Spyware in the crosshairs

The spies who come in through the keys: "The spies who come in through the keys"

It is known simply as the Kinko's case. But in the world of computer security it represents a serious threat to privacy that is putting individual internet users and companies at risk of losing control of their most sensitive information.

This year, 25-year-old Juju Jiang from New York admitted planting so-called keylogging software on public computers at 13 Kinko's copier outlets in and around Manhattan. The software enabled him to record and steal personal information from more than 450 people.He used the information to siphon money from his victims' bank accounts into new accounts he set up with their personal data. He also sold their personal information on the internet.

Snoopware is one of several types of "spyware", software designed to monitor what people do on their computers. The most common variety is "adware", which tracks people's online habits and sends them pop-up advertisements relevant to their interests. This may be annoying but it is relatively benign.

That is not the case with "snoopware", a much more powerful type of software that secretly records e-mails, chatroom postings, website visits, keystrokes and passwords and takes screen shots of open windows. All this information can then be e-mailed to the person who is spying, without the victim's realising his or her privacy has been invaded.

Another type is known as a remote access trojan (RAT), a program that enables one person remotely and invisibly to take control of another's computer.

Many of these programs have innocent and legal uses. Parents can use keystroke logging software to monitor their children's computer activity. And RATs are also known as remote administration tools because they are commonly used within companies to allow systems administrators easy access to all computers within a network.

But in the wrong hands they can be used for highly nefarious purposes. Individuals could lose control of their personal identification information, banking records, credit card numbers and passwords. Corporate trade secrets, as well as sensitive market information and personnel records, are also vulnerable to snoopware. "I'm totally convinced this is the next big threat. This is the very beginning of this phenomenon," says Matt Cobb, vice-president of Earthlink, a US internet service provider.

No one knows the size of the snoopware problem, mainly because individuals and corporations are often unaware their computers have been infiltrated. Companies that do discover it are reluctant to go public for fear of bad publicity and potential legal issues.

But Webroot, a small US security software company that provides spyware blocking software for Earthlink, estimates up to 18 per cent of computers could be infected with keystroke loggers or RATs. Its estimate is based on results from 300,000 people who in November used its "spyware audit", a free internet-based program that detects whether a computer has been infected.

Some of the software being used to burrow into people's private lives is widely available on the internet. LoverSpy, for example, claims its customers can send fake e-greeting cards to potential targets. When the victim receives a bogus e-greeting, he or she is directed to a web page to view it. The page tricks the victim into installing the spyware by claiming the software is a "plug-in" needed to view the card. Once installed, the snoopware records almost all activity on the computer and e-mails it to the spy.
.....

Then there are "drive-by downloads", in which pop-up ads suddenly appear on the screen. The ads give unwitting victims an option to close the pop-up window but, by clicking on "close", the users start downloading the snoopware.

People using public computers are at greatest risk because there is no way to be sure what software is on those terminals. Consumers with always-on broadband connections are also more vulnerable because perpetrators can access their victims' computers whenever they want.

So far most snoopware has been targeted at individuals but corporations are starting to find it on their systems. All it takes is for one employee innocently to download software from the internet and a corporation's computer system may become infected.

......

The CDT says it has received complaints about snoopware from the largest corporations in America, including some of the most technologically aware companies in Silicon Valley. Government agencies have also been targeted.

Security experts say information technology managers at large corporations are starting to scour their systems for these programs. And computer security groups such as Symantec, Network Associates and Clearswift are beginning to offer software designed to ferret out prying programs.

But Ryan McGee, director of product marketing at Network Associates, believes snoopware programmers will undoubtedly become adept at writing software that is more difficult to detect. Moreover, new snoopware is likely to be designed specifically to burrow into the kinds of files or applications, such as spreadsheets, that may contain valuable corporate information.

Computer buffs who write viruses generally earn bragging rights for their exploits but little else. Shady characters who deploy snoopware can reap huge financial gains. That is the main reason computer security experts say snoopware is poised to become a significant risk to consumer and corporate privacy - if it has not quietly done so already.