Protect Your Library From Keylogging!

Public libraries provide access to technology to many visitors through shared devices. However, there are people looking to exploit these services through stealing sensitive personal information of other visitors, often through the practice of keylogging. But what exactly is keylogging? Is it a relevant threat to all libraries? How can you prevent it? Read this week’s blog to find out!

What is keystroke logging?

Did you know that it is possible to record the keystrokes on a keyboard? This action is called keystroke logging and is often a common component of cybercriminal activities. With the help of a keylogger software or hardware, a third party can covertly monitor every single character typed into a website or an application. Although this tool can be legally used for improving user experience and monitoring employees, this also means that key loggers are able to steal different kinds of personal and financial information without the user being aware of the action. And while no one wants their passwords or banking details leaked, any computer can be targeted.

Public institutions are at an extreme risk of keylogging

The threat of keystroke logging is even bigger when we are talking about public devices. A shared computer is used by multiple people throughout a day, which is why they are specifically targeted by cybercriminals. Moreover, as they are in a public area, a keystroke logging hardware can be deployed to the computers by anyone using them. What this means is that cyberattacks on these shared devices can be easily carried out by both keystroke logging hardware and software. Besides this factor, targeting public computers is more promising for the criminals because they can acquire personal data from many people. For this reason, shared workplaces, higher education facilities, public libraries and other public spaces are advised to take extra steps to prevent the theft of confidential information. According to project manager and librarian at Aalborg Public Libraries, Martin Schmidt-Nielsen, libraries are particularly vulnerable because they have computers which are accessible to everyone.

Multiple public institutions have suffered incidents due to keystroke logging in the past. “Nearly 2,000 students at the University of California Irvine had their personal and health information stolen after computers in the student health center were compromised.” And if that happens in relatively closed facilities (such as universities), we can only imagine the possibilities for a cybercriminal in a public library.

“Public libraries in Manchester, England, have been advised to keep their eyes peeled for USB bugs after two devices were discovered monitoring every keystroke made by every user of affected PCs.” – writes Graham Cluley, after two small surveillance devices were found at Wilmslow Library and one at Handforth Library. The staff have been advised to check the computers frequently to avert the deployment of new hardware devices, but the threat is obviously still present. Furthermore, these precautions cannot help to parry an attack from a keystroke logging software.

So how can you avoid and detect keystroke logging?

After reading this information you should now understand why keylogging is a very dangerous and real threat to security.  However, there are practices to detect and remove keyloggers. First of all, you should definitely have a strong password policy to ensure safety within your organization. Conducting frequent checks on public computers is also key. Other than that, you can observe transmitted data to identify if a keylogger is present. Also, you can disable self-running files to reduce the possibility of an infection. Lastly, always having an up-to-date antivirus protection can help you to detect and remove any type of malware, including keyloggers.

If you or your organization are looking for a higher level of security against keyloggers, you can also consider using an anti-keylogger. These types of software are specifically designed to encrypt keystrokes. They detect signs of a keylogger on the computer and remove known loggers, protecting the users’ identity and personal data. However, this still cannot ensure total safety.

Project manager and librarian Martin Schmidt-Nielsen shared his experience concerning detecting and avoiding keyloggers with us. “In the last 4-5 years Aalborg Public Libraries have taken measures to secure our computers from keylogging software as well as keylogging devices. Our actions include marking keyboards in different ways, putting stickers on joints and gluing keyboards to USB ports. On top of that we are using thin client computers which restart regularly wiping all information left on them by patrons. The key to our strategy is making data theft by keylogging difficult to do and easy to detect.”

Martin Schmidt-Nielsen’s advice for other organizations would be to conduct regular inspections and to make tampering with keyboards clearly visible to the staff. He suggests that these precautions should scare most criminals away.

Security and protection with Princh’s software solution – Protective Keyboard

With input from Kommunernes Landsforening (which in English translates to The National Association of Local Authorities) and in collaboration with Danish libraries, Princh has identified a solution to the problem; a software that turns off input from the physical keyboard when entering sensitive information, including e-mail logins, ID data, payment card details, etc. Instead, the user uses a virtual, secure on-screen keyboard via the mouse.

There are several good reasons to use Princh’s Protective Keyboard. Firstly, it significantly reduces the risk of users’ sensitive data, identity or money being stolen. Moreover, it decreases the need for staff to monitor, control and inspect all of the shared PCs, making the employees’ job easier. Furthermore, Princh’s solution gives users of public devices a sense that every effort is being made to protect them from cybercriminals. Martin Schmidt-Nielsen expects that the Princh Protective Keyboard will significantly add to the defense against keylogging in any institution. “Disabling the weakest spot, the physical keyboard, will make it very difficult to steal data with any keylogging device or software.”

The key features of the product include intelligent detection and learning of sensitive text input fields, making the text input from the physical keyboard disabled. It also guarantees an automatic display of a virtual, secure keyboard by clicking on the sensitive text input fields. During usage the software clearly informs the user about what is happening, so they are aware of the Protective Keyboard’s actions. In addition, it supports numerous languages and provides tailored keyboards for every input type to increase ease of use.

The Princh Protective Keyboard software can be installed manually to a PC device or rolled out via SCCM or similar deployment software. If you are interested in learning more about our product, please contact us by filling out the form HERE.

We will be back next week with another interesting article from the library world!

Want more insights from libraries across the world?

Find us on Twitter and Facebook and subscribe to our blog to receive new library insights directly to your e-mail.