG.
===================
A friend believes that someone put a h/w keylogger on her laptop
(Vista). She doesn't have the experience to pull apart the laptop to
find it, and I'm too far away to help. She's recently had trouble with
restoring Win Vista to the laptop, and it may be because her install
DVDs are bad. To get her back on her feet, I told her to install Fedora,
which she is in the process of doing. My question is how likely is that
the keylogger will be effective under Linux? I might think 0, since it
seems likely a h/w keylogger would more likely built for Win than Linux.
Comments?
=========end===========
There were many responses to this. Probably most of them thought the OS
doesn't make a difference, but there were a few who disagreed, or maybe
got tangled in the complexities of. Several days my friend called, and
updated me on the matter. I summarize it here.
=============================
She met a fellow who has extensive experience with h/w and s/w, and he
opened the laptop, and found several places where unconventional items
appear. He told her that installing neither Linux or Vista would help,
but XP would. Tomorrow they will finish off the XP install. I guess what
I'd like to see is turning the table on the culprit by using whatever
these items are to trace back to him.
=============end================
Several posts followed that disagreed that XP would make a difference.
Does it?

Hi,

I am no profesional spy, but here are my 2 cent:

If this piece of hardware is, well, custom hardware, it might very well
be possible it taps in directly to the keyboardsignals and logs them,
effectively completely circumventing the OS.

All kinds of keyboardlogger are available, eg: http://www.keyghost.com/

How the people who placed the item in there want to get the info out is
another matter:
1) they need physical access to read it back.
In this case the OS doesn't matter.
2) The thingy interacts with the computer: eg the apparatus has an IO
address. Then you can read it back via software (and spyware on the
computer)
In this case changing the OS might help.

I doubt anyone can give you any guarantuees without knowing more about
the specifics of this hw keylogger.

What about asking the police?
Or were they the ones that placed it? ;-)

just my 2 cent.
Good luck.

Regards,
Erwin Moller

--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare

 

[Daave]

I posted the following a Linux NG.
===================
A friend believes that someone put a h/w keylogger on her laptop
(Vista). She doesn't have the experience to pull apart the laptop to
find it,
and I'm too far away to help. She's recently had trouble with
restoring Win Vista to the laptop, and it may be because her install
DVDs are bad. To get her back on her feet, I told her to install
Fedora, which she is in the
process of doing. My question is how likely is that the keylogger
will be effective under Linux? I might think 0, since it seems likely
a h/w keylogger
would more likely built for Win than Linux. Comments?
=========end===========
There were many responses to this. Probably most of them thought the
OS doesn't make a difference, but there were a few who disagreed, or
maybe got tangled in the complexities of. Several days my friend
called, and updated me on the matter. I summarize it here.
=============================
She met a fellow who has extensive experience with h/w and s/w, and he
opened the laptop, and found several places where unconventional items
appear. He told her that installing neither Linux or Vista
would help, but XP would. Tomorrow they will finish off the XP
install. I guess what
I'd like to see is turning the table on the culprit by using whatever
these items are to trace back to him.
=============end================
Several posts followed that disagreed that XP would make a
difference. Does it?

Here is a page with a hardware keylogger for a laptop:

http://laptoping.com/bitforensics-keycarbon-raptor-keylogger.html

If she can't open her laptop to look for it, she will need to find
someone else to do this for her.

Since it is logging keystrokes, I don't see the relevance of what
operating system is on the hard drive.

Why does your friend believe someone placed one of these in her laptop?
Is she paranoid? Or does she know someone who would actually do such a
thing?

 

[W. eWatson]

Here is a page with a hardware keylogger for a laptop:

http://laptoping.com/bitforensics-keycarbon-raptor-keylogger.html

If she can't open her laptop to look for it, she will need to find
someone else to do this for her.

Since it is logging keystrokes, I don't see the relevance of what
operating system is on the hard drive.

Why does your friend believe someone placed one of these in her laptop?
Is she paranoid? Or does she know someone who would actually do such a
thing?

"...She met a fellow who has extensive experience with h/w and s/w, and he

opened the laptop.."

Yes, she strongly suspects someone she knows. He had a grand opportunity and
reason to do it. It may be more than keystrokes. He called one day, and said
something look at your computer. It suddenly powered off. The guy definitely
has it in for her.

--
W. eWatson

(121.015 Deg. W, 39.262 Deg. N) GMT-8 hr std. time)
Obz Site: 39° 15' 7" N, 121° 2' 32" W, 2700 feet

Web Page: <www.speckledwithstars.net/>

 

[W. eWatson]

W. eWatson schreef:

Hi,

I am no profesional spy, but here are my 2 cent:

If this piece of hardware is, well, custom hardware, it might very well
be possible it taps in directly to the keyboardsignals and logs them,
effectively completely circumventing the OS.

All kinds of keyboardlogger are available, eg: http://www.keyghost.com/

How the people who placed the item in there want to get the info out is
another matter:
1) they need physical access to read it back.
In this case the OS doesn't matter.
2) The thingy interacts with the computer: eg the apparatus has an IO
address. Then you can read it back via software (and spyware on the
computer)
In this case changing the OS might help.

I doubt anyone can give you any guarantuees without knowing more about
the specifics of this hw keylogger.

What about asking the police?
Or were they the ones that placed it? ;-)

just my 2 cent.
Good luck.

Regards,
Erwin Moller

See my recent post for some answers.

--
W. eWatson

(121.015 Deg. W, 39.262 Deg. N) GMT-8 hr std. time)
Obz Site: 39° 15' 7" N, 121° 2' 32" W, 2700 feet

Web Page: <www.speckledwithstars.net/>

 

[HeyBub]

I posted the following a Linux NG.
===================
A friend believes that someone put a h/w keylogger on her laptop
(Vista). She doesn't have the experience to pull apart the laptop to find
it,
and I'm too far away to help. She's recently had trouble with
restoring Win Vista to the laptop, and it may be because her install
DVDs are bad. To get her back on her feet, I told her to install Fedora,
which she is in the
process of doing. My question is how likely is that the keylogger
will be effective under Linux? I might think 0, since it seems likely a
h/w keylogger
would more likely built for Win than Linux. Comments?
=========end===========
There were many responses to this. Probably most of them thought the
OS doesn't make a difference, but there were a few who disagreed, or
maybe got tangled in the complexities of. Several days my friend
called, and updated me on the matter. I summarize it here.
=============================
She met a fellow who has extensive experience with h/w and s/w, and he
opened the laptop, and found several places where unconventional items
appear. He told her that installing neither Linux or Vista
would help, but XP would. Tomorrow they will finish off the XP install. I
guess what
I'd like to see is turning the table on the culprit by using whatever
these items are to trace back to him.
=============end================
Several posts followed that disagreed that XP would make a
difference. Does it?

I think you and this chick are made for each other.

First off "she believes..." Here's a logical hint: It is irrelevant what one
"believes." The only thing that counts is what one can prove. Are there any
indications, any, that someone is accessing her secret stuff? And is there a
more plausible explanation?

Second, you persuaded her to install a relatively unpopular version of an
unpopular operating system instead of the much more practical avenue of
replacement distribution media. And you did this without knowing whether
your version of Linux even supports the weird hardware on her laptop.

THEN she happens to run into a hardware and software expert with extensive
experience who's never seen what he found in her laptop? What did he find? A
tribble?

 

[W. eWatson]

I think you and this chick are made for each other.

First off "she believes..." Here's a logical hint: It is irrelevant what one
"believes." The only thing that counts is what one can prove. Are there any
indications, any, that someone is accessing her secret stuff? And is there a
more plausible explanation?

Second, you persuaded her to install a relatively unpopular version of an
unpopular operating system instead of the much more practical avenue of
replacement distribution media. And you did this without knowing whether
your version of Linux even supports the weird hardware on her laptop.

THEN she happens to run into a hardware and software expert with extensive
experience who's never seen what he found in her laptop? What did he find? A
tribble?

Should I have couched this in academic terms, "We hypothesize that, ...",
the maybe advance to a law, and ultimately a theory, which I'm sure you know
that in science a theory represents fact. I don't see where you contributed
anything to this.