Type 3
Cursor Left
Type 1
Cursor Right
Type 4
Cursor Left Twice
Type 2
| ON-SCREEN KEYBOARD |
When ever I am in an internet cafe and I see someone using their credit card, usually to book an online flight, they always type their credit card details into the appropriate boxes by hand. And always in number order. In other words. If their card number is 1234 they always type it by hand as 1 2 3 4, when what they should be doing is typing 1 2 3 4 in a random order.
What the above does is make it harder for a Key-Logger to guess your numbers. A key-Logger works by storing, into a log file, the Byte Value of each key you press on the keyboard. So when you press number 1 it stores the byte value 49, which is the byte value for number 1. When you press number 2 it stores the byte value 50, which is the byte value for number 2. And so on. So with numbers 1 2 3 4 it stores Byte Values 49, 50, 51 and 52. The log file can also store characters (letters).
Now imagine you are on a Flight website, booking a ticket. As you type in your Name, Address and Credit Card details the log
file is recording (saving) those details as key strokes (keys pressed). When the key-logger program detects you have
finished booking, because you left the flight website for example, it knows its next job is to upload (send) the log file
to its analysing computer as soon as possible. On the other hand, it might upload the log file one piece at a time as you
are typing (i.e For every line you type, it sends).
The analysing software knows how to interpret the data inside the log file due to certain information that was added to the
log file before it was sent, such as the name of the website. For example. If you ordered your ticket from www.StupidFlightBookers.com
the analyser knows how the www.StupidFlightBookers.com website wants your information entered. So if you entered your
information as follows....
John White
23 Beach House
Erfurton Road
London
SW2 1RX
Italy
2 Weeks
7th August
21st August
1 Adult
0 Children
Visa
0123456789
10
08
123
.....The key-logger might of added www.StupidFlightBookers.com to the beginning or end of the log file, as an identifier.
So if the person(s) behind the scam are only interested in Credit Card details, for example, they would programme the
analyser only to read lines 12 to 16. They would know that lines 14 and 15 for example contain the Expiry Date and that
line 16 is your CVV number. You could enter your details in no particular order (i.e Address, Card Type, Name and then
Holiday Location), but the analyser will probably go through the log file more than once. For example. It might scan the
log file from top-to-bottom in order to retrieve information or it might check each line for what it contains. So if it
scans line 3 and finds Road, Street or Grove for example it would know it has found the Address line. These kinds of scan
techniques are common in the programming world.
So at the end of the day, as long as you enter your details in the order a website is asking (i.e Name, Address, Credit Card
Number and so on) you will always be vulnerable. Hence why I recommend you enter your details in the wrong order. Going back
to the above 1234 example. If the analyser is looking for four numbers and you enter four numbers you will be vulnerable.
However. If you use the cursor trick above the analyser will see the Byte Values for 3 (50), Cursor Left (79), 1 (49) and
Cursor Right (78) - so not 1 2 3 4 anymore. And even though some key loggers are clever enough not to store non-alphabet
keys (such as Cursor Left) inside their log file, by entering your details in a random order should still confuse the key
logger.
Better still. Why not enter 20 random wrong numbers before deleting 16 of them (in random order also) and then
replace the 4 remaining wrong numbers with correct numbers (again in random order). The key-logger would probably store all
of the numbers thinking they are the correct numbers. In other words. If the analyser knows it has to use the first 4
numbers in the log file for something but finds 20 numbers (+ 16 deletes) + 4 correct numbers (= 24 numbers) it will get
confused as to which of the 24 numbers are the correct numbers to use. You are mixing up wrong numbers for the key-logger
to store, as well as the correct numbers entered not in order. You can use this technique with characters (i.e name and
address) as well.
Another trick is to use the On-Screen Keyboard, which can be found inside the Ease Of Access sub-folder (Path Name: Start Menu > ALL PROGRAMS > Accessories > Ease Of Access). See the Path Names section if you did not understand the just said.
When you have opened the On-Screen Keyboard go onto the internet and find a website where you have to enter information.
Click inside one of its Edit Boxes, such as the Name edit box, and then go to the on-screen keyboard and spell/type your
name - Click on each letter of your name with the left mouse button. As you click on a character (letter/number) it will
be entered into the edit box automatically. Repeat this process for each edit box, especially for the Credit Card Number
edit box. This process is just another way to fight against the key-logger - Hopefully, all they will see in their log file
is Click, Click, Click where your credit card details should be.
I say hopefully because the key-logger becomes more and more sophisticated as time goes on. For example. Even though they might rely on your laziness not to do the above
precautions, they can also be sophisticated enough to emulate your keystrokes (so they know what keys you have actually
typed while disregarding your delete and/or cursor movements). And even worse they can also screen-capture (screen copy)
your finished details (i.e take a picture of the credit card details screen every 10 seconds or so). All without your
knowledge.....until you get a nasty bank statement in the post.
One more thing you can do, to safeguard against the screen-capture technique, is move the On-Screen Keyboard over the webpage
area you are currently entering details for. For example. Click on the Credit Card Number edit box, move (drag) the
On-Screen Keyboard over the not yet filled in credit card number edit box (so it is covered by the On-Screen Keyboard) and
then enter the credit card number with the On-Screen Keyboard as described above. Although you would have to check that you
have entered the details properly, and so expose the screen details, this method can limit the Key-Logger that takes a
picture of your screen - a screen filled with credit card information for example. No method is 100% but at least you are
limiting the dangers.
PCSnapShot Keylogger and Handy Keylogger, both commercial/professional products, are a good guide as to what a keylogger is
capable of. Just type their names into a search engine for their website links. Their product descriptions say it all!
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation. As stated here by the Microsoft Corporation.
