The animated TECHTip tutorial is available at TECHtionary.

Last night, a special report on ABC News identified key loggers as “causing at least one-third of all online crime.” This is a special TECHtionary report on this insidious crime. To begin with, keylogging, VoIP phone keypad trackers, keyboard sniffers, system monitors, loggers, and trackers are programs that monitor every keystroke and data flow to and from the keyboard. There are generally three types:

• Software loaded into computer memory.

• Wireline physical connector device connections including telephones.
• Wireless “sugar cubes,” Trojan Horse (fake) Wi-Fi AP-Access Points, or other “bugged” spy devices such as wireless video cameras and phones.

While various types of encryption systems are widely available, they are not used enough to prevent attacks. For example, MD5 [Message Digest 5] is a 128-bit “digital code” (such as 34b7da764b21d298ef307d04d8152dc5). MD5 is one of many “hash” algorithms used in SSH [Secure SHell], SIP [Session Initiation Protocol], Java, and other systems. Other hash algorithms include CRC [Cyclic Redundancy Check] and SHA-1 [Secure Hash Algorithm]. Hash comes from “corn-beef hash” or ground up beef (words) which is created from private or public encryption creating unreadable code characters with a nonce (time stamp or other randomly generated code or word).

Cookies are scripts to record access to a host/server. Cookies fall into the script-centric domain, not in the page-centric domain. Like a “laundry ticket,” a cookie lets the server/host record your access. Cookies were created because HTTP [HyperText Transfer Protocol] is a “stateless” (without record) protocol. That is, HTTP does not create/save a session with the server/host. That is, in order to keep track of the laundry, Amazon and thousand of other sites to use cookies to create special presentations in your browser such as recommended list of products to buy based on your purchasing history. A cookie contains text-only that is placed in the RAM [Random Access Memory] on your computer and then saved to the hard disk drive when the browser is closed (X). Let’s look at how cookies get inside your computer “cookie jar.” Cookies are brought to your PC as text along with Web site images inside the browser HTTP [Hyper Text Transfer Protocol]. Cookie ingredient can also include cookie “bytes” called Location IDs, Location Poisoning, or URL Poisoning (explained next). There are “ingredients” (commonly known as spyware, adware, malware, etc.) inside the cookies. Like with any technology, there are many benefits, but they’re open to even more potential abuses.

Location Poisoning or URL Poisoning uses the HTTP Error 302 - Moved Temporarily - designed to redirect low-level URL sub pages Web requests in case of server failure to redirect (send) to another site called a virtual server. Error 302 redirection can send the user to a server that may track user behavior (poison). That is, add key logging programs. Another type of URL Poisoning places additional content (such as a virus) on your PC. On a positive note, SSL-Secure SHell digital certificates use a single specific host name and not subject to URL Poisoning.

GUID [Global Unique IDentifier] is a text-character string (message) based on an IP [Internet Protocol] address contained (embedded) in the downloaded software program or a browser cookie. The GUID is a type of spyware/adware that identifies the user to the provider’s server/host program. Some programs require the user to enter an e-mail address to download the program or access certain areas in the Web site.

Spyware-Adware - GUID (and associated IP addresses), telephone keypad tracking, e-mail, and other content tracking systems can be saved in a log of IP addresses accessed by the user and saved in a database for marketing, auditing, legal, or other reasons. This database can be cross-referenced against other databases such as credit-banking, public information (driver’s license, marriage, police, tax) and location services such as telephone number, address, etc. This information can be sold with few legal restrictions regarding transfer of this information to any third party. Anti-spyware programs remove even the most devious spyware programs using a constantly updated database of thousands of known threats. You can schedule regular scans or perform one manually to find and remove spyware and adware from your PC. Smart software (shields) block browser hijacks before they happen.

Bottom Line - “There is no absolute system to protect your from network slowdowns, spam, libelous postings, offensive e-mails, recreational surf abuse, hacker or any other legal liability.”