Keystroke loggers are nothing new. Often surreptitiously installed on a user’s PC, keyloggers record keyboard actions and log them, or subsequently upload the data to a third party. It was more than three years ago when the first federal prosecution involving keylogger crime took place. They’ve been a favorite weapon in the arsenal of malicious hackers for even longer than that; they’ve been incredibly effective as a method for stealing usernames, passwords and other information that can be used to penetrate enterprises and steal identities. However, keyloggers are no longer being used exclusively for evil. Just recently it was revealed that the FBI has used them on a number of occasions, including in the investigation of alleged mafia kingpin Nicodemo Scarfo Jr., and helped lead to the arrest of Josh Glazebrook, a 15-year-old student who pleaded guilty last month to emailing bomb threats to his Washington high school.Lately we’ve seen discussion among IT pros regarding the merits of using keyloggers in the enterprise. It bears asking what keylogger capabilities are coveted by security professionals that would make them desirable over other, more traditional client-based monitoring tools. Are they cheaper, easier, or just more fun?
It would certainly seem the practice is no longer an absolute no-no, but as always, we’re interested in what you have to say. Have you used a keystroke logger in your organization, and would you consider doing so?