Someone puts keylogger on your computer...can U arrest them?

CiscopimpenatorCiscopimpenator Inactive Imported Users Posts: 134
What I really mean is..... can you charge them for a crime?

I did some work on somebody's computer and his "buddy" installed a keylogger which would send information over the Internet to his friend.

Are there legal actions which can be taken?

-Ciscopimpenator
-Ciscopimpenator

Comments

  • CiscopimpenatorCiscopimpenator Inactive Imported Users Posts: 134
    It was his personal computer, nothing business related.

    I guess it gets hard when you let people use your computer.
    -Ciscopimpenator
  • PlantwizPlantwiz Mod Posts: 5,057 Mod
    What I really mean is..... can you charge them for a crime?

    I did some work on somebody's computer and his "buddy" installed a keylogger which would send information over the Internet to his friend.

    Are there legal actions which can be taken?

    -Ciscopimpenator

    I'd probably recommend letting the two of them handle it. First, how does this person 'know' that his/her friend installed said keylogger?

    -Is it possible they installed the program on their own as a test and forgotten it was there?
    -Is it possible it was 'installed' via a website they or said friend visited unknowingly?
    -Is it a physical device or software you found?
    -How was it determined the data was transmitted to this 'friend'?
    -Now that you've become involved with this PC...how does this person 'know' it wasn't installed by you? What steps have you taken to ensure your work is 100% professional and in the best interest of this client? (not saying you did this, but when fingers start getting pointed....even the helpful souls get figured)

    (who lets anyone just 'use' their PC nowadays???? doesn't just about everyone who needs one have their own?) icon_rolleyes.gif

    Anyway, I think if this person is already searching for 'legal' action....something isn't right to begin with. Their first response should be to discuss this with the person they suspect....it could have been just a 'joke' icon_mad.gif Or it may not be that person at all...in which case, it will be better to find out NOW then falsely accuse someone and burn a ton of money on attorney's and a court system that will probably just throw it out unless there is some terrific data/proof to support a damages claim.


    Suggest the two discuss it before jumping to conclusions. YMMV
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • darkuserdarkuser Member Posts: 620 ■■■□□□□□□□
    you have two choices say nothing or walk into the police department in the town where you witnessed the crime and make a report. they'll take care of the rest.
    rm -rf /
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    JDMurray wrote:

    In court there a few "elusive" definitions that make this matter a tough one. 1. The term "authorized" and "un-authorized". In some jurisdictions, you might be found guilty of a crime for just having possession of such a device. Some of these cases have to be appealed up to a higher court to get a really good look. For example, once it's in federal court, the DOJ's interpretations (which usually favor the prosecutor), are more likely to prevail. This is why we almost always count on having to appeal these cases up. The truth is, there are not a ton of local legal bodies (attorneys and judges included) that have the needed understanding of these issues to try them effectively. It was probably a case of the prosecuting attorney not fully understanding all the dynamics of such a case. In other words, use of a keylogger without the expressed persmission of the owner of a system is pointed to in several US Codes. It's up to the attorney to point this out and make the light bulb come on in the heads of jurors or judges. If you read the codes carefully you'll see terms such as "access device fraud",

    Here's a Kinko's case that I happen to be intimately familiar with. You can ignore the software piracy part.
    http://www.usdoj.gov/criminal/cybercrime/jiangSent.htm

    Look in at this case and look for the term "eavesdropping". Although this individual used a software keylogger, I've witnessed the same eavesdropping violation being applied to hardware keyloggers as well.
    http://www.usdoj.gov/criminal/cybercrime/genoveseCharge.htm

    And also go the source. Go here and read Chapter 2 of the Wiretap Act.
    http://www.usdoj.gov/criminal/cybercrime/ccmanual/02ccma.html

    More specifically, the defense in the California case JD referenced probably used this paragraph in his defense.
    For instance, a defendant has claimed that his device that acquired transfers between a keyboard and a computer did not acquire any electronic communications. United States v. Ropp, 347 F.Supp.2d 831 (C.D. Cal. 2004). In Ropp, the defendant placed a piece of hardware between the victim's computer and her keyboard that recorded the signals transmitted between the two. Id. The court dismissed the indictment charging a violation of section 2511 because it found that the communications that were acquired were not "electronic communications" within the meaning of the statute. Id. The court concluded that "the communications in question involved preparation of emails and other communications, but were not themselves emails or any other communication at the time of the interception." Id. at 835 n.1. Because the court found that the typing was a communication "with [the victim's] own computer," it reasoned that "[a]t the time of interception, [the communications] no more affect[] interstate commerce than a letter, placed in a stamped envelope, that has not yet been mailed." Id.

    The key is making sure you read all attachments, adendums, and revisions, in these acts, because this is usually where you'll find where congress makes an effort at stating what their intentions were by passing such acts.

    I won't try and make this a legal clinic since I'm not an attorney, but I'm involved in these cases ALL THE TIME and have spent many hours helping counsel research the laws and limitations on such issues. The bottom line is finding what act, law, or statute a certain action or behavior falls under and prosecute based on that. Someone trying to prosecute a keylogging incident under the Wiretap Act clearly did not do their homework. It's easy to "run out of gas" when researching this stuff, but it makes you feel like a million bucks when you nail it.

    I had to speak about this press release just last week.
    http://www.usdoj.gov/opa/pr/2007/April/07_ag_277.html

    Citing Identity Theft and it's growing concern, all existing statutes that somehow managed to allow keyloggers to slip through the cracks and not be addresed, are being "expanded". So I would venture to say that a year from now, that exact same case, tried under the exact same circumstances and using the same the strategy (Wiretap Act), will probably be successful. I've probably had to work with more lawyers over the last year than I have any other group of people, and one thing I've learned about law (specifically cyber law), is that just like technology, it's constantly evolving.

    To answer the original poster; Yes your friend could probably successfully prosecute, but he'd have to get the right attorney (which won't be cheap), and hope that the attorney cites the correct statutes. And be prepared to take it to higher courts. Just a ballpark guess, he'd be looking at anywhere from 100 to 150 grand.
  • DW [banned]DW [banned] Inactive Imported Users Posts: 240
    I'd report it and turn the keylogger over to the police.

    Won't cost a dime to report a crime and fraud or an attempt to defraud is a crime.

    Wiretapping is a crime.

    Who knows - maybe you found something that is being used against a lot of people?


    Plus of my identity EVER got stolen, I'd have a paper trail and a smoking gun.

    100-150 may sound like a lot...

    Imagine someone using your info and buying a 400k house or running up 100k or more in crecit card debt...

    Easy to do.

    It is a CRIME - report it.

    The person using the keylogger - did not have the best intentions whatever they may have been...

    Un-huh!!!

    Apply common sense.

    Make it know that the person is a potential problem - easier for the next person to convict
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    The proper thing to do would be to call the police BEFORE removing the keylogger. And if they did their jobs, they'd get a qualified forensics person to do REAL forensics on it before anything had been touched. Pulling the Keylogger out and turning it over to the police yourself will have already virtually destroyed the chain of custody thereby violating the rules of evidence, which will most likely cause it to be thrown out in court even if it ever makes it there. But Darby makes a very good point. Report it all and get him/her in the system.
  • PlantwizPlantwiz Mod Posts: 5,057 Mod
    On a business-level I don't disagree with contacting authorities....HOWEVER, I'm still stuck on the idea that a 'friend' had another friend look at his PC and a 'buddy' of the PC owner is being accused of installing a keylogger.

    While there may in fact be some malintent...just how can you jump into call the police without some fact gathering? This sounds very similar to the angry husband/wive or boyfriend/boyfriend etc... relationship gone south and one partner is 'gettng' back at another partner. Now it was stated that it was a 'buddy' meaning that it was more likely a friend then a partner of sorts...but just how can conclusions be drawn with general information?

    IF this situation were more of an employee of ABC Company was keylogging an associates computer...it's a little more clear about what to recommend as a resolution...and by this date in 2007 if you have a business without some computer-data-theft clause in your employee handbook...shame on you.

    Instead we have a friend accusing another 'friend' (buddy) of some ill doings. Where is the personal responsibility here?? First, I just don't see how the accuser cannot confront this buddy. Second, as previously mentioned...who just lets people jump on their computer...especially if you use your computer for personal finance/data and not merely an e-mail/web-browser. Third, with the number of people I've seen with SLOPPY web browsing habits....NO ONE touches my computer...I don't want them accidently/on purpose picking up some malware.

    Basically, if you just 'let' someone jump on-line...are you not in the room with them?

    I think there just hasn't been enough information to jump to conclusions. I do think that it is pretty clear to contact authorities when appropriate. However, with the number of LEO friends I have, domestic squabbles are pains and frankly...this really does smell like a domestic problem.

    Perfect reminder to check ones habits of personal data protection:
    1. shred all financial documents after review for correctness and/or held for proper length of time depending on the tax implication of said document.
    2. keep track of credit cards. Have numbers handy to call and cancel/report theft when noticed.
    3. consider ID Fraud protection from a good insurer.
    4. Limit who has access to your personal areas of home/documents etc.. Locks keep honest people honest. So if you desire Internet access throughout your home, have a low-end PC that merely can access the Internet, but not your network. Or follow some other encrypted file protection /user login scheme that works for your needs.
    5. Remember those rules we learned as children and teach our own children....don't talk to strangers. Know the difference between 'good' strangers and 'bad' strangers. Meet 'new' people in public places until you are comfortable bringing them 'home' (applies to girls as well as the guys).
    6. Practice general common sense....and if you don't have it...find it. ;)
    7. familiarize yourself with your local laws, but save the courts for real crimes. (again, in this case we are told of a 'suspect' buddy installing a keylogger...we haven't heard if there is absolute proof this was purposefully installed or if it was picked-up while surfing or something. The owner of the PC could have accidently become infected with it him/herself. So have them 'talk' to their buddy.

    There are bad/evil people out there...but come on...sometimes you need to act like a grownup and use those skills to communicate with people. Too many misunderstandings due to lack of communication. You'll likely find out real quick if the PC Owner confronts the person. If it was on purpose...then you can call the cops if you like. Sometimes things need to go to lesson learn the hard way, correct the ways for this to happen again, move forward.
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • DW [banned]DW [banned] Inactive Imported Users Posts: 240
    Hmmm...

    Personally I'm the only guy who touches my computers.

    My wife even has her own and I keep a backup notebook for in the event her primary notebook should fail.

    I've had one guy log into my computer at work since 1994. He's actually a friend of mine and I keylogged my machine. He knew it.

    Sorry I take my privacy seriously.

    Personally, I'd just spare no expense to hack my attacker, but that is just me, but this is not the responsible thing to advise most people.

    So... do what you think you should do.
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    It's true the situation is unique when it's a "friend". But I'd still recommend contacting authorities or a professional to check things out. If the "friend" installed a keylogger, there's no telling what else he/she did. What if the friend installed a back door and regularly uses that system as hopping point to trade in illegal nasty pictures, illegal software, or use it as a launch pad for attacking government systems? Chances are, the victim here has no idea how to look for evidence of any of the things I just named. And to make matters worse, might not find out until the feds come knocking. I know some of you might be saying to yourself "the feds will do forensics and find out the machine was being controlled remotely....wrong. They will only be aiming to validate that the attack did come from that machine. The burden of proving that someone else had control of the machine is own the owner. Now simply making a police report and getting it on record would go a long way in establishing a level of "victimization" in the owners case if something happened after the keylogging incident. We trust people everyday in some form or fashion, and sometimes that trust is abused. We all say stuff like "never on my computer" or "no one works on mine but me". However, we have to remember the person in question is probably not an IT professional like we are, so therefore he's put into a position to where he has to trust others to assist with technical issues. And I would guess that most if not all of us here on this forum has been in a position where we did some type of repair, or troubleshooting on a friends PC. Sounds like the same thing happened here, just the trust was violated.
  • DW [banned]DW [banned] Inactive Imported Users Posts: 240
    Wisely said.

    Others do rely on us to be professional and worthy of trust.

    This guy violated that trust and it hurts us all as workers in this industry.
  • milliampmilliamp Member Posts: 135
    Some kids do stupid things like trojan or keylog their friends PC's.
  • PickerPicker Member Posts: 46 ■■■□□□□□□□
    Whats the best and easy way to detect and remove a keylogger e.g. All in one Key Logger
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Picker wrote: »
    Whats the best and easy way to detect and remove a keylogger e.g. All in one Key Logger

    Formatting is the only way to know for sure that it's gone. There are many keyloggers that will migrate processes (similar to what you can do with the meterpreter in Metasploit). Keyloggers fall under "being rooted" and when you're rooted you should wipe the slate and start over.

    That being said, you guys saying to go to the cops are crazy. Just wipe it, start over, and tell him not to let people use his machine.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Paul Boz wrote: »
    Formatting is the only way to know for sure that it's gone. There are many keyloggers that will migrate processes (similar to what you can do with the meterpreter in Metasploit). Keyloggers fall under "being rooted" and when you're rooted you should wipe the slate and start over.

    That being said, you guys saying to go to the cops are crazy. Just wipe it, start over, and tell him not to let people use his machine.

    I am quite certain that report would get lost in "file 13" seconds after the person making the report left.
  • quickercarterquickercarter Registered Users Posts: 2 ■□□□□□□□□□
    JDMurray wrote: »
    It looks like legally, keyloggers are in the category of "wire tapping," but it also looks like it's up to a judge's interpretation of the wiretap laws, or jury's ability to understand what a keylogger does.


    A federal grand jury indicted private investigator Anthony Pellicano and two associates for the alleged illegal use of law enforcement data and wiretapping using a custom software program


    A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law.


    Check your outgoing connections and see if any data is being sent to a unknown source. If so you can easily block the connection or you can try and find where the logger is hiding on your computer and attempt to remove yourself. If unable to find try and find some sort of anti-virus to run a system scan to help look more thoroughly.
    See more about How to Detect If a Keylogger is Installed:
    http://www.myjad.com/detect-installed-keylogger.html
  • Moon ChildMoon Child Member Posts: 198 ■■■□□□□□□□
    My ex put keylogging software on her computer. She voluntarily let me use her computer whenever I visited her or lived at her house for a few weeks at a time. I had no idea keylogging software was on her computer. She told me after she confronted me about the websites I was visiting and my web surfing activities. The lesson I learned was not to assume anything even if it is someone you trust.
    ... the world seems full of good men--even if there are monsters in it. - Bram Stoker, Dracula
  • JDMurrayJDMurray Admin Posts: 13,093 Admin
    I like the keyloggers that are little USB nubs that send the logged data over Bluetooth to a nearby receiver that won't show up on a cell phone's scan for Bluetooth devices. Who checks their USB ports for something like that?
  • angie42angie42 Registered Users Posts: 1 ■□□□□□□□□□
    A person that I thought was my friend on the net only(we have never met in person) openly admitted to me that he was having all of my passwords "rerouted" to his computer and changing them. I am not the type to call the cops so I simply bought a new PC. Somehow,I have no idea how,this man is STILL changing my passwords. I found out that he is a convicted felon and had to pay back 75 grand to elderly people for running a scam on them. Now,I am going to the police.My question is that since he and I are in different states isn't this a federal crime? Also,it is so creepy and I feel stalked by this man. I appreciate any advice that you may have. Thank you.
  • idevuseridevuser Member Posts: 18 ■□□□□□□□□□
    angie42:
    First thing, change your passwords, security questions, alternative email address on all your accounts, and remember do not use same password for all accounts.

    Second thing, install good internet security software and install anti key logger software.
    Internet Security Suites Software Review 2014 | Best Computer Security | Compare Security Suites - TopTenREVIEWS
    Anti-Keylogger Software Review 2014 | Keylogger Remover

    Third thing, do not click links in any email, first verify them then open, or just simply ignore emails from unknown source.
  • ShdwmageShdwmage Member Posts: 374
    The burden of proof is on the accuser. There is no way to truly know if his friend was the one to install the software or not, unless you can break down the virus and see where it went to. My suggestion is to just remove it and move forward. Most of the time the police don't have the facilities to handle a crime like this anyhow. There is a lot of expertise that goes into cyber crimes, and unless you live in a large city they probably won't have the knowledge to handle it either.
    --
    “Hey! Listen!” ~ Navi
    2013: [x] MCTS 70-680
    2014: [x] 22-801 [x] 22-802 [x] CIW Web Foundation Associate
    2015 Goals: [] 70-410
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Unfortunately your friend really has no case. I have to make some assumptions, but I suspect he had one account on the computer already logged in thus there is no log showing his friend logged in. There's also no definitive proof that this person was the one who installed the keylogger. Depends on the state as whether or not this falls under wiretapping, but I suspect that even if you filed a police report they won't have anyone with the time to investigate what will amount to a he said she said. At this point you're going to be waiting to see if something goes missing (money from his bank account) or if lines of credit get opened in his name. Which again leads you down the "this happens to thousands of people a day" and your local police department doesn't have the resources to combat it. Also, you've now tainted the available evidence as soon as you looked at and fixed the PC.

    My aunt recently had her identity stolen and several credit cards opened in her name (along with not receiving her snail mail). Went to the local police department and they told her to come back at x time when the SGT who works those cases is available. Comes back at x time and he says he isn't the one who works identity theft the person she spoke to was. Goes again and they take a report, but tell her that they don't have the resources to investigate and honestly the chance of catching the person are slim.

    I recently worked a case of a break in and after two months we eventually got to the point where the trail went cold. Cyber cases are notoriously difficult to investigate and a lot of departments won't even look if that dollar amount isn't at a certain level.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • aftereffectoraftereffector Member Posts: 525 ■■■■□□□□□□
    Hopefully his friend got some resolution at some point in the last seven years :)

    This thread is old!
    CCIE Security - this one might take a while...
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Whoa didn't even notice that!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.