Attackers seeking to do harm or mischief to networks work with an ever expanding arsenal of tools that sometimes seem to be the stuff of spy fiction, but they are all too real.
Here are 10 cloak-and-dagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations.
1. Wireless keyboard eavesdropping
Remote-exploit.org has released an open source hardware design and accompanying software for a device that captures then decrypts signals from wireless keyboards. The device uses a wireless receiver that can be concealed in clothing or disguised as a common object that could be left on a desk near a PC to pick up signals.
Called Keykeriki, the technology targets 27MHz wireless keyboards to exploit insecurities that remote-expoit.org discovered earlier. The company plans to build and sell the hardware.
2. Wired keyboard eavesdropping
Electromagnetic pulses that keyboards make to signal what key is being hit travel through the grounding system of the keyboard and the computer itself as well as the ground for the electrical wiring in the building where the computer is plugged in.
Probes placed on the ground for the electric wiring can pick up these electromagnetic fluctuations, and they can be captured and translated into characters. The potential for this type of eavesdropping has been known for decades, and many experts believe spy agencies have refined techniques that make it practical. Andrea Barisani and Daniele Bianco, researchers for network security consultancy Inverse Path, are presenting their quick-and-dirty research on the topic at this year's Black Hat USA conference in the hopes of sparking more public research of these techniques.
3. Laptop eavesdropping via lasers
Bouncing lasers off laptops and capturing the vibrations made as keys are struck give attackers enough data to deduce what is being typed. Each key makes a unique set of vibrations different from any other. The space bar makes an even more unique set, Barisani and Bianco say.
Language analysis software can help determine which set of vibrations correspond to which key, and if the attacker knows the language being used, the message can be exposed, they say.
4. Commercial keyloggers
Early keyloggers were devices attached in-line with keyboards, but they advanced to software tools that grab keystrokes and store or send them to an attack server. Commercial versions have the software loaded on memory sticks that can dump the software on a computer and then be reinserted later to download the collected data.