City Almost Loses 450K to Keylogger

SierraPete writes "The city of Carson, California (a suburb of Los Angeles) was the target of a 6-digit theft of cash. The LA Times reports that information taken from a keylogger was used to attempt to steal $450K from the city's treasury. Quick work by the city froze most of the funds, but it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home."

Re:Physical Keylogger

[SanityInAnarchy]

There's no mention of the method used to install the keylogger onto the treasurer's computer.

Yes there is.

Armed with a spyware program, the thieves tracked Avilla's moves on her laptop and obtained bank passwords.

That is, unless they don't know what the word "spyware" means. Being reporters, they might just assume that spyware means what it sounds like -- any software used to spy on you, including something picking up keystrokes from a physical keylogger.

But then, it also seems like it would be difficult to make a physical keylogger that communicates reliably with the outside world:

Each time Treasurer Karen Avilla logged into her laptop computer in the morning, someone was looking--virtually--over her shoulder, watching every keystroke.

That sort of implies it's being done in realtime. Of course, they could always mean it was a physical keylogger, which the "hacker" then collected and dumped...

Then again, it's a laptop. If you have physical access to a laptop for long enough and with enough tools to install a physical keylogger, it's probably easier to carry the thing off and hope there's something valuable on the hard drive.