Keyloggers in the Library

By David Harley posted 24 Feb 2011 at 10:02AM

tags

If you found my recent post on Public Access PCs Booby-Trapped of any use, you may also find a follow-up article by SC Magazine's Dan Raywood of interest.

The article on Keyloggers found plugged into library computers quotes some further thoughts I sent him in a subsequent exchange of email, and also quotes Wilmslow police inspector Matt Welsted and F-Secure's Sean Sullivan.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Nitol Botnet: You Will Never Break The Chain

AMTSO's New Direction (and some resources updates)

Free Anti-virus: Worth Every Penny?

VirusTotal, Useful Engines, and Useful AV

Great Expectations and the Grim Reaver

Adam Wilder

Well, David I'm not that surprised as most library systems have few security measures in place whether it's again keyloggers or other intrusive elements of the net sujch as malware,adware,spyware..
Actually, I no longer use the library for internet acess since the time I had been using the internet resources of my local library , every week I'd noticed several workstations with a out of order notice on them..
Thanks for the article..

Adam
Dan Raywood

Thanks for flagging this David, and good response by Adam. Regarding ' library systems have few security measures in place', I would be interested to know: who is responsible for the upkeep and patching etc on public computers such as these; and secondly how straightforward is it to a LAN such as a library? Assuming that libraries do not have IT teams, are they the responsibility of the local council IT team I wonder?

David Harley

@Dan, good question. Though I make a great deal of use of my local public library, I don’t have much insight into the structure behind them, though I believe that branch libraries fan out from “main” libraries that are in turn responsible to councils. I’d expect any main library to have at least one person responsible for IT services these days, as libraries in the education, charity and private sectors do, presumably with technical backup from council IT teams. Branch libraries are, I suspect, generally centrally administered with someone at the branch responsible for routine maintenance, but that’s unlikely to be a support specialist. However, it’s a long time since I provided support to a library myself (and then it was as part of the IT team in a research organization): I’m no expert on council libraries. :)

David Harley

Actually, the fact that one of the devices disappeared between being noticed and being removed poses an interesting question. While I don’t have full details of the incident, I have to wonder whether it points to a particular problem in small organizations and sub-branches of larger organizations, where there is often no on-site tech support. One of the devices disappeared after it was noticed, but before the library itself removed it. Was it just lost? Or did the criminal come in and remove it while someone working in the branch was asking someone else what they should do about it?
Haleigh

I've read the one about Keyloggers found plugged into library computers, and I felt that no place is safe in this world.If a simple task as checking some articles on the library computer could become dangerous, think about how unsafe wireless public networks are….

Facebook Youtube Twitter LinkedIn Google+RSS Email

11 articles related to:

Hot Topic

Linux malware

07 May 2013

Linux/Cdorked.A malware: Lighttpd and nginx web servers also affected

06 May 2013

Linux Apache malware: Why it matters to you and your business

02 May 2013

The stealthiness of Linux/Cdorked: a clarification

26 Apr 2013

Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole

24 Jan 2013

Linux/SSHDoor.A Backdoored SSH daemon that steals passwords

Keyloggers in the Library

Related Articles

Follow Us

Linux malware

Archives