Category Archives: Keyloggers

Reality check: what actions should be taken if an hack attempt seems to be a false positive

Posted on by

Premise:

Some time ago a friend of mine created a Microsoft based mail account (Live Id/Microsoft Account. He just needed the mail) to use for receiving some messages. The account was created and then left unused for a few days. Later, wh… Continue reading Reality check: what actions should be taken if an hack attempt seems to be a false positive

Looking for a specific story of a pen-tester who used a fake raffle to get a keylogger into a company

Posted on by

While reading about USB hardware keyloggers on the web a few months ago, I stumbled upon a story by a rather patient pen-tester:

He organized a raffle where the first prize was a cool gamer keyboard — with an implaneted hardware keylogger. 🙂 And of course he sent invitations for this raffle only to a very few selected target persons (IT admins) inside the target company. And as the organizer of the raffle he could decide himself which administrator will win that cool keyboard.

That way he got the keylogger into the company and it worked quite well for a while. But suddenly the keylogger recorded rather different usage patterns and not stuff the winner of the raffle would do. In the end the keyboard was so cool that it caused envy with coworkers of that admin, so that when the admin was on holidays, one of his coworkers grabbed the keyboard and used it for a few weeks.

Unfortunately I haven’t bookmarked where that story has been posted and now I want to reference to it in an article I’m writing and can’t find it anymore on the web. 🙁

I searched for quite some keyword combinations on Duckduckgo and Startpage (i.e. Google). But even after trying to find that article on the web again every few days for a few weeks, I wasn’t able to find it anymore.

Things I unfortunately can’t remember anymore about the story:

  • If the term “raffle” was used or if another term like “prize” or “competition” was used.
  • If the article in English or in German. (Although English is more likely.)
  • Which of terms “pen-test”, “pen-tester”, “pen-testing”, “penetration test”, “penetration tester” or “penetration testing” was used. (I hoped the search engine will consider them equal, but given my luck I suspect they don’t.)
  • If the used hardware keylogger was sending out his results (e.g. over wireless) regularily or if its content has been retrieved at a single point in time later.

Things I vaguely remember:

  • The article was written from a first-person perspective.
  • The pen-tester was hired by the company to try to break in (probably electronically). IIRC the company’s name was not mentioned.
  • The pen-tester had quite a lot of time to find a way into the company: several weeks or even a few months.
  • The pen-tester was more or less aware that the admin is keen on the keyboard used as prize, i.e. he did some social-engineering in advance to that raffle.
  • It might have been a blog posting and I very likely read it on a HTML page and not in a PDF document.
  • The used keyboard was a rather pricy one, like $150 or $200.

So I’d be really happy if anyone remembers that article better than I do and either knows more specific details about it (to refine my web search) or even knows where to find that article.

Continue reading Looking for a specific story of a pen-tester who used a fake raffle to get a keylogger into a company