Educause Security Discussion mailing list archives

Re: USB Keyloggers

From: "Behun, Michael" <behun () BUFFALO EDU>
Date: Thu, 12 Jul 2018 17:06:55 +0000


keylogger incidents:
USB keyloggers are put in series with USB keyboard


1.       Detection:

a.       Physical – look to see

b.       USB keyloggers were passive pass-through  - nothing at all in system log if machine is off

2.       Attempts

a.       Yes

3.       Discover

a.       Complaint from individual

b.       Investigation of unauthorized access to system

c.       Security Camera footage

d.       Tracking unauthorized login with compromised credentials
Hopefully, you will get compromised account and other account from same IP.

4.       Remediation

a.       Criminal complaint / charges

b.       Administrative Staff – use two Factor
Reviewing:

1.       physical security changes

2.       Faculty 2 factor authentication for systems involving grades.

Comments:

1.       Physical security is difficult.   After reviewing several implementations, teaching stations and cabinets are 
designed to keep equipment from being stolen not prevent USB port access.

2.       We have not seen an incident with the USB wifi keylogger, yet.

Mike

Michael Behun, CISSP HCISPP
Computer Discipline Officer
CIT HIPAA Compliance Officer
VP CIO HIPAA Security and Privacy Official
University at Buffalo
1 716-645-7739
behun () buffalo edu<mailto:behun () buffalo edu>


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hiram Wong
Sent: Thursday, July 12, 2018 12:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] USB Keyloggers

Hi Everyone,

I was wondering if any of you have any experience with USB keyloggers and detection of them? Have you had attempts from 
students, employees, etc to gain access to usernames and passwords via a keylogger?  How did you discover it and what 
was the remediation for the event?  Thank you in advance!

Hiram

--
[eSig Logo]

Hiram Wong, CISA
Information Security
2411 West 14th Street, Tempe AZ 85281
phone | 480-784-0519
email | @domail.maricopa.edu<mailto:@domail.maricopa.edu>
website | https://www.maricopa.edu<https://www.maricopa.edu/>
[eSig facebook]<https://www.facebook.com/maricopa.edu>[eSig twitter]<https://twitter.com/mcccd>[eSig 
linkedin]<https://www.linkedin.com/company/maricopa-community-colleges>[eSig 
youtube]<https://www.youtube.com/user/themcccdEDU>[eSig instagram]<https://instagram.com/maricopacc/>



[facebook]<http://www.facebook.com/maricopa.edu>

Current thread:

USB Keyloggers Hiram Wong (Jul 12)
- Re: USB Keyloggers Doty, Timothy T. (Jul 12)
- Re: USB Keyloggers Behun, Michael (Jul 12)