3 min read

Software espionage

New forms of spyware lead to non-traditional methods for ensuring security

James Bond and James Bond wannabees might as well retire. There was a time when it was commonplace for spies to save the world through pure altruism, but the famous 007 is now passé.

Another type of espionage is now in fashion, and secret agents come in the form of software programs. Getting inside a computer without the owner’s knowledge, they pursue their objective, which has nothing to do with the spirit of romanticism, and everything to do with the almighty dollar.

In order to achieve its ends, this newfangled spy exploits the weaknesses of various means of communication such as e-mail, browsers, peer-to-peer exchanges, and memory keys. Once it has infiltrated a workstation, it can take its time as it spies and records the user’s activities with the mouse, screen copies, or the keyboard. Discovering a credit card number, a bank account number, or a social insurance number, or even stealing the victim’s identity, then becomes mere child’s play.

However, the misdeeds of spy software – sometimes called spyware – don’t stop there. This intruder also slows down the computer, wreaking havoc with its central processing unit, its memory, and its bandwidth. Sometimes, it even changes the selection of the Internet home page.

Among these modern spies, the best known is no doubt the key recorder, which exists as both hardware and software. The hardware version is a device that links the keyboard to the PC. It’s easy to detect, of course, but it can be installed by the first person that comes along. Personally, I like to bring my own keyboard with me when I visit clients, because then I can be sure, when I connect it, that one of these devices is not being used.

While the software version of the key recorder is harder to install, it’s also much harder to detect. Detection requires a security program, because this spyware is nothing less than an evolved virus.

An anti-virus program can sometimes intercept it, but anti spyware is usually needed for proper protection. It’s even advisable to use different programs, in order to be certain of detecting any intruder. Most anti-virus programs will likely soon include anti-spyware. In fact, some firms have managed to get this stipulated in their renewed anti-virus program contract.

It’s highly recommended that you choose a supplier who offers automatic updates of such protection programs, so that you can count on the latest patches. It’s also wise to let Microsoft apply the regular Windows updates to your computer, because they include numerous security-tightening measures, rather than downloading them yourself.

Be wary of USB keys that you find by chance! These devices are frequently left out deliberately for someone to find (for example, in the parking lot of a company targeted for espionage), with the goal being to insert a hostile program into the computer of the person who falls into the trap. Intentionally “lost” USB keys contain an autorun program that “injects” the spyware into the computer as soon as the key is inserted into the USB slot.

Other preventive measures can also be taken. Use a browser other than Internet Explorer (because it’s the most widely used, by far, it’s also the most targeted). Never open or click on a file with the suffix .exe when you are not sure of its nature or origin. Navigate in safe waters as much as possible, or in other words, stick to known and recommendable sites (for example, there’s no risk of infection by spyware when visiting MSN, Yahoo!, Sympatico, or Wikipedia). If you must visit an untrustworthy site, it’s better to launch your anti-spyware after the fact, even if another protection program is already operating in the background.

These basic precautions will reduce your risk of infection, although they won’t provide you with the certainty that your computer has not been taken over by a spy. The only way to be absolutely sure of this is to reset your machine’s image to zero – a solution that may seem rather drastic in many circumstances.

In the end, successful counter-espionage depends on awareness of the problem. In this respect, governments and suppliers definitely bear their portion of responsibility, but users shouldn’t take anything for granted.

Everyone must do his part. This is probably the only way romanticism will come back into style.

Benoit H. Dicaire is an Information Security Strategist at INFRAX, a firm that specializes in computer security.