Mandatory Keyloggers in Mumbai's Cyber Cafes

YIAAL writes "Indian journalist Amit Varma reports that Mumbai's police are requiring the city's 500 Internet cafes to install keystroke loggers, which will capture every keystroke by users and turn that information over to the government — nearly in realtime by the sound of it. Buy things online, and the underpaid Indian police will have your credit card number. 'Will these end up getting sold in a black market somewhere? Not unlikely.'"

In other words...

[Veinor]

Likely?

Fiddle the cursor

[EmbeddedJanitor]

This technology is very easily fooled anyway... so long as you know about it. Just move the cursor around a bit with your mouse as you type. For example, if your credit card is 12345678, type 18 then set the cursor between the 1 and the 8 and type 34567 then set the cursor before the 3 and type 2. It looks like you typed 18345672.

And if you're being a political rabble rouser you can type "Bush is a wally" so that it looks like "wish us a Bally".

Re:

[Anonymous Coward]

Couldn't you just design a keylogger that would also tie it into the Windows messaging system and override all of the string classes implemented in the Windows APIs? In this way you could have it also capture the applicable string when the appropriate messages were sent in the Windows messaging system. If you see a WM_OK (for example), you could then check if a CString was altered or referenced. Similar things could be done with other GUI APIs.

Re:

[faloi]

The downside is that some loggers take screen shots. You can fiddle with cursors all day long, and it won't help. What would be a really good idea is for more credit card companies to issue "single shot" numbers to people that want them. Granted, you can't very well apply for one online at the unsecure box, but it's a start.

Re:Fiddle the cursor

[speaker of the truth]

Another trick is to type in the field as well as out of the field. So you type 12167423457831642741211141853900 and they'll know you've typed too many numbers, but won't have any idea which of those numbers is your credit card number.

Re:

[InvalidError]

If you already have software to log key presses, adding onfocus and mouse click logging to assist reassembly of the correct sequences should be (or become) an obvious next step.

Re:

[speaker of the truth]

Correct. However if only 3% of people who enter in credit cards do this, then is it worth the effort?

Re:Fiddle the cursor

[QMO]

Yes, because that 3% is more likely to contain those people you most want to catch.

Don't you think that the group that works hardest to evade inspection is the group you most want to inspect?

Re:

[speaker of the truth]

It depends if you want to inspect people or are simply trying to steal credit card numbers. The submitter of this story made it sound like the police were concerned more about the latter. I don't know if this is racism or a simple fact of life in India, so I simply responded to the submitter's claims.

Re:

[jma05]

Start->Programs->Accessories->Accessibility->On-Screen Keyboard

Seriously, as an Indian - this is not Orwellian as it might appear. Just a case of some bureaucratic nut who just discovered key loggers coming up with these impractical ideas.

"Never, never blame anything on a conspiracy that can be explained by incompetence."

It's Time For A Global Revolution

[Anonymous Coward]

Am I the only one noticing how all the world's major nations are accelerating towards fascism? Perhaps we're headed towards some sort of violent global revolution, I know we here in the US are LONG overdue (what was it Jefferson said? A violent overthrow every decade is vital to the health of a nation?). I'm hoping for a world without borders and a benevolent, corruption-proof, completely transparent government. And abandoning coal and oil for nuclear power. And truly non-evil corporations. And free c

Re:

[lastninja]

Surely Jefferson did not want the government violently overthrown every ten years? Does anyone have a link for this? BTW who should pay for the candy in a your utopia?

Re:It's Time For A Global Revolution

[TheLink]

Usually when a government gets violently overthrown, what replaces it is a Dictatorship that's willing and capable of the most violence.

Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice[1]. Given that India is a democracy, they have a choice, and if you don't like the candidates, get others to stand for election then.

That's why Karl Marx was either an idiot or an evil person because he recommended violence as normal standard procedure.

[1] Even if you're already stuck in a dictatorship, sometimes it's just better to wait till the next generation takes over. See China - things actually got better and most steps after Mao's time, whereas if you had another violent revolution, you'd probably get another Mao in charge.

Violent revolutions are like playing russian roulette with 5 out of 6 bullets loaded in your revolver. You're hoping you get a benevolent dictator who'd set things up properly then peacefully and orderly hand over power to the citizens. This does happen sometimes, but never bet on it.

Would you give up 1 billion dollars if you found it in your bank account due to someone _else_ doing illegal stuff AND you know you can get away with it due to some loophole? There are a few people who'd say "sure, because it is just wrong to keep it". The Dictators you'd want are an even smaller _subset_ of those people (you need them to be competent dictators as well ;) ).

Re:

[fishbowl]

>Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice.

So the colonies should have bit the bullet and waited for the next king to come around?

Re:It's Time For A Global Revolution

[RexRhino]

So the colonies should have bit the bullet and waited for the next king to come around?

The colonies had their own governments, which for the most part had very weak ties to the central government in England (and England was several months sea voyage away). The primary government of the colonies wasn't being overthrown, the primary government of the colonies were actively participating in the overthrow of what they realized was a foreign power.

The American Revolution had some very unique circumstances that don't typically exist in most revolutions.

That isn't to say that people facing an oppressive government shouldn't overthrow the government... but most revolutions won't have the very specific advantages that the United States had in its revolution. The United States got VERY VERY VERY lucky with the circumstances of its revolution.

Re:

[Anonymous Coward]

Treason doth never prosper; what's the reason?
If it doth prosper, none dare call it treason.

Because one might add

[Sycraft-fu]

That George Washington could have been king, had he wanted. He was loved enough and had enough clout that he essentially could have done as he pleased. Had he been a power hungry man, the US republic would not have taken off as it did. Might not have gone the way of absolute dictatorship, but it sure as hell wouldn't have existed as it does. Fortunately, he was a man that really cared about the ideals of freedom and set the standard of a chief executive with limited power and a good deal of accountability. However counting on that to happen isn't a good idea. Anyone care to wager if it were a man like George Bush who had lead the colonies to victory rather than Washington? You think it all would have gone the same?

As was noted: History is full of revolutions that do not end in a nice, happy government. They usually promise that, and sometimes the revolutionaries themselves really are idealists with good intentions, but power corrupts. Have a look at Zimbabwe some time and tell me how well that revolution went.

Re:

[vtcodger]

***Anyone care to wager if it were a man like George Bush who had lead the colonies to victory rather than Washington? You think it all would have gone the same?***

In the long run, quite possibly. Canada -- which at the time of the US revolution was largely inhabited by Francophones who mistrusted George III less than they mistrusted the American colonists stayed with England and the place ended up not very different from the US.

Re:

[Sycraft-fu]

Ummmmm... Ya... The discussion here was in relation to George Washington being able to have become a king, but choosing not to do so. Had it instead been a man like Bush who was the victorious commander and who had the same option, I'm thinking things would have gone differently. This is one of those situations of "Assume the colonies won the war, but the commanding general who was tapped to be the first president was a power hungry guy." I think it probably would have worked out differently.

Also one might

Re:

[vtcodger]

***Ummmmm... Ya... The discussion here was in relation to George Washington being able to have become a king, but choosing not to do so. Had it instead been a man like Bush who was the victorious commander and who had the same option, I'm thinking things would have gone differently.***

I yield to no man in my contempt for that duplicitious dimwit George W Bush. Sure he'd become king. But I suspect that after a few years of his unending screwups (IMO we should all thank God that he is incompetent), he'd h

Re:

[15Bit]

> Anyone care to wager if it were a man like George Bush who had lead the colonies

> to victory rather than Washington? You think it all would have gone the same?

No, a man like George Bush wouldn't have led anyone to victory. The most likely course of events is that he'd lead for one battle, maybe two, and then mysteriously get shot in the back of the head by "an enemy sniper" (i.e. friendly fire). Someone like Washington would then take command. If that didn't happen, we (the English) would still

Re:

[spikedvodka]

I believe the quote you're looking for goes something like "Why would I get rid of George the third, only to become George the First?" - after being offered the position of "King"

Re:

[speaker of the truth]

For example the IRA is fighting British control

Ireland is several months voyage away from England? No? Then shut the fuck up. The only time a modern government could replicate the distance and situation of the American colonies is if we suddenly lost much of our technology (or the capability to use it) or if the people were on another planet and were self-sustaining.

Re:

[p0tat03]

The way I see it, and from what I've seen through history, violent revolution is inevitable. No government is perfectly stable, and eventually all will fall. I see revolutions as a natural part of a cycle - birth, rise, rule, and collapse of an empire/government/civilization, only to begin anew again. Some countries unfortunately are stuck in a perpetual loop of revolution, which is sad, but that being said I do not think revolutions in general are avoidable. This is not to say I *condone* violent revolutio

Re:

[TheLink]

I'm saying people should not seek or condone violent revolution when there are other options.

Death is inevitable. But that does not mean we should choose options that would reduce the average lifespans AND not improve living conditions either.

Re:

[VJ42]

The way I see it, and from what I've seen through history, violent revolution is inevitable.

Really? You the last time my country had a real violent revolution was in 1066 when we were invaded by the Normans (if that counts as a revolution), since then governments have come and gone, political parties have been founded and disbanded. Our system of government has changed from an absolute monarchy to a parliamentary democracy, we gained an empire and then lost it.

We even tried to have a revolution, but it was more of a civil war, and despite the king getting his head cut off, we decided that a mo

Re:

[Bombur]

> That's why Karl Marx was either an idiot or an evil person because he recommended violence as normal standard procedure. Marx recommended nothing. He predicted it, he believed that communism was the inevitable future that would come down on the industrialized nations. But for most nations, the predicted growth of an underpaid and really exploited workforce just did not come into being, and so the socialist revolution was cancelled.

Re:

[TheLink]

Assuming the translation is correct, Karl Marx wrote this:

"The Communists disdain to conceal their views and aims. They openly declare that their ends can be attained only by
the forcible overthrow of all existing social conditions. Let the ruling classes tremble at a Communistic revolution. The proletarians have nothing to lose but their chains. They have a world to win."

While I am indeed an idiot, I can still read and understand what "forcible overthrow" means and implies (especially given the context).
"ge

Re:

[dunkelfalke]

exactly how many democracies were there in the year 1847?
exactly. and there are only two ways to end a monarchy:

1) forcible overthrow
2) resignation of the monarch

since the second option is very unlikely...

Re:

[porcupine8]

When I was in elementary school, second grade I think, our bus driver handed out free candy every Friday. Her name was Pat; you should track her down and put her in charge of that department when you take over the world.

lets go after the innocent

[Mrs. Grundy]

Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.

Re:lets go after the innocent

[Bonobo_Unknown]

I predict the sudden rise of on-screen keypads, operated via the mouse.

Re:lets go after the innocent

[CheeseTroll]

That may not help, depending on the sophistication of the keylogging software. Here's an interesting article I found on the subject... http://www.pcmag.com/print_article2/0,1217,a=18129 0,00.asp [pcmag.com]

Using something like Password Safe (http://passwordsafe.sourceforge.net) on a USB key would be helpful, as it gives you the option to copy individual usernames & passwords without even viewing them.

Re:

[complete loony]

Ah but the data still goes through the clipboard, which makes it fairly easy to capture and log.

Re:

[arth1]

Say your password is (for simplicity) 2007

Enter 1234567890
Copy the entire string
Paste it two more times
Delete all the characters you don't need using "backspace". Click to position, never use the arrow keys.

You now have entered 2007. All you can find from the keylogger is "1234567890" and a bunch of backspaces. Similarly, the clipboard also only contains "1234567890".

As for screenshots, surely password forms don't echo the password in plaintext, but instead use asterisks or discs to hide it?

Regards,
--
*Ar

Re:

[Arethan]

Yes, it can go through the clipboard, and it often does as that's the easiest way to paste text into a random text box. However, there are other methods of moving data that do not require the use of the clipboard. For instance, Win32API provides applications with the ability to pass messages directly to other windows. Since every control is a window (more or less), you can actually inject the keydown/keyup messages directly into the desired control without ever touching the OS's keyboard hooks or the clipbo

Re:

[DrSkwid]

Yes, go on, stick your thumb drive in, my auto-mounter copies the contents and mails it to me. You should see some of the things folk carry around with them !

Re:

[Rakishi]

Not really that hard just more complicated/specialized, just take a screen shot around each mouse click location (or of the whole screen during a mouse click). Trivial if they do this only for specific websites (ie: only do this type of logging when you are on such a website).

Re:

[DMUTPeregrine]

Yes. OR the simlper method: capture the output of the screen-keyboard program instead of the input. The data has to be understood by the computer at some point, and at that point you can capture it.

Re:

[mlts]

I thought myself that on screen keyboards would be a great thing, but most modern keyloggers can take highly compressed screenshots when someone clicks the mouse, and some can do FRAPS-like video logging. To boot, a number of on-screen keyboards use the keypress stack, so the keylogger will catch the key clicked on like a normal pressed one.

Probably the best of all worlds for guarding passwords to make sure that a logged password doesn't mean full access would be a securID like system with a keyfob that gi

Re:

[vtcodger]

***For credit cards, some banks are proactive and offer one time use numbers. This should be a lot more widespread, so if a bad guy does grab a card number, all it will get him/her would be DECLINE messages.***

I've been meaning to look into one time numbers as using credit cards on line makes me nervous. In fact, using them at all makes me nervous since a lot of corporate data bases seem not to be as secure as they should be.

What confuses me is that getting a one time number clearly involves some sort

Re:

[mlts]

You are right. Someone can log one's bank transaction if the home machine is compromised, or if the crook is fast, use the generated one time number before the legitimate retailer can.

What the individual, one time use, credit card numbers provide protection from are unscrupulous or poorly secured retailers rather than a user's machine with bad security.

Some banks address the way one time numbers are distributed by sending the bank customer a scratch off card via physical mail. When the customer needs to

Re:

[Antique Geekmeister]

I predict that if the One Laptop Per Child project can ever get going properly, that we're going to see a huge number of them used as plug-in terminals to avoid exactly this sort of monitoring.

Re:

[Technician]

I predict the sudden rise of on-screen keypads, operated via the mouse.

Nope, the rise of live CD's and thumb drives.

Re:

[ls -la]

Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.

At least in India, the authorities have the courtesy to tell you they're logging your keys.

Re:

[bladesjester]

At least in India, the authorities have the courtesy to tell you they're logging your keys.

As the first thing that pops into my mind is
"I'm in Ur computer loggin Ur keys"

Re:

[Dunbal]

As the first thing that pops into my mind is
"I'm in Ur computer loggin Ur keys"

      This is what happens when you visit "that other place" too often.

Re:

[mpe]

Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating.

Assuming they havn't already worked out ways of communicating which are unaffected by third party evesdropping. Actually this may well have an effect on criminals, the information gathered is potentially very valuable to criminals. Most obviously identity theft and blackmail.

The cafe owners will lose business, and innocent folk

good thing

[tedshultz]

This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...

Re:

[nacturation]

This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...

When I travel, I consider any cyber cafe to be monitored either by the owners or by someone who has installed a trojan as most are running Windows XP as full administrator.

However, for other authentication mechanisms besides passwords you could always use One-Time Pads. As this article explains [onlamp.com] you can use this at least with FreeBSD (I'm sure others have this implemented as well) to login remotely, type your password in plaintext, and nobody can replay the login as the OTP has changed to the next one. Th

Just like home

[davmoo]

Damn...they're getting almost as bad as the FBI...

The issue comes up again...

[ddcc]

Will it work on Linux?

Re:

[indraneil]

actually, it might not, but then it does not have to.
Without exception, Indian cyber cafes have PCs that come preloaded with windows.
Often its cobranded with the ISP.
Often all that is available to the user is internet explorer, Microsoft word and yahoo messenger (by that I mean, those are the only 3 icons on the Desktop - for most people, they are equivalent)

I can imagine the Mumbai police doing some thing as hare-brained as that. It might be their attempt at fight against terror. I am hoping that people wi

Working around key loggers

[ChatHuant]

Depending on the key logger's capabilities, an easy way to improve your security is to open another edit window (for example notepad) next to the password input window. Enter a character of your secret password, credit card number, etc), then, using the mouse, switch focus to the second window, type in a bunch of random characters, switch back, rinse and repeat. The logger ends with a bunch of gibberish, some of which is your key. If you do it right, extracting your secret from the resulting log will be really difficult (especially since the mouse allows you to add new characters in the middle of the already typed string, which means the characters in your secret won't even be in order).

Re:Working around key loggers

[callinyouin]

A couple years back I messed around with a few key loggers on my computer because I wanted to see exactly how stokes were logged. What I mean is that I wanted to see if the logger just dumped the input from the keyboard character for character or if there was any formatting. Turns out all of the key loggers I tried used some kind of formatting and dumped information into the log such as which program had focus, what time it had focus, etc. So, in this case, it seems likely that one could still get personal info, credit card numbers, etc. by piecing it all together.

Re:Working around key loggers

[Anonymous Coward]

You are correct. A sample log (was acquired in real time):

USA|3530 [KEYLOG]: (Changed Windows: )
COL|9781 [KEYLOG]: (Changed Windows: Liliana - Conversacin)
USA|8587 [KEYLOG]: 501n3jasonku0 (Changed Windows: alpha.vms.psc.edu - default - SSH Secure Shell)
USA|4484 [KEYLOG]: (Changed Windows: J:\ceedo\Ceedo)
DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
USA|9804 [KEYLOG]: (Changed Windows: LimeWire: Enabling Open Information Sharing)
USA|4837 [KEYLOG]: (Changed Windows: )
USA|7417 [KEYLOG]: (Changed Windows: )
USA|4837 [KEYLOG]: (Changed Windows: Start Menu)
CAN|8745 [KEYLOG]: (Changed Windows: )
GBR|5633 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
GBR|9120 [KEYLOG]: (Changed Windows: )
DEU|9494 [KEYLOG]: (Changed Windows: RodentMouseWnd2)
USA|8587 [KEYLOG]: (Changed Windows: 2:alpha.vms.psc.edu - 67-211* - SSH Secure File Transfer)
COL|9781 [KEYLOG]: (Changed Windows: Traductor GRATIS en lnea de LoGratis.com - Microsoft Inter)
CAN|8745 [KEYLOG]: (Changed Windows: )
BRA|6982 [KEYLOG]: (Changed Windows: Attributes)
DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
BRA|6982 [KEYLOG]: (Changed Windows: VectorWorks - [Proj. Simone.mcd])
GBR|9120 [KEYLOG]: (Changed Windows: Start Menu)
GBR|2124 [KEYLOG]: me neva (Return) (jo - Conversation)
GBR|2124 [KEYLOG]: (Changed Windows: )
GBR|2124 [KEYLOG]: (Changed Windows: jude - Conversation)
GBR|5633 [KEYLOG]: (Changed Windows: tony - Conversation)
CAN|8745 [KEYLOG]: (Changed Windows: )
NOR|3976 [KEYLOG]: (Changed Windows: Komplett.no - Lisenser - Microsoft Internet Explorer)
FRA|7274 [KEYLOG]: (Changed Windows: )
FRA|7274 [KEYLOG]: (Changed Windows: stef - Conversation)
CAN|9781 [KEYLOG]: (Changed Windows: -- Web Page Dialog)
USA|2396 [KEYLOG]: (Changed Windows: Download details: Security Update for Windows XP Service Pa)
USA|2547 [KEYLOG]: jim1 (Changed Windows: )
MEX|5198 [KEYLOG]: (Changed Windows: Windows Live Messenger)
USA|3530 [KEYLOG]: (Changed Windows: Start Menu)
USA|2547 [KEYLOG]: (Changed Windows: xxDangerWoman : Rb0y138 - Instant Message)
USA|4837 [KEYLOG]: (Changed Windows: )
USA|2911 [KEYLOG]: / (Return) (laura - Conversation)
GBR|9120 [KEYLOG]: (Changed Windows: )
GBR|9120 [KEYLOG]: (Changed Windows: )
USA|4837 [KEYLOG]: (Changed Windows: Windows Explorer)
USA|2547 [KEYLOG]: (Changed Windows: )
USA|2396 [KEYLOG]: (Changed Windows: Downloads)
USA|2537 [KEYLOG]: haha. (Return) (jeff, Josh...Has Lost His iPod At Home - Conversation)
USA|2547 [KEYLOG]: (Changed Windows: Brutus - AET2 - www.hoobie.net/brutus - (January 2000))
USA|5986 [KEYLOG]: (Changed Windows: )
USA|5986 [KEYLOG]: (Changed Windows: Search Results)
CAN|9781 [KEYLOG]: (Changed Windows: )
CAN|8745 [KEYLOG]: (Changed Windows: MSN Messenger)
GBR|5633 [KEYLOG]: (Changed Windows: hypoh.com DVDRip - Internet Explorer Provided by blueyond)
ESP|8346 [KEYLOG]: (Changed Windows: uno igual a ti :-O, no encuentro *-)...ni cagando!!! :S....)
ESP|8346 [KEYLOG]: (Changed Windows: Alertas de NOD32 antivirus system: IMON - Proteccin para e)
USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup)
FRA|7274 [KEYLOG]: lol (Return) (stef - Conversation)
NOR|3976 [KEYLOG]: (Changed Windows: )
USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup - Installation wizard)
USA|3008 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
USA|3008 [KEYLOG]: (Changed Windows: ||T||R||I||C||K||Y|| (L)Leetisha(L) *OnDaMic Ent..*..It)
USA|0852 [KEYLOG]: [CTRL][ESC] (Changed Windows: Importing to Your Buddy List)
NOR|3976 [KEYLOG]: (Changed Windows: Kathrine - Samtale)
ESP|2373 [KEYLOG]: si ya lo mande a la mierda (Return) (buta la huea las vakaciones kulia aora me sak la xuxa y e)
USA|2483 [KEYLOG]: recreecipe (Return) (Search results for rcipe - Mininova - Windows Internet Expl)
USA|300

Re:

[CyberSlugGump]

Or unless clipboard copy and paste actions are logged....

Re:

[dkf]

Or unless clipboard copy and paste actions are logged....

You'd still need to log all mouse activity and stuff like that, and pasting things over other things would make it trickier still. Without that sort of info, you still can't capture a password (or even a scrambled version of a password).

Mind you, I for one am totally unsurprised by this. But then I've never entrusted a password to a machine that I didn't control, and for that matter I don't trust the network in cybercafes either. Paranoia is good policy (despite not having a tinfoil hat...)

Re:

[ls -la]

If you do it right, extracting your secret from the resulting log will be really difficult

I'm not an expert on keyloggers, but I'm pretty sure any keylogger worth using notes mouse clicks and/or focus changes.

Re:

[DrSkwid]

I txt my home box with a 1 time password that lets me vnc into my server at home and do my work from there.

The clipboard doesn't get exported and you're welcome to the password, it's no use now.

You can add some port knocking style access restrictions i.e. you must request certain pages from the webserver within the last 5 mins or some such, add your IP to hosts.deny on the way out and you're done.

Re:

[Deanalator]

Um, the Indian government doesn't care about your credit card numbers and passwords (which is easy enough to pull out of post data, as any decent password harvesting trojan will do). They want forum posts and emails, and anyone who wants to spend that much time (copying and pasting etc) in public doing sketchy shit is going to get caught pretty quick.

The goal is to make fraud slightly harder, so they can put a stop to the people who steal money just as a hobby (which is easy to do in areas like that).

Anywa

Re:

[arth1]

The goal is to make fraud slightly harder, so they can put a stop to the people who steal money just as a hobby (which is easy to do in areas like that).

As opposed to people who steal money for a living?

Re:

[Deanalator]

Yes, there are people who steal money for a living. I call those people criminals. There are also people who steal money to supplement their income, just because it's so easy to do in areas like that.

Excellent news!

[joshv]

After they hire all the people required to sift and parse this data, there will be no Indian programmers left for outsourcing. Bravo, keep up the good work - bureaucracy know no bounds.

Re:

[dodobh]

You don't need programmers to sort the data. India has enough people with just sufficient English language education to do the sorting and searching, without the need for programming that task.

Re:

[Midnight Thunder]

You don't need programmers to sort the data. India has enough people with just sufficient English language education to do the sorting and searching, without the need for programming that task.

Not to mention that programmers aren't usually the ones you want for repetitive tasks. This sounds too much luck boring stuff. Ask them to spend two years to write a program that will save one hour and then maybe you're talking ;)

Why not trust the government?

[timeOday]

They're [courttv.com] the [rferl.org] good [pitt.edu] guys! [nytimes.com]

sniffing for keystrokes?

[myowntrueself]

Adds a whole new meaning to sniffing for keystrokes...

Actually you could use some kind of olfactory sensor and at least be able to tell which keys were hit with the left and right hands...

I'll expect to see ...

[Skapare]

... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

Another option where Javascript can't be used is to create a printed character array that has all the characters. Use the mouse to copy and paste characters one at a time between there and the input field.

All this will be done through HTTPS, of course. Next come the mandatory rootkits. Then patrons bringing in their own Ubuntu or Knoppix disks.

Re:

[srmalloy]

... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

At least one government website has taken to doing this for password entry, taking the additional step of randomizing arrangement of characters on the 'keys' each time the page loads to prevent someone from sniffing the key selection. Since only the server knows which arrangement of keys is in use, knowing

Re:

[Crypto Gnome]

Dunno if they do it on other countries, but here in Down Under Land INGDirect use a technique which would most likely invalidate any keylogger.

• display on screen a randomized matrix of the digits from 0-9
• force user to mouse-click to select the digits
• never display the digits entered

The only information being tracked is "in session XYZ123ABC user clicked buttons 4, 6, 1 and 9". Those buttons mean absolutely nothing outside of this particular session, and what numbers they do mean is only known to the web

Personal Computer or Public Computer

[Nymz]

FTA - "As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security"

1) Are cafe computers considered public computers, because they are physically in public, or because the government owns them?
2) Does my laptop become a public computer, if I carry it to Starbucks, thus transfering ownership to Big Brother?
3) Who in Inida wishes they had a 4th Amendment [wikipedia.org] in writing?

Re:

[caffeinemessiah]

3) Who in Inida wishes they had a 4th Amendment in writing?

Who in America wishes they had a 4th Amendment in practice?

Re:

[rossifer]

Me. *sigh*

Opportunity

[SCHecklerX]

1) create SSL proxy gateway that uses passwordless client certs for authentication
2) market to users of cybercafes
3) PROFIT!

Oh crap, they'd probably prohibit the use of USB drives, CDs, etc. Oh well.

Re:

[SCHecklerX]

(following up to my own post after more thought)

Of course, that proxy would then need a way to 'paste' passwords into other sites as well.

Re:

[Dunbal]

3) PROFIT!

      Hey hang on, exactly how much do you expect to make when your market consists of "that portion of India that can't afford their own personal computer"?

As a Mumbaian national, let me be fhe first to say

[Junior J. Junior III]

What a wonderful government we have and how much I'm glad that they're looking out for us Mumbaian citizens. This will surely stamp out terrorism in my country, where the evil-doing bomb-plotters have been sipping lattes in conspiratorial net-enabled secrecy for far too long. Our glorious (and handsome!) leaders have finally realized that only when all of our thoughts have been properly parsed and vetted by a central governing board of censors can we truly be free. This is a wonderful day, truly.

Easy to get around

[GrEp]

Design a site like google translate that renders web pages within a web page, and have a toolbar keyboard at the top to click type in the below screen. Heck, I could use that when I talking on the phone.

It never happened.!! look at freedom of expression

[Anonymous Coward]

Better story to be slashdotted with lot of background research done would be http://www.newindpress.com/NewsItems.asp?ID=IEP200 70902113325&Title=Nation&rLink=0 [newindpress.com]
Do you think a country which provides such an extreme freedom of expression can ever implement keyboard logging ?

The keyboard story is mis-sensationalized. I am from mumbai and I can't even imagine that this kind of thing can happen anywhere in india.The statement might be from a police officer who is computer savvy in his office just to show

what is the problem?

[Jessta]

If you're entering any information in to a computer at a cyber cafe that you don't want public then you are an idiot.
You can't trust any random computer you sit down at.

One word solution!

[John Jamieson]

Knoppix

Insert Knoppix in the drive and reboot the PC before you do anything. I bet it would work at most Cafe's.

Two word problem!

[dbIII]

Hardware keylogger. There's some inline in the cable and there's some keyboards with the things built in for the extra paranoid business or resourceful spook.

Re:

[MostAwesomeDude]

Sorry, but this sounds like software. Hardware keyloggers cannot call home -- they have to be manually retrieved. It sounds like Mumbai's deployed keylogger calls home in realtime, which is definitely a software solution and not a piece of modified hardware. Knoppix or Slax would be just fine. More importantly, at many Internet cafes, the computers are typically locked down to the point where it's not possible to reboot into a different operating system.

Re:

[eth1]

Any competent admin at an internet cafe will have the cases padlocked, the BIOS passworded, and the hard drive (or NIC) as the first boot device, so a live CD won't work.

Indian Police are getting smarter

[schauhan]

About 10 years ago in Bangalore a software company got a piracy operation raided by the police with a bunch of floppies being the major evidence collected. When evidence was presented in court the police had punched the floppies and filed them like paper. The pirates literally laughed their way out of court.

These days the police in India are technology savvy and most serious crime cases are solved quickly within days. This is possible because criminals use technology like mobile phones and internet to plan and coordinate. For the most part people are thankful for all this - a few years ago it was looking like criminals were smarter than most people.

India had a law named Prevention of Terrorism Act (POTA) that had draconian provisions and was repealed by the current government. Right now there isn't any law in India to arrest people on the basis of suspicion alone. The police need solid evidence to book people under regular laws.

Hoax?

[XchristX]

A preliminary google search of two sets of keywords

http://www.google.com/search?as_q=Mumbai+Police+ke yloggers&num=10&btnG=Google+Search&as_epq=&as_oq=& as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt =any&as_dt=i&as_sitesearch=&safe=active&ie=UTF-8&o e=UTF-8 [google.com]

http://www.google.com/search?q=Mumbai+Police+keyst roke+loggers&hl=en&lr=&safe=active&as_qdr=all&star t=10&sa=N [google.com]

reveals no reliable mainstream media source for this allegation. The only one I could find was this article from mid-day:

http://www.mid-day.com/news/city/2007/august/16316 5.htm [mid-day.com]

For those who don't know, "Mid-Day" is basically Mumbai's version of the National Enquirer, rants on about conspiracy theories and local celebrity gossip, hardly a reliable source. All the blog entries about this are based on this one mid-day article.

Of course, it could mean that I'm not searching correctly. I'd appreciate it if somebody posted any (and I mean any) information from any mainstream media outlet (and not dubious blogs). Until then, I remain skeptical and maintain that this is probably a hoax circulated by some sub-par journalist as a means to get fame, and the "Outsource victims" moaning on slashdot lapped it up swiftly, of course...

Keep in mind that the Indian media is dangerously moonbatty and very anti-establishment (borderline third-world paranoid anarchist actually). Therefore if this actually happened then the media would pounce upon it like a pack of hungry wolves. They haven't ... yet.

Has slashdot been trolled, again?

Re:

[XchristX]

Sorry. Still not buying it. The IE article says nothing about keystroke loggers. It talks about unsafe email attachments. and trojan horse/keystroke loggers, a wholly different topic. This looks more like a hoax now than ever.

hmm...

[mapkinase]

I wish they did that in Nigeria.

corrected headline ..

[rs232]

Police finally get mandatory keyloggers in Mumbai's Cyber Cafes decades after the local fraudsters have had the use of such utilities.

Re:To those that buy online on a public computer..

[happyemoticon]

Many people in what we call "developing nations" do not have personal computers, and use computers in cyber cafes instead. This includes even computer-savvy people. Still a bad idea to buy online, in my opinion, but it transfers the onus of privacy from a cafe owner who you look in the face to some guy in an office somewhere. And as CounterStrike has taught us, it's a lot easier to be a fuckwad to people you can't see or hear.

Re:

[Fred_A]

At least in CS you could shoot them. I suppose that with government officials this is not an option to consider. Although with enough work, you could sort of get them "kicked" and "banned".

Re:

[spikedvodka]

false security there... the keylogger (from what I understand) is on the computer, not on the 'net connection... so all of your keystrokes are getting logged.

having a proxy like that is great for avoiding filters/sniffers, but won't do diddly against a keylogger (either HW or SW).

Damn Liberal whiners

[Anonymous Coward]

You damn liberals just don't get it: we are fighing a War on Terra, and need EVERY tool available to us. You don't need privacy if you have nothing to hide.

It's the duty of every good conservative to have blind faith in government. Government derives it's power from the wealthy, and as every good conservative knows, God tells us the wealthy are better people (that's why they have money). So if you are against the government... ANY government (especially a good conservative dictatorship), you are just a terrorist.

Re:Damn Liberal whiners

[Fred_A]

Hmmm.
I find your ideas interesting and would like to subscribe to your newslet... wait, scratch that, I'll just watch TV.

Re:

[Dunbal]

I keep meaning to respond without RTFA-ing (R-ingTFA?) so I can lower my blood pressure at least a couple of hundred diastolic points, but I just can't make myself do it.

      I'm sorry sir, you're just not slashdot material. Not reading the articles is somewhat more than formality. It's REQUIRED. Please leave and come back when you forget how to read.

Re:

[porcupine8]

Except that in India, as in many other developing countries, a large portion of the population only has internet access via the internet cafes. They don't even have computers at home, let alone broadband connections. Internet cafes may be rare in the US, but in many countries you'll find three on every street corner, they're cheap to use and always busy.

Re:

[vtcodger]

***The government and the jews ...***

If I understand you guys correctly, the gubmint and the jews (what happened to the freemasons?) already have stolen all our money. Why would they care about our credit card numbers?

Re:

[speaker of the truth]

No, but then again many Americans would be just as stupid as circumcision is hardly limited to the jewish people.

Re:

[XchristX]

Blooming nonsense. The naturally naive outpourings of a self-hating Indian as usual:

The Indian Constitution protects the Fundamental rights of people far more zealously than the US does. Freedom of Speech is certainly important. However, in a developing country with large volume of poor and exploitable people, the fundamental rights that the Constitution of India does guarantee ie:

1.Right to equality
2.Right to freedom
3.Right against exploitation
4.Right to freedom of religion
5.Cultural and educational rights