PDA

View Full Version : keyloggers - can you get caught?



prsnl
03-31-2008, 01:52 PM
This is all a hypothetical scenario.

We're going to refer to the person sending the keylogger as "Individual A". We're going to refer to the person that gets the keylogger installed on their system as "Individual B."

If "Individual A" wanted to remotly install a keylogger on "Individual B's" computer to see what websites they are visiting. Not interested in any of their personal information. Although these particular websites are valuable and secretive to the individual.

These individuals aren't related. They don't know each other personally.
According to this keylogger, it's undetectable by anti-virus programs. The keylogger doesn't show up in taskmanager. It installs itself into services.msc but with a different a name. It can be installed remotely. "Individual A" would test the keylogger before sent to "Individual B" to make sure it's installed without any notices, bypasses AV and Spyware programs, and sends data discreetly. "Individual A" is computer savvy in website design, not sure how advanced they are on the programming side or being able to recognize changes in services.msc

"Indivdual A" would contact "Indivdual B" to see if they are interested in a particular software (which is binded with the keylogger) from a public location. "Individual A" doesn't visit this location regularly. Any communication related to any of this will be done from a public location not visited regularly (different IP). If "Individual B" is interested. "Individual A" would send the keylogger from a public location they don't visit regularly. After the keylogger is installed the website data would be collected for about a week or if suffiecent data has been collected quicker. Then the keylogger will be uninstalled from the remote server.

If this is done from a public location that's not visited regularly is there still a possibility of getting caught? The keylogger wouldn't be purchased under "Indivdual A's" name, location or any personal information.

"Individual B" that has the websites does have ***** to pursue this if there was any suspect of a keylogger on their system. If this was pursued how would this be traced? What's the liability? Would they be able to decrypt the exe that was sent?

"Individual A" (person installing the keylogger)- let's say during research when trying to find a keylogger and trying to find a program to bind it with these websites were accessed from a location that "Indidivual A" doesn't want anybody to know about. Nothing was downloaded from these sites, and there wasn't any signing up, they were just browsing. Could this arise as a problem as, this could end up being circumstanstial (spelling?) evidence? Since the remote keylogger software and the binded software could be traced to the owners of the programs. Just from website visits they could pull up IP logs from both websites and see that there is a match. Which would be unlikely by anybody that didn't send the software to "Individual B". If "Individual A" wanted to be as discreet as possible they should find different software to bind with? Visit websites anything related to this from a completely different location. Even if it's just browsing websites? The problem is going to be finding another software to bind it with since this is hard to find software. Maybe if "Individual A" just used a different remote keylogger software then the the IP's wouldn't match with the binded software's website and would that be sufficent?

Another possibility of a trace that came up was when they trace the IP's (proxies don't help since advanced users can trace the original IP), if they go to the actual locations where "Indivdual A" sent the keylogger from? A library has cameras could they pinpoint exactly which computer the keylogger was sent from? This would be done from a personal computer, not using the libraries computer, they would be using the public wifi.

You can't pin point a computers location like that or can you? Cellphones can be traced like that can't they? Or is this going over***rd? Or should the individual go to a coffeeshop where they don't see any cameras? Although there are many more people who access computers from a library and could be anybody? Not as many people visit or use this particular coffeeshops wifi. It would be harder to blend in.

The most important thing that "Individual A" would be worried about is not getting caught. How likely does this sound?

If anybody thinks that "Individual A" is being paranoid is only since these websites to "Individual B" (this is an individual not a company but, the indivudal could be making ***** with these websites). Just to give anybody an idea as to how important it is that "Individual A" doesn't get caught. "Individual A" has heard a story in a different scenario where something similiar happened with some other people (don't know if a keylogger was used) but somehow somebody found out about a person's websites and used their ideas. The person that copied the idea got his house burned down.

coz
03-31-2008, 04:16 PM
You can always get caught. But you just seem way to paranoid:eek: The key in getting you caught would be disassembling the keylogger and finding whatever the software put in about you. Along with tracing your origin through the email you send to the person. More than likely nothing will happen though unless you are messing with someone extremely important and you are seen as a danger to them, their employees, and or business. I got in trouble a while back for basically the same thing and supposedly it was my ISP (which sees everything you do) that seen what was going on and disconnected my service.

Governments and anyone else who's important have learned in the early days of the internet it's hard to ***** done people with proxies and such things. I'm sure they have made things easier to do in recent years by talking to ISPs, routers, dns servers, etc running the internet. Just don't do anything to cause a lot of damage.:D

gordo
03-31-2008, 05:18 PM
Coz is right, you can always get caught if it is serious enough. I don't think getting your friends email password and sending out "Iam gay" emails will get you much legal trouble.;)
Ways to get caught are:your ip address from accessing where the logs are sent to either email or ftp site.As Coz stated, your ISP knows stuff. To avoid that, use a laptop and look for open wifi connections. Remember to change your MAC address. Only use that laptop for that purpose.
If a court order is issued, the keylogger company will have to reveal their records. To avoid that, use a keylogger that is based in another country, for instance, don't use Eblaster if you live in the USA. Besides, eblaster "phones home" and the company knows what is going on. The stealthiest keylogger I know of is Spytector, based in Romania.

prsnl
03-31-2008, 05:23 PM
Thanks for the great replies!

So if you change your MAC address, use Spytector, and use an open wifi, is there still a possibility of getting caught? If so, how would you still be able to be caught?

Do you have any good documentation to change a MAC address is it complicated? Sorry I don't know anything about this stuff. Do I have to change my MAC address even if I'm using an open wifi? I found a software that costs $20 that changes the mac address without needing any ********* knowledge do you think this would work? I also found a free software that will spoof mac addresses, "macshift".


Thanks!

prsnl
03-31-2008, 05:59 PM
also if worst comes to worst even using the above methods with public wifi, change mac address, spytector, etc.. if the person was still caught what kind of trouble could they expect? this isn't anybody important (college student) but, the websites are valuable and this individual does have ***** to pursue this further.

there won't be any information such as **** accounts, ****** cards, no personal information would be taken. it's just to see what websites they are working on. there won't be any damage done to the websites such as trying to take them down or anything like that.

should a lawyer be consulted prior?

tehjimsta
03-31-2008, 08:40 PM
Oho! Well, here's the precautions I would most likely take:

*)Use a MAC spoofer
2)Make sure that it is a LAPTOP THAT HAS NEVER BEEN ONLINE BEFORE that connects to the internet
*)Use an open wifi, preferably about *0 miles away from your house. That's what laptops are for!
4)After connecting to the wifi, use a good proxy. JAP is a good one, it's based in Germany or something.


Disclaimer: This guide is purely educational and not intended to be malicious. The writer is not responsible for the actions or damage caused by somebody who read and followed said guide...

Ok, here's my personal guide to keylogging:

*. Acquire the laptop, MAC spoofer, proxy system, keylogger, and Mozilla Firefox.
2. Connect to the open wifi!
*. Activate the MAC spoofer.
4. Activate the proxy and open up mozilla firefox.
5. Make sure you have the "user agent switcher" add-on, and find out how to use it. Make up a fake user-agent and relevant details.
6. BIG NOTE HERE: IF YOU WENT TO MOZILLA FIREFOX SITE TO GET USER AGENT SWITCHER, DEFINITELY CHANGE YOUR PROXY BEFORE STEP 7!!!
7. Ok, now you will use the keylogger and send it, BUT send it from an anonymous email service, or learn to fake email/email headers.
8. Once you've recieved your results, please if you feel in danger because you KNOW FOR CERTAIN that they've *****ed you down, or they've done a lawsuit or something, get a lawyer and destroy the laptop!
*. If you've followed all above steps, it's completely impossible to ***** you down. With the laptop which did gone, and the anonymous email being anonymous, you should be good-to-go! Oh, of course delete the email results of the keylogger. Besides that, the laptop should be the ONLY evidence you did anything.

prsnl
04-01-2008, 10:38 AM
Thank you all for the educational insight, I didn't get anywhere near this kind of information from different forums.

Here is the last scenario.

Let's say "Individual A" finds somebody overseas in a *rd world country (we'll call them "Individual C") to make the contact with "Individual B" and send the keylogger and binded software.

Individual A still has to create they keylogger module and bind it but, Individual A will never have contact with Individual B and the originating IP would lead to some *rd world country.

Have the chances of Individual A being found been reduced greatly?

Even if Individual C is doing the contact, Individual A will still take all the necessary precautions.

If Individual A does not have a laptop which has never been online before what would you advise? Still necessary if Individual C is making contact?

Also what service would you recommend for anonymous e-mail (prefer off-shore), is hushmail anonymous? Although it's not free is it?

When Individual A will be contacting Individual C, what's the most anonymous method of communication? Anonymous e-mail? how about chat through Aim Express (web-based chat) over proxy? Then there aren't headers?

Lastly when making payment with the keylogger company is ***** order the best method? What do you think about using a pre-paid ****** card that you can purchase at a store? Can the pre-paid card company be contacted and find out when and where the card was purchased?


Thanks again!

tehjimsta
04-01-2008, 03:30 PM
So, to recap, you're saying this:

Person A contacts Person C and gives him all the necessary precautionary software, as well as the prepared keylogger. Person C is far off, somewhere that it will be hard to catch him. Person C then sends keylogger to Person B, and a few days later, the keylogger gives results back to Person A.

Disclaimer:
I AM NOT RESPONSIBLE FOR ANY DAMAGE CAUSED OR ACTIONS TAKEN THROUGH MY GUIDES. MY GUIDES ARE PURELY EDUCATIONAL!

Ok, here's the best way to do everything:

*.Make sure you have all the precautions set. If they are all set, and Person A doesn't contact Person B, then Person A does not require a brand new laptop. However, that is the only thing that can be dropped off.
2.Make sure that no matter who/what the contact is, Person A ALWAYS using precautionary methods I mentioned.
*.Make sure Person A and C both have secure precautions, and that they can use the precautions well and without fail.
4.Also make sure that when buying anything, use a prepaid card.

If all steps of both my guides are followed, then there should be no problem at all with the prepaid card company/laptop. Person B would have to be very insecure and rich to ***** Person A through all precautions advised by my two guides.