Clear up any compliance confusion on a free 30 minute call with one of our cybersecurity experts.
What are keyloggers and what guidance does the CMMC provide
A keylogger is a device or application that is used for keystroke logging. This captures and records a computer users' keystrokes. This includes capturing sensitive passwords. While keylogging is occurring the person using the keyboard is unaware that their actions are being monitored.
When were hardware keyloggers first used?
Keyloggers first appeared in the 1970’s when the Soviet Union developed and deployed a hardware keylogger targeting typewriters in the US Embassy and Consulate buildings in Moscow.
When were software keyloggers first used?
Software keyloggers first hit the scene in 1983 when an early keylogger was written by Perry Kivolowitz.
Were keyloggers ever used by the FBI?
Yes, in 2000 the FBI used FlashCrest iSpy, a key logging software to obtain the passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Also in 2000, the FBI lured two suspected Russian cybercriminals to the US in an elaborate ruse. The FBI captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects computers in Russia to obtain evidence to prosecute them.
What guidance does the CMMC provide regarding keyloggers?
Various CMMC practices if implemented can help your organization avoid the threat of key loggers. Physical access controls can help prevent a malicious person from installing a physical keylogger on your systems. Implementing the principles of least functionality and least privilege can reduce the risk of key logging software being installed on your systems. By installing and properly configuring anti-malware solutions on your systems you can block and detect software keyloggers. By properly configuring your firewall to block unauthorized traffic you can prevent a keylogger from sending any captured keystrokes back to the attacker.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.