A keylogger builds a log of everything typed into a keyboard to be
reviewed by a third party. Keyloggers can be used for legitimate
purposes to troubleshoot networks, analyze employee productivity, or to
assist law enforcement, for example; or they can be used for
illegitimate purposes to surreptitiously spy on people for personal
gain. A keylogger can be a hardware device or a software program.
The most common hardware keylogger plugs into the computer’s keyboard
port, connecting to the keyboard cable. It can look like an extension
tail or in other cases a small cylindrical device. This makes it easy to
spot, if looked for, but it won’t be detectable by software. Models are
priced around the number of keystrokes they can hold, with higher
capacities being more expensive. One entry model costs $49 US Dollars
(USD) with a capacity of 128,000 keystrokes.
Once installed, the log is retrievable through opening a word processor
and entering a password to reveal a hidden keylogger menu. Like all
hardware keyloggers, it has the limitation of requiring physical access
to the system, but might be used by network administrators or by parents
to monitor the family computer.
Another type of hardware
keylogger is preinstalled inside the keyboard itself on the circuit
board. This device is undetectable barring disassembly of the keyboard,
but does require replacing the existing keyboard. A similar keylogging
product can be soldered on to the circuit board of any keyboard, but
this requires some skill.
Software keyloggers are often
installed through malware like Trojans, viruses, spyware or rootkits.
These keyloggers can collect keystrokes through a number of methods,
depending on design. Some keyloggers work at the kernel level; others
use a hook to hijack system processes that manipulate the keylogger; and
still others use entirely different means. A keylogger that is
installed remotely through malicious means secretly sends its logs to
the person who planted the device via an Internet connection.