We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Protection against keyloggers / internet cafe logs-reading.

davidgareau
davidgareau asked
on
Medium Priority
1,494 Views
Last Modified: 2013-12-04
I am traveling and only have access to the internet (email and financial data) while in Internet cafes/clubs.  Is there any way to protect myself from having everything I do and type in logged, read and stolen by the network administrators in these places?
Comment
Watch Question

Commented:
The only way would be to use a laptop which is your own and then to use WLAN hotspots. Then make sure that you access the sites for mail and financial data via https.

If you have to use a public internet café there's is no guarantee that no spyware, keylogger or something like that runs in the background.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Commented:
If you're using someone else's untrusted PC then it's gonna be tricky, with things as they are currently, to ensure total privacy... If they;ve got a keylogger running then a countermeasure would be to use a virtual on-screen keyboard, but this would need to be installed in the first place,.. even then they might have screen captures running which can record everything you click on... it'll be difficult to determine whether any spy software is running as it can remain hidden, so in the end I'd recommend you only do what you absolutely have to do, and clear your cookies and history before you leave (if it lets you)...

I'd love to learn of an effective way to beat spying in places like public cafes, so hope someone else posts something to this end, but while I hate to admit defeat, there's just too many things an admin can do to monitor your useage of their PC...

Solution: Buy a laptop with wireless (even a cheap brick of a lappy with a wireless addon card) and use public hotspots, so at least you retain the majority of control...

Cheers,
Herb

Author

Commented:
The closest thing to a wireless hotspot in most places I´m traveling is an overheated 50 year-old car.
I have the laptop with wireless, but it's useless in most countries.
CERTIFIED EXPERT
Commented:
If you cannot trust the network you are using when you are in an Internet Cafe then you should not use it for sensitive issues.

When using email you can use an encrypted service such as http://www.hushmail.com/

However, a system with a keylogger installed will obviously bypass the encryption of data.

The only way I can think you could protect against software such as a keylogger installed on the PC you are using is to perform an online spyware scan using one of the following:

http://www.webroot.com/services/spyaudit_03.htm

http://www.pctools.com/spyware-doctor

http://download.zonelabs.com/bin/promotions/spywaredetector/index3.html

Also when selecting an Internet Cafe look for the kind that rebuilds the PC from a disk image on each reboot - this way you can be sure the client PC is clean.

Hope this helps.

Author

Commented:
okay, but what about the sys admin simply logging everything I do, is there any avoiding this?

Commented:
Really good solid advice gidds, although I'd still recommend caution as it'd be hard to put 100% trust in the webscans, and a rebuild from an image could still contain all the nasties that the owner/admin wants it to...

Commented:
"is there any avoiding this?"... without doubt? Absolutely not :/

Commented:
I agree. No way...
Commented:
If you can find an internet cafe in the places you're going, you could try and convince the owners to let you plug your lappy in to an ethernet port and do your thing... the convincing could be pretty tricky in the first place, and it could further complicate things if you need any 3rd-party software installed for authentication or whatever to get out to the net...

Let it be said though, that if it were me I'd probably refuse your request... how do I know you're not gonna spy on all my customers with a sniffer..? :)
CERTIFIED EXPERT
Commented:
"okay, but what about the sys admin simply logging everything I do, is there any avoiding this?" - no you cannot be 100% sure this will not happen - but you can be 99% sure.

Also when you talk about an admin logging everything you do, remember they would have to use a keylogger to do this - even screen capture will not do this as screen capture will not get passwords hidden with ****'s - and even if they are sniffing the network - SSL will defeat this tactic

However, if you perform spyware scans you are limiting the possibilities of keystroke loggers being used.  An admin would have to be using an unknown logger for it to avoid detection.  This may be possible but the chances of this are pretty slim.

In terms of network traffic being captured - it is only a concern if its plain text - SSL offers solid protection in this regard.

Herbus, when you say it is hard to put 100% trust in webscans I would agree but I would also say the same of any spyware scanner whether webbased or not - the web-based scanners will detect and remove the same problems their traditional counterparts can.  Many "fat" spyware scanners may miss spyware another scanner may detect.  Personally, if I ran 2 web-based spyware scans on any PC I would be as sure as I could be that that PC was free from known spyware.

Generally, if you stick with a reputable chain of Internet Cafes they will do a good job in trying to keep their customers safe (and you can be sure they are pretty unlikely to have any "nasties" contained within their disk image).

In addition to a spyware scan you can also perform virus / trojan scans in the same way using a service like http://housecall.antivirus.com/housecall/start_frame.asp 

If you are familiar with the version of Windows (and the normal running processes) the Cafe uses and can access the task manager to establish if they are any suspect running procceses.

Hope this helps.
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
As is being eluded to above, to avoid being logged you should encrypt your traffic, and one of the easiest ways is over a tunnel like a vpn or ssh. I prefer to use RemoteDesktop (aka terminal services) when I am on a wifi network. The admin can see that I connected to another PC, however he cannot see what I am doing while connected to that PC. When using WIFI there should be no way for a keylogger to be installed on your machine, unless you do it yourself, as in you have to install some sort of software to use their wifi... all that should be required is that you enter a WPA pass phrase, or if the wifi access point is using WEP there shouldn't be anything needed, it should all be done in the background with little to no interaction from you.

So I get on the wap, and then I open RemoteDesktop and connect to my PC at home, by default RD/TS is encrypted over RDP with a 56-bit RC4 stream cipher, and there is nothing plaintext in the data except for my username when first connecting, other than that, everything is encrypted. The admin's would have to be running a packet sniffer to even pick up the username, and parse through a lot of other data to find it. Same with ssh, the username can be picked up in the raw packets with certain clients... still no big security risk if your password is well chossen.

I do all my surfing from the PC at home, so that all the traffic is going out of my home pc, and all that is being sent to the pc I have on the wifi is the screen output from my home machine...
-rich
Commented:
>Is there any way to protect myself from having everything I do and type in logged, read and stolen by the network >administrators in these places?

No.  Which is why you must regularly change your passwords, physically check for any keystroke loggers attached to the keyboad wire, and better still, invest in a one-time password mechanism such as RSA SecurID if you have systems of your own that you want to protect.
You could run an online virus scan each time you connect - eg - housecall.trendmicro.com, but by the time this has finished, your hour's up and you have to move on...  :(
Responsibility lays partly on the online banks - they should get rid of static authentication schemes (ie username and password) and use something different - for example - type in username, random characters from your password (eg please enter characters 2,3,5 and 6 of your password), type in what you see on part of the screen, etc etc.

Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
>Is there any way to protect myself from having everything I do and type in logged, read and stolen by the network >administrators in these places?
While nothing is 100% guaranteed, if you use an encrypted tunnel or protocol (such as httpS ) to another pc from the wifi your pretty safe from these admins or hackers.

Also, the visual keyboard on windows does nothing but slow you down, a software keylogger will pick this up (if it's any good), but a hardware would likely not. It's hard to get a hardware keylogger on to a laptop... which is the top hardware setup that people tote to public wifi's (my pc is heavy and my monitor I can't carry more than a few feet)
-rich
r-k
Commented:
You could minimize the risk by creating a temporary email account before you leave (e.g. yahoo or hotmail) and forward your regular email there for the duration. Later, you can delete those accounts. This won't protect the content of your emails, but will protect your passwords.

Author

Commented:
Ask I said in my post, there is NO wireless anywhere in the places I'm traveling (read 3rd world).  the main concern I have is sysadmins grabbing my passwords for bank websites. Changing my password will make no difference if they are getting the change I made. How would I encrypt over a tunnel like vpn or ssh?  For instance if I go to www.banksomewhere.com how would I do the vpn/ssh thing?

is there anything like  RSA SecurID if you have systems of your own that you want to protect that is available for email systems, like imap that I could use for a monthly (or free) fee.  I don't have my own server.

thanks

Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
Any site that uses SSL (httpS) is encrypted, however the login page sometimes is not as secure as it could/should be.
If you have Terminal Services client or RemotDesktop installed it's easy to login to a machine not on their network and use that remote machine for your purposes. The traffic is encrypted by default. If you setup a VPN on this machine and further encrypt the traffic even better...

basically you'd do your browsing/banking on a distant machine, and the "monitor" of that distant machine is displayed on your own pc's monitor.
-rich

CERTIFIED EXPERT
Commented:
You would have to establish a VPN/SSH connection to another PC (say your home PC which would have to be left switched on and connected to the Internet).  You would then connect from the Internet Cafe to your home PC via VPN/SSH then access the banking website from your home PC.  This may not be possible for you.

Hushmail is an encrypted web based email system (as I mentioned in a previous post): http://www.hushmail.com/ 

Author

Commented:
what is the pros/cons of hushmail vs safe-mail?

I dont' have a home pc available, it's in storage. If the cafe uses the screen capture thing mentioned, even if I was doing all the stuff via the home computer, they could still capture that, right?  And they could still keylog, right? so, what does that add, securitywise, to my issue? Plus, are there services available were I could use someone else's VPN/SSH service to access this, while at a cafe?  

https: is also only secure (encrypted) after it's left the computer I'm on right, so it does nothing for the keystroke logger/screen capture/network admin problem, right?
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
I see where your comming from now, my apologies for harping on. You cannot protect against key-logging if your using untrusted devices, it's very possible they can use software keyloggers, and the visual keyboard is of no use if the keylogger hooks the proper API's which most modern kl's do. Screen capture isn't much of a benefit, as most passwords are hidden behind astrick's ( ****) but there is other data that could be gleaned from a screen capture.
Bottom line-
If you cannot trust these pc's then you should not use them. You cannot secure yourself on them if your not allowed admin-right's and even then, it's questionable that you'd be able to remove any/all of the possible software that they could potentially be using.
-rich
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
A way would be to use osk.exe which is part of windows. It's the on screen keyboard which you operate with mouse clicks to create sensitive text.
There is no guarantee, that your whole session is captured, ie filmed by a hidden process, then this would be useless, too.
Has anyone of you heard of such a case, I mean criminals running an internet cafe who got caught?
Or... has anyone ever heard of osk.exe being monitored? I'm eager to know.

Author

Commented:
hello - I just wrote that with osk.exe, that's cool, never new about that before, if only I could get it to do, russian, I'll reboot into the russian MUI and see.

those constantly changing password RSA devices, are there any servers that provide them, then I could use that for email at least.
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
OSK is hooked by programs like Spector Pro and most of the top keylogger producers, as the keyboard API is what is being used, and with that (dll) hooked it's easy to grab the keystokes from. Even klogger.exe from ntsecurity.nu even hooks it. As I said, the on screen keyborad is of little use for -->Software<--- keyloggers.
-rich

Author

Commented:
1. I will try and run online scans. - for spyware/software keyloggers.
2. I will check the running processes/services. - to see obvious software keyloggers - spyware.
3. I will use the osk.exe (is there a localized version for MUIs?) to fool hard-ware keyloggers.
4. setup a temp email and forward to it
5. clear cookies/url history after use

In my particular case, non-Wireless, no running computer anywhere else, don't know or trust the owners of cafes, usually no ethernet hookup.  Would you suggest any other things I could do? Besides pray & hope?
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
Save up for a laptop ;) Use the connection in your hotel ... I dunno much else...
-rich
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi richrumble,
I quickly scanned the text for osk before launching that little clue, sorry, I did not read your comments.
Asides: very interesting, that osk uses the keyboard api, too. That was the information I once searched for. So my tip was leading in the wrong direction.
CU

Author

Commented:
got the laptop... I can tell the tech type don't go to 3rd world countries too much ;->
hotel!? Try a hostel/hut, connection... I don't remember last time I had a phone outlet while on the road.. now i'm at my apartment, in Belarus, so it's good, but.... well that's another thread... thanks for the info and help though.
r-k

Commented:
Good luck. The last couple of times I used an Internet cafe, they had some captive software running that only allowed you to run IE, no way to run scanners or even Task Manager.

Author

Commented:
yeah, that's what I figured (about not being able to run task manager or online scans), maybe I can boot from a linux cd or something, though I doubt the network would be available than, we'll see.

CERTIFIED EXPERT
Commented:
Web based scanners would normally run via ActiveX and as such would run on a machine which only ran IE but they could still fail if ActiveX was disabled or restricted but if that was the case many other sites would also have impaired function and as a result you may have an Internet Cafe which does not allow many websites to function (not good for business).
CERTIFIED EXPERT
Commented:
I see that you previously asked about the pros and cons of hushmail vs safemail.  In terms of encryption hushmail uses a 2048 bit encryption while safe-mail uses 128 bit.  Hushmail offers a free version.  Safe-mail does not.  However, Safe-mail appears to have anti-spam and anti-virus functions where hushmail does not.
Commented:
You could boot from a Linux CD - as long as the network was DHCP enabled, you'd pick up an IP address and away you go...

Commented:
...though if they see you, they might not appreciate the reasoning behind it... admins can be pretty protective, regardless of where you are in the world...

That would definately be THE most effective solution on an untrusted system though... combined with a quick look for a hardware keylogger... and assuming you can boot from CD... and assuming you do pick up the required config from DHCP...

Author

Commented:
Thanks guys, very helpful and quick response, this is the best forum for IT, have a good one.
david

Commented:
Get a copy of the Ubuntu Live CD (free) ... go into a cafe, put the disk in the CD drive and reboot.

You're not using the cafe's OS, so no software such as keystroke loggers will get you - nothing from the hard disk is being loaded at all.

Connect to a trusted terminal services server somewhere and network sniffing is not an issue.

Most low-tech cafes just charge you for the time you're sitting at the computer, but if they have some kind of voucher system you may be hooped (or you may actually get around the pay-for-service system and get free access).

The main prerequisite is that the computer you need must have a dynamic IP address (or you know how to find what address to use and how to set Ubuntu up to use said address).

BTW, Knoppix is good too.

Author

Commented:
I will look into the Ubuntu disc... thanks... I don't mind paying for the cafe, as it's a good service, and most I use are like 1-2 dollars an hour...
A lot of cafes though don't have CD drives, as they are onto people like us.....

But there's still the fact that my info must go out to the internet via their server... thus they could just grab it on the way out couldn't they...?

that's probably unavoidable, right? Could I encrypt it via the Ubuntu disc, and then even if they catch it at the server on the way out or in they couldn't decrypt it in time before I change my passwords...??
thanks
david
r-k

Commented:
"thus they could just grab it on the way out couldn't they...?"

Yes, they could install a network sniffer in principle to capture all traffic (though unlikely in practise).

Whether you could encrypt all traffic would depend on who you are corresponding with. Little point encrypting your emails if the person receiving them can't decrypt them. But if you are corresponding with people who can decrypt,  then you could use something like PGP to encrypt.

Author

Commented:
I was more interested in encrypting my account numbers & passwords that I enter on bank & investing sites... I've seen so many programs for cracking passwords that I'm worried that will happening
r-k

Commented:
In that case the answer is yes, they would be secure from network snooping. I am assuming that all banks and investment sites use secure connections (look for the small yellow lock in the IE status bar, and look for addresses that begin with https://).

Of course, this assumes you have booted to a clean system from CD (and there is no hardware keulogger installed). That yellow lock offers no protection from software or hardware keyloggers.

Author

Commented:
cool, thanks

Commented:
Check Point claim to be doing something with Connectra that solves just this problem.  There's still the issue of hardware keyloggers - they are 100% indetectable by the OS, so not even Connectra would work.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.