The BBC last night reported on a foiled bank robber where two “hackers” managed to get access (at least partially) to sensitive information – in this case authentication credentials for terminals in the bank.
They were eventually foiled by incorrectly completing the fund transfer screens, but what I’m more concerned about is the simple fact that they were able to gain physical access the terminals in the first place, and why the key loggers were not detected; the majority of key loggers are detectable by anti-virus applications. But even the fact that in order to install the key logger software (if indeed it was software, there are hardware key loggers) you need user access – you can’t (or shouldn't) be able to install any software on a corporate machine that hooks keyboard i/o without administrative rights surely ?
I’m more worried by the fact that if these hackers, if they can be called hackers – it’s not exactly difficult to use key logger software after all – had been more proficient, and had selected a better inside person, the outcome of this “robbery” would have been significantly different.
Makes you wonder ..
(BBC Link: http://news.bbc.co.uk/1/hi/uk/7909595.stm)