KeySweeper: When Tech Attacks
If you work hard to stay on top of your identity and prevent identity theft, you certainly have your work cut out for you. Apart from just knowing the little tricks and traps that scammers and hackers use and staying up-to-date on the latest threats, the unfortunate reality is that there are things you cannot prevent. Large-scale data breaches, intentional “inside job” identity theft, boss phishing attacks…the list goes on.
Now, law enforcement and cybersecurity experts are uncovering a whole world of technology that is designed to steal your information without your knowledge. Years ago, the industry warned of a tactic called “juice jacking,” which occurs when a public phone charging station is actually connected to a computer that steals your information.
Public wifi has long been known as a threat since hackers could be “listening in” on your internet activity. Even credit card machines and gas pumps have fallen victim to “skimming,” in which a micro-thin film steals your credit card information when you swipe your card.
The latest device that criminals use for data mining looks innocent enough, and mimics a device that many of us probably even own. A simple USB charger that stays plugged into an outlet in order to charge any type of device can actually be stealing your information without you knowing it, and no, you don’t have to plug in your phone for it to happen.
The KeySweeper looks just like any other charger, but it’s a monster for data theft. Not only is it sniffing out information that gets sent over unencrypted computer components, it even has a rechargeable internal battery that keeps it running (and stealing) if someone unplugs it. The KeySweeper is mostly looking for keystrokes that tech users type on wireless keyboards, then transmits that information back to its originator. That information could be everything from user names and passwords to proprietary business information and sensitive communications.
Fortunately, companies who make wireless components have begun encrypting the keyboards themselves, hoping to prevent this type of identity theft. But that’s not all you can do.
First, determine if you actually need a device that transmits your typed information instead of entering it. If you do, make sure it’s a newer model with encryption. Then, be on the lookout for aftermarket products that others may have plugged in around your workplace; the KeySweeper isn’t something you would accidentally buy (yet!), but it’s not hard to imagine someone selling inexpensive items that do this very thing, hoping you’ll purchase it, plug it in at home, and then turn over information from your internet connection.
Finally, make sure you’re monitoring your credit reports regularly so you can stay on top of any suspicious activity. If someone has stolen your identity and is using it, detecting it early can prevent a lot of work down the road.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.