Forgot your password?
typodupeerror
Privacy Your Rights Online

Mandatory Keyloggers in Mumbai's Cyber Cafes 240

Posted by kdawson
from the just-don't-press-any-keys dept.
YIAAL writes "Indian journalist Amit Varma reports that Mumbai's police are requiring the city's 500 Internet cafes to install keystroke loggers, which will capture every keystroke by users and turn that information over to the government — nearly in realtime by the sound of it. Buy things online, and the underpaid Indian police will have your credit card number. 'Will these end up getting sold in a black market somewhere? Not unlikely.'"
This discussion has been archived. No new comments can be posted.

Mandatory Keyloggers in Mumbai's Cyber Cafes

Comments Filter:
  • by Veinor (871770) <veinor AT gmail DOT com> on Sunday September 09, 2007 @10:21PM (#20533711)
    Likely?
    • Fiddle the cursor (Score:5, Interesting)

      by EmbeddedJanitor (597831) on Sunday September 09, 2007 @11:54PM (#20534443)
      This technology is very easily fooled anyway... so long as you know about it. Just move the cursor around a bit with your mouse as you type. For example, if your credit card is 12345678, type 18 then set the cursor between the 1 and the 8 and type 34567 then set the cursor before the 3 and type 2. It looks like you typed 18345672.

      And if you're being a political rabble rouser you can type "Bush is a wally" so that it looks like "wish us a Bally".

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Couldn't you just design a keylogger that would also tie it into the Windows messaging system and override all of the string classes implemented in the Windows APIs? In this way you could have it also capture the applicable string when the appropriate messages were sent in the Windows messaging system. If you see a WM_OK (for example), you could then check if a CString was altered or referenced. Similar things could be done with other GUI APIs.
      • by faloi (738831)
        The downside is that some loggers take screen shots. You can fiddle with cursors all day long, and it won't help. What would be a really good idea is for more credit card companies to issue "single shot" numbers to people that want them. Granted, you can't very well apply for one online at the unsecure box, but it's a start.
      • Re:Fiddle the cursor (Score:5, Interesting)

        by speaker of the truth (1112181) on Monday September 10, 2007 @04:07AM (#20535827)
        Another trick is to type in the field as well as out of the field. So you type 12167423457831642741211141853900 and they'll know you've typed too many numbers, but won't have any idea which of those numbers is your credit card number.
        • If you already have software to log key presses, adding onfocus and mouse click logging to assist reassembly of the correct sequences should be (or become) an obvious next step.
          • Correct. However if only 3% of people who enter in credit cards do this, then is it worth the effort?
            • by QMO (836285) on Monday September 10, 2007 @09:39AM (#20537607) Homepage Journal
              Yes, because that 3% is more likely to contain those people you most want to catch.

              Don't you think that the group that works hardest to evade inspection is the group you most want to inspect?
              • It depends if you want to inspect people or are simply trying to steal credit card numbers. The submitter of this story made it sound like the police were concerned more about the latter. I don't know if this is racism or a simple fact of life in India, so I simply responded to the submitter's claims.
      • Re: (Score:3, Insightful)

        by jma05 (897351)
        Start->Programs->Accessories->Accessibility->On-Screen Keyboard

        Seriously, as an Indian - this is not Orwellian as it might appear. Just a case of some bureaucratic nut who just discovered key loggers coming up with these impractical ideas.

        "Never, never blame anything on a conspiracy that can be explained by incompetence."
  • by Anonymous Coward
    Am I the only one noticing how all the world's major nations are accelerating towards fascism? Perhaps we're headed towards some sort of violent global revolution, I know we here in the US are LONG overdue (what was it Jefferson said? A violent overthrow every decade is vital to the health of a nation?). I'm hoping for a world without borders and a benevolent, corruption-proof, completely transparent government. And abandoning coal and oil for nuclear power. And truly non-evil corporations. And free c
    • by lastninja (237588)
      Surely Jefferson did not want the government violently overthrown every ten years? Does anyone have a link for this? BTW who should pay for the candy in a your utopia?
      • by TheLink (130905) on Sunday September 09, 2007 @11:54PM (#20534445) Journal
        Usually when a government gets violently overthrown, what replaces it is a Dictatorship that's willing and capable of the most violence.

        Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice[1]. Given that India is a democracy, they have a choice, and if you don't like the candidates, get others to stand for election then.

        That's why Karl Marx was either an idiot or an evil person because he recommended violence as normal standard procedure.

        [1] Even if you're already stuck in a dictatorship, sometimes it's just better to wait till the next generation takes over. See China - things actually got better and most steps after Mao's time, whereas if you had another violent revolution, you'd probably get another Mao in charge.

        Violent revolutions are like playing russian roulette with 5 out of 6 bullets loaded in your revolver. You're hoping you get a benevolent dictator who'd set things up properly then peacefully and orderly hand over power to the citizens. This does happen sometimes, but never bet on it.

        Would you give up 1 billion dollars if you found it in your bank account due to someone _else_ doing illegal stuff AND you know you can get away with it due to some loophole? There are a few people who'd say "sure, because it is just wrong to keep it". The Dictators you'd want are an even smaller _subset_ of those people (you need them to be competent dictators as well ;) ).
        • Re: (Score:3, Insightful)

          by fishbowl (7759)

          >Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice.

          So the colonies should have bit the bullet and waited for the next king to come around?
          • by RexRhino (769423) on Monday September 10, 2007 @12:42AM (#20534759)

            So the colonies should have bit the bullet and waited for the next king to come around?
            The colonies had their own governments, which for the most part had very weak ties to the central government in England (and England was several months sea voyage away). The primary government of the colonies wasn't being overthrown, the primary government of the colonies were actively participating in the overthrow of what they realized was a foreign power.

            The American Revolution had some very unique circumstances that don't typically exist in most revolutions.

            That isn't to say that people facing an oppressive government shouldn't overthrow the government... but most revolutions won't have the very specific advantages that the United States had in its revolution. The United States got VERY VERY VERY lucky with the circumstances of its revolution.
            • Re: (Score:3, Insightful)

              by Anonymous Coward
              Treason doth never prosper; what's the reason?
              If it doth prosper, none dare call it treason.
            • by Sycraft-fu (314770) on Monday September 10, 2007 @02:29AM (#20535291)
              That George Washington could have been king, had he wanted. He was loved enough and had enough clout that he essentially could have done as he pleased. Had he been a power hungry man, the US republic would not have taken off as it did. Might not have gone the way of absolute dictatorship, but it sure as hell wouldn't have existed as it does. Fortunately, he was a man that really cared about the ideals of freedom and set the standard of a chief executive with limited power and a good deal of accountability. However counting on that to happen isn't a good idea. Anyone care to wager if it were a man like George Bush who had lead the colonies to victory rather than Washington? You think it all would have gone the same?

              As was noted: History is full of revolutions that do not end in a nice, happy government. They usually promise that, and sometimes the revolutionaries themselves really are idealists with good intentions, but power corrupts. Have a look at Zimbabwe some time and tell me how well that revolution went.
              • by vtcodger (957785)
                ***Anyone care to wager if it were a man like George Bush who had lead the colonies to victory rather than Washington? You think it all would have gone the same?***

                In the long run, quite possibly. Canada -- which at the time of the US revolution was largely inhabited by Francophones who mistrusted George III less than they mistrusted the American colonists stayed with England and the place ended up not very different from the US.

                • Ummmmm... Ya... The discussion here was in relation to George Washington being able to have become a king, but choosing not to do so. Had it instead been a man like Bush who was the victorious commander and who had the same option, I'm thinking things would have gone differently. This is one of those situations of "Assume the colonies won the war, but the commanding general who was tapped to be the first president was a power hungry guy." I think it probably would have worked out differently.

                  Also one might
                  • by vtcodger (957785)
                    ***Ummmmm... Ya... The discussion here was in relation to George Washington being able to have become a king, but choosing not to do so. Had it instead been a man like Bush who was the victorious commander and who had the same option, I'm thinking things would have gone differently.***

                    I yield to no man in my contempt for that duplicitious dimwit George W Bush. Sure he'd become king. But I suspect that after a few years of his unending screwups (IMO we should all thank God that he is incompetent), he'd h

              • by 15Bit (940730)
                > Anyone care to wager if it were a man like George Bush who had lead the colonies

                > to victory rather than Washington? You think it all would have gone the same?

                No, a man like George Bush wouldn't have led anyone to victory. The most likely course of events is that he'd lead for one battle, maybe two, and then mysteriously get shot in the back of the head by "an enemy sniper" (i.e. friendly fire). Someone like Washington would then take command. If that didn't happen, we (the English) would still

              • I believe the quote you're looking for goes something like "Why would I get rid of George the third, only to become George the First?" - after being offered the position of "King"
        • Re: (Score:3, Insightful)

          by p0tat03 (985078)

          The way I see it, and from what I've seen through history, violent revolution is inevitable. No government is perfectly stable, and eventually all will fall. I see revolutions as a natural part of a cycle - birth, rise, rule, and collapse of an empire/government/civilization, only to begin anew again. Some countries unfortunately are stuck in a perpetual loop of revolution, which is sad, but that being said I do not think revolutions in general are avoidable. This is not to say I *condone* violent revolutio

          • by TheLink (130905)
            I'm saying people should not seek or condone violent revolution when there are other options.

            Death is inevitable. But that does not mean we should choose options that would reduce the average lifespans AND not improve living conditions either.
          • Re: (Score:3, Interesting)

            by VJ42 (860241) *

            The way I see it, and from what I've seen through history, violent revolution is inevitable.

            Really? You the last time my country had a real violent revolution was in 1066 when we were invaded by the Normans (if that counts as a revolution), since then governments have come and gone, political parties have been founded and disbanded. Our system of government has changed from an absolute monarchy to a parliamentary democracy, we gained an empire and then lost it.

            We even tried to have a revolution, but it was more of a civil war, and despite the king getting his head cut off, we decided that a mo

        • Re: (Score:2, Insightful)

          by Bombur (544425)
          > That's why Karl Marx was either an idiot or an evil person because he recommended violence as normal standard procedure. Marx recommended nothing. He predicted it, he believed that communism was the inevitable future that would come down on the industrialized nations. But for most nations, the predicted growth of an underpaid and really exploited workforce just did not come into being, and so the socialist revolution was cancelled.
    • When I was in elementary school, second grade I think, our bus driver handed out free candy every Friday. Her name was Pat; you should track her down and put her in charge of that department when you take over the world.
  • by Mrs. Grundy (680212) on Sunday September 09, 2007 @10:26PM (#20533751) Homepage
    Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.
    • by Bonobo_Unknown (925651) on Sunday September 09, 2007 @10:28PM (#20533775)
      I predict the sudden rise of on-screen keypads, operated via the mouse.
      • by CheeseTroll (696413) on Sunday September 09, 2007 @10:39PM (#20533863)
        That may not help, depending on the sophistication of the keylogging software. Here's an interesting article I found on the subject... http://www.pcmag.com/print_article2/0,1217,a=18129 0,00.asp [pcmag.com]

        Using something like Password Safe (http://passwordsafe.sourceforge.net) on a USB key would be helpful, as it gives you the option to copy individual usernames & passwords without even viewing them.
        • Ah but the data still goes through the clipboard, which makes it fairly easy to capture and log.
          • by arth1 (260657)
            Say your password is (for simplicity) 2007

            Enter 1234567890
            Copy the entire string
            Paste it two more times
            Delete all the characters you don't need using "backspace". Click to position, never use the arrow keys.

            You now have entered 2007. All you can find from the keylogger is "1234567890" and a bunch of backspaces. Similarly, the clipboard also only contains "1234567890".

            As for screenshots, surely password forms don't echo the password in plaintext, but instead use asterisks or discs to hide it?

            Regards,
            --
            *Ar
          • by Arethan (223197)
            Yes, it can go through the clipboard, and it often does as that's the easiest way to paste text into a random text box. However, there are other methods of moving data that do not require the use of the clipboard. For instance, Win32API provides applications with the ability to pass messages directly to other windows. Since every control is a window (more or less), you can actually inject the keydown/keyup messages directly into the desired control without ever touching the OS's keyboard hooks or the clipbo
        • by DrSkwid (118965)
          Yes, go on, stick your thumb drive in, my auto-mounter copies the contents and mails it to me. You should see some of the things folk carry around with them !

      • by mlts (1038732) *
        I thought myself that on screen keyboards would be a great thing, but most modern keyloggers can take highly compressed screenshots when someone clicks the mouse, and some can do FRAPS-like video logging. To boot, a number of on-screen keyboards use the keypress stack, so the keylogger will catch the key clicked on like a normal pressed one.

        Probably the best of all worlds for guarding passwords to make sure that a logged password doesn't mean full access would be a securID like system with a keyfob that gi
        • by vtcodger (957785)
          ***For credit cards, some banks are proactive and offer one time use numbers. This should be a lot more widespread, so if a bad guy does grab a card number, all it will get him/her would be DECLINE messages.***

          I've been meaning to look into one time numbers as using credit cards on line makes me nervous. In fact, using them at all makes me nervous since a lot of corporate data bases seem not to be as secure as they should be.

          What confuses me is that getting a one time number clearly involves some sort

          • by mlts (1038732) *
            You are right. Someone can log one's bank transaction if the home machine is compromised, or if the crook is fast, use the generated one time number before the legitimate retailer can.

            What the individual, one time use, credit card numbers provide protection from are unscrupulous or poorly secured retailers rather than a user's machine with bad security.

            Some banks address the way one time numbers are distributed by sending the bank customer a scratch off card via physical mail. When the customer needs to
      • I predict that if the One Laptop Per Child project can ever get going properly, that we're going to see a huge number of them used as plug-in terminals to avoid exactly this sort of monitoring.
      • I predict the sudden rise of on-screen keypads, operated via the mouse.

        Nope, the rise of live CD's and thumb drives.
    • Re: (Score:3, Insightful)

      by ls -la (937805)

      Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.

      At least in India, the authorities have the courtesy to tell you they're logging your keys.

      • Re: (Score:3, Funny)

        by bladesjester (774793)
        At least in India, the authorities have the courtesy to tell you they're logging your keys.

        As the first thing that pops into my mind is
        "I'm in Ur computer loggin Ur keys"
        • Re: (Score:3, Funny)

          by Dunbal (464142)
          As the first thing that pops into my mind is
          "I'm in Ur computer loggin Ur keys"


                This is what happens when you visit "that other place" too often.
    • by mpe (36238)
      Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating.

      Assuming they havn't already worked out ways of communicating which are unaffected by third party evesdropping. Actually this may well have an effect on criminals, the information gathered is potentially very valuable to criminals. Most obviously identity theft and blackmail.

      The cafe owners will lose business, and innocent folk
  • This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...
    • This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...

      When I travel, I consider any cyber cafe to be monitored either by the owners or by someone who has installed a trojan as most are running Windows XP as full administrator.

      However, for other authentication mechanisms besides passwords you could always use One-Time Pads. As this article explains [onlamp.com] you can use this at least with FreeBSD (I'm sure others have this implemented as well) to login remotely, type your password in plaintext, and nobody can replay the login as the OTP has changed to the next one. Th

  • Damn...they're getting almost as bad as the FBI...
  • by ddcc (946751)
    Will it work on Linux?
    • actually, it might not, but then it does not have to.
      Without exception, Indian cyber cafes have PCs that come preloaded with windows.
      Often its cobranded with the ISP.
      Often all that is available to the user is internet explorer, Microsoft word and yahoo messenger (by that I mean, those are the only 3 icons on the Desktop - for most people, they are equivalent)

      I can imagine the Mumbai police doing some thing as hare-brained as that. It might be their attempt at fight against terror. I am hoping that people wi
  • by ChatHuant (801522) on Sunday September 09, 2007 @10:34PM (#20533819)
    Depending on the key logger's capabilities, an easy way to improve your security is to open another edit window (for example notepad) next to the password input window. Enter a character of your secret password, credit card number, etc), then, using the mouse, switch focus to the second window, type in a bunch of random characters, switch back, rinse and repeat. The logger ends with a bunch of gibberish, some of which is your key. If you do it right, extracting your secret from the resulting log will be really difficult (especially since the mouse allows you to add new characters in the middle of the already typed string, which means the characters in your secret won't even be in order).
    • by callinyouin (1138469) on Sunday September 09, 2007 @10:45PM (#20533919)
      A couple years back I messed around with a few key loggers on my computer because I wanted to see exactly how stokes were logged. What I mean is that I wanted to see if the logger just dumped the input from the keyboard character for character or if there was any formatting. Turns out all of the key loggers I tried used some kind of formatting and dumped information into the log such as which program had focus, what time it had focus, etc. So, in this case, it seems likely that one could still get personal info, credit card numbers, etc. by piecing it all together.
      • by Anonymous Coward on Sunday September 09, 2007 @11:04PM (#20534091)
        You are correct. A sample log (was acquired in real time):

        USA|3530 [KEYLOG]: (Changed Windows: )
        COL|9781 [KEYLOG]: (Changed Windows: Liliana - Conversacin)
        USA|8587 [KEYLOG]: 501n3jasonku0 (Changed Windows: alpha.vms.psc.edu - default - SSH Secure Shell)
        USA|4484 [KEYLOG]: (Changed Windows: J:\ceedo\Ceedo)
        DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
        USA|9804 [KEYLOG]: (Changed Windows: LimeWire: Enabling Open Information Sharing)
        USA|4837 [KEYLOG]: (Changed Windows: )
        USA|7417 [KEYLOG]: (Changed Windows: )
        USA|4837 [KEYLOG]: (Changed Windows: Start Menu)
        CAN|8745 [KEYLOG]: (Changed Windows: )
        GBR|5633 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
        GBR|9120 [KEYLOG]: (Changed Windows: )
        DEU|9494 [KEYLOG]: (Changed Windows: RodentMouseWnd2)
        USA|8587 [KEYLOG]: (Changed Windows: 2:alpha.vms.psc.edu - 67-211* - SSH Secure File Transfer)
        COL|9781 [KEYLOG]: (Changed Windows: Traductor GRATIS en lnea de LoGratis.com - Microsoft Inter)
        CAN|8745 [KEYLOG]: (Changed Windows: )
        BRA|6982 [KEYLOG]: (Changed Windows: Attributes)
        DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
        BRA|6982 [KEYLOG]: (Changed Windows: VectorWorks - [Proj. Simone.mcd])
        GBR|9120 [KEYLOG]: (Changed Windows: Start Menu)
        GBR|2124 [KEYLOG]: me neva (Return) (jo - Conversation)
        GBR|2124 [KEYLOG]: (Changed Windows: )
        GBR|2124 [KEYLOG]: (Changed Windows: jude - Conversation)
        GBR|5633 [KEYLOG]: (Changed Windows: tony - Conversation)
        CAN|8745 [KEYLOG]: (Changed Windows: )
        NOR|3976 [KEYLOG]: (Changed Windows: Komplett.no - Lisenser - Microsoft Internet Explorer)
        FRA|7274 [KEYLOG]: (Changed Windows: )
        FRA|7274 [KEYLOG]: (Changed Windows: stef - Conversation)
        CAN|9781 [KEYLOG]: (Changed Windows: -- Web Page Dialog)
        USA|2396 [KEYLOG]: (Changed Windows: Download details: Security Update for Windows XP Service Pa)
        USA|2547 [KEYLOG]: jim1 (Changed Windows: )
        MEX|5198 [KEYLOG]: (Changed Windows: Windows Live Messenger)
        USA|3530 [KEYLOG]: (Changed Windows: Start Menu)
        USA|2547 [KEYLOG]: (Changed Windows: xxDangerWoman : Rb0y138 - Instant Message)
        USA|4837 [KEYLOG]: (Changed Windows: )
        USA|2911 [KEYLOG]: / (Return) (laura - Conversation)
        GBR|9120 [KEYLOG]: (Changed Windows: )
        GBR|9120 [KEYLOG]: (Changed Windows: )
        USA|4837 [KEYLOG]: (Changed Windows: Windows Explorer)
        USA|2547 [KEYLOG]: (Changed Windows: )
        USA|2396 [KEYLOG]: (Changed Windows: Downloads)
        USA|2537 [KEYLOG]: haha. (Return) (jeff, Josh...Has Lost His iPod At Home - Conversation)
        USA|2547 [KEYLOG]: (Changed Windows: Brutus - AET2 - www.hoobie.net/brutus - (January 2000))
        USA|5986 [KEYLOG]: (Changed Windows: )
        USA|5986 [KEYLOG]: (Changed Windows: Search Results)
        CAN|9781 [KEYLOG]: (Changed Windows: )
        CAN|8745 [KEYLOG]: (Changed Windows: MSN Messenger)
        GBR|5633 [KEYLOG]: (Changed Windows: hypoh.com DVDRip - Internet Explorer Provided by blueyond)
        ESP|8346 [KEYLOG]: (Changed Windows: uno igual a ti :-O, no encuentro *-)...ni cagando!!! :S....)
        ESP|8346 [KEYLOG]: (Changed Windows: Alertas de NOD32 antivirus system: IMON - Proteccin para e)
        USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup)
        FRA|7274 [KEYLOG]: lol (Return) (stef - Conversation)
        NOR|3976 [KEYLOG]: (Changed Windows: )
        USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup - Installation wizard)
        USA|3008 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
        USA|3008 [KEYLOG]: (Changed Windows: ||T||R||I||C||K||Y|| (L)Leetisha(L) *OnDaMic Ent..*..It)
        USA|0852 [KEYLOG]: [CTRL][ESC] (Changed Windows: Importing to Your Buddy List)
        NOR|3976 [KEYLOG]: (Changed Windows: Kathrine - Samtale)
        ESP|2373 [KEYLOG]: si ya lo mande a la mierda (Return) (buta la huea las vakaciones kulia aora me sak la xuxa y e)
        USA|2483 [KEYLOG]: recreecipe (Return) (Search results for rcipe - Mininova - Windows Internet Expl)
        USA|300

    • by ls -la (937805)

      If you do it right, extracting your secret from the resulting log will be really difficult
      I'm not an expert on keyloggers, but I'm pretty sure any keylogger worth using notes mouse clicks and/or focus changes.
    • by DrSkwid (118965)
      I txt my home box with a 1 time password that lets me vnc into my server at home and do my work from there.

      The clipboard doesn't get exported and you're welcome to the password, it's no use now.

      You can add some port knocking style access restrictions i.e. you must request certain pages from the webserver within the last 5 mins or some such, add your IP to hosts.deny on the way out and you're done.

  • by joshv (13017) on Sunday September 09, 2007 @10:35PM (#20533829)
    After they hire all the people required to sift and parse this data, there will be no Indian programmers left for outsourcing. Bravo, keep up the good work - bureaucracy know no bounds.
    • by dodobh (65811)
      You don't need programmers to sort the data. India has enough people with just sufficient English language education to do the sorting and searching, without the need for programming that task.
      • You don't need programmers to sort the data. India has enough people with just sufficient English language education to do the sorting and searching, without the need for programming that task.

        Not to mention that programmers aren't usually the ones you want for repetitive tasks. This sounds too much luck boring stuff. Ask them to spend two years to write a program that will save one hour and then maybe you're talking ;)
  • They're [courttv.com] the [rferl.org] good [pitt.edu] guys! [nytimes.com]
  • Adds a whole new meaning to sniffing for keystrokes...

    Actually you could use some kind of olfactory sensor and at least be able to tell which keys were hit with the left and right hands...

  • by Skapare (16644) on Sunday September 09, 2007 @10:47PM (#20533941) Homepage

    ... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

    Another option where Javascript can't be used is to create a printed character array that has all the characters. Use the mouse to copy and paste characters one at a time between there and the input field.

    All this will be done through HTTPS, of course. Next come the mandatory rootkits. Then patrons bringing in their own Ubuntu or Knoppix disks.

    • by srmalloy (263556)

      ... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

      At least one government website has taken to doing this for password entry, taking the additional step of randomizing arrangement of characters on the 'keys' each time the page loads to prevent someone from sniffing the key selection. Since only the server knows which arrangement of keys is in use, knowing

    • Dunno if they do it on other countries, but here in Down Under Land INGDirect use a technique which would most likely invalidate any keylogger.
      • display on screen a randomized matrix of the digits from 0-9
      • force user to mouse-click to select the digits
      • never display the digits entered

      The only information being tracked is "in session XYZ123ABC user clicked buttons 4, 6, 1 and 9". Those buttons mean absolutely nothing outside of this particular session, and what numbers they do mean is only known to the web

  • FTA - "As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security"

    1) Are cafe computers considered public computers, because they are physically in public, or because the government owns them?
    2) Does my laptop become a public computer, if I carry it to Starbucks, thus transfering ownership to Big Brother?
    3) Who in Inida wishes they had a 4th Amendment [wikipedia.org] in writing?

  • 1) create SSL proxy gateway that uses passwordless client certs for authentication
    2) market to users of cybercafes
    3) PROFIT!

    Oh crap, they'd probably prohibit the use of USB drives, CDs, etc. Oh well.
    • (following up to my own post after more thought)

      Of course, that proxy would then need a way to 'paste' passwords into other sites as well.
    • by Dunbal (464142)
      3) PROFIT!

            Hey hang on, exactly how much do you expect to make when your market consists of "that portion of India that can't afford their own personal computer"?
  • What a wonderful government we have and how much I'm glad that they're looking out for us Mumbaian citizens. This will surely stamp out terrorism in my country, where the evil-doing bomb-plotters have been sipping lattes in conspiratorial net-enabled secrecy for far too long. Our glorious (and handsome!) leaders have finally realized that only when all of our thoughts have been properly parsed and vetted by a central governing board of censors can we truly be free. This is a wonderful day, truly.
  • Design a site like google translate that renders web pages within a web page, and have a toolbar keyboard at the top to click type in the below screen. Heck, I could use that when I talking on the phone.
  • by Anonymous Coward
    Better story to be slashdotted with lot of background research done would be http://www.newindpress.com/NewsItems.asp?ID=IEP200 70902113325&Title=Nation&rLink=0 [newindpress.com]
    Do you think a country which provides such an extreme freedom of expression can ever implement keyboard logging ?

    The keyboard story is mis-sensationalized. I am from mumbai and I can't even imagine that this kind of thing can happen anywhere in india.The statement might be from a police officer who is computer savvy in his office just to show
  • by Jessta (666101) on Monday September 10, 2007 @01:28AM (#20535015) Homepage
    If you're entering any information in to a computer at a cyber cafe that you don't want public then you are an idiot.
    You can't trust any random computer you sit down at.

  • One word solution! (Score:5, Interesting)

    by John Jamieson (890438) on Monday September 10, 2007 @01:43AM (#20535105)
    Knoppix

    Insert Knoppix in the drive and reboot the PC before you do anything. I bet it would work at most Cafe's.

    • Hardware keylogger. There's some inline in the cable and there's some keyboards with the things built in for the extra paranoid business or resourceful spook.
      • Sorry, but this sounds like software. Hardware keyloggers cannot call home -- they have to be manually retrieved. It sounds like Mumbai's deployed keylogger calls home in realtime, which is definitely a software solution and not a piece of modified hardware. Knoppix or Slax would be just fine. More importantly, at many Internet cafes, the computers are typically locked down to the point where it's not possible to reboot into a different operating system.
    • by eth1 (94901)
      Any competent admin at an internet cafe will have the cases padlocked, the BIOS passworded, and the hard drive (or NIC) as the first boot device, so a live CD won't work.
  • by schauhan (1070004) on Monday September 10, 2007 @02:21AM (#20535249)
    About 10 years ago in Bangalore a software company got a piracy operation raided by the police with a bunch of floppies being the major evidence collected. When evidence was presented in court the police had punched the floppies and filed them like paper. The pirates literally laughed their way out of court.

    These days the police in India are technology savvy and most serious crime cases are solved quickly within days. This is possible because criminals use technology like mobile phones and internet to plan and coordinate. For the most part people are thankful for all this - a few years ago it was looking like criminals were smarter than most people.

    India had a law named Prevention of Terrorism Act (POTA) that had draconian provisions and was repealed by the current government. Right now there isn't any law in India to arrest people on the basis of suspicion alone. The police need solid evidence to book people under regular laws.

  • Hoax? (Score:5, Interesting)

    by XchristX (839963) on Monday September 10, 2007 @04:51AM (#20536015)
    A preliminary google search of two sets of keywords

    http://www.google.com/search?as_q=Mumbai+Police+ke yloggers&num=10&btnG=Google+Search&as_epq=&as_oq=& as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt =any&as_dt=i&as_sitesearch=&safe=active&ie=UTF-8&o e=UTF-8 [google.com]

    http://www.google.com/search?q=Mumbai+Police+keyst roke+loggers&hl=en&lr=&safe=active&as_qdr=all&star t=10&sa=N [google.com]

    reveals no reliable mainstream media source for this allegation. The only one I could find was this article from mid-day:

    http://www.mid-day.com/news/city/2007/august/16316 5.htm [mid-day.com]

    For those who don't know, "Mid-Day" is basically Mumbai's version of the National Enquirer, rants on about conspiracy theories and local celebrity gossip, hardly a reliable source. All the blog entries about this are based on this one mid-day article.

    Of course, it could mean that I'm not searching correctly. I'd appreciate it if somebody posted any (and I mean any) information from any mainstream media outlet (and not dubious blogs). Until then, I remain skeptical and maintain that this is probably a hoax circulated by some sub-par journalist as a means to get fame, and the "Outsource victims" moaning on slashdot lapped it up swiftly, of course...

    Keep in mind that the Indian media is dangerously moonbatty and very anti-establishment (borderline third-world paranoid anarchist actually). Therefore if this actually happened then the media would pounce upon it like a pack of hungry wolves. They haven't ... yet.

    Has slashdot been trolled, again?
  • hmm... (Score:3, Funny)

    by mapkinase (958129) on Monday September 10, 2007 @05:13AM (#20536103) Homepage Journal
    I wish they did that in Nigeria.
  • Police finally get mandatory keyloggers in Mumbai's Cyber Cafes decades after the local fraudsters have had the use of such utilities.

Aren't you glad you're not getting all the government you pay for now?

Working...