LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   How to detect keylogger etc (http://www.linuxquestions.org/questions/slackware-14/how-to-detect-keylogger-etc-884504/)

Var 06-04-2011 09:47 AM

How to detect keylogger etc
 
Hello,

In my job, I have to deal with a fairly psychopathic and untrustworthy person who is unfortunately the company's computer security expert, who is also an admitted hacker. I recently installed Slackware to prevent him from spying on my basic activities, deleting my windows and moving my mouse pointer, as he did when I had Windows on my PC. However I now need to make sure he isn't going to do the same with my Slackware installation. Other than reinstalling Slackware periodically, what can I do to detect spyware like a keylogger, or to detect that he has rootkitted commonly used parts of the distro to provide a backdoor etc?

BTW I've never considered encrypted a hard drive but now that I'm dealing with this idiot I would be open to that.

Thanks.

Alien Bob 06-04-2011 10:05 AM

If he is deleting your windows and moving your mouse pointer without your consent, he is harrassing you at work and you can report him to his superiors for that. I am slightly amazed that you have not yet done so.

A "company security expert"? Sounds more like a 15 year old.

If you do not give him root access to your Slackware computer it will be hard for him to hack into it. If he has physical access to your computer (when you are out of the office) then it will be a lot easier for him to install rootkits and keyloggers. In that case, encrypt your hard drive. You may want to put the unencrypted /boot partition on an external USB stick or else he may find ways around the encryption by adding spyware to the initrd.

Eric

H_TeXMeX_H 06-04-2011 10:06 AM

It is difficult if he has physical access to the machine, so yes encrypting the drive would be a very good idea to prevent a keylogger in the first place. I would also use a BIOS or boot password to prevent him from messing things up there, or booting other disks.

If you can't do that, you can use rkhunter, chkrootkit, and clamav to detect rootkits, viruses, malware, etc ... assuming he doesn't mess with them.

Personally, I would catch him on video and report him to the authorities, because this is not legal.

the3dfxdude 06-04-2011 10:29 AM

Also install a pad lock on your machine in addition to everything else.

Var 06-04-2011 10:31 AM

Quote:

Originally Posted by Alien Bob (Post 4376115)
If he is deleting your windows and moving your mouse pointer without your consent, he is harrassing you at work and you can report him to his superiors for that. I am slightly amazed that you have not yet done so.

Oh, I've already complained about him for other reasons. He is a macho homophobe tough-guy type from Eastern Europe. My supervisors, who are immigrants to the US from the same country, acted like nothing was wrong and then made a point of showing me what good friends they are with him. This is a guy who has been physically intimidating toward me beginning in the 1st week of work but he is a glad-hander so everyone likes him.

Quote:

A "company security expert"? Sounds more like a 15 year old.
He's in his 20's. I told him he's stuck in adolescence and he eagerly agreed.

H_TeXMeX_H 06-04-2011 10:35 AM

I know what you mean, and I might even know what country it is ... but I won't say.

Var 06-04-2011 10:37 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 4376126)
I know what you mean, and I might even know what country it is ... but I won't say.

It's near the Balkans. But their macho types haven't massacred anyone lately.

H_TeXMeX_H 06-04-2011 11:02 AM

Also, watch out for these things, just in case:
http://en.wikipedia.org/wiki/Hardware_keylogger

Alien Bob 06-04-2011 11:16 AM

Quote:

Originally Posted by Var (Post 4376125)
Oh, I've already complained about him for other reasons. He is a macho homophobe tough-guy type from Eastern Europe. My supervisors, who are immigrants to the US from the same country, acted like nothing was wrong and then made a point of showing me what good friends they are with him. This is a guy who has been physically intimidating toward me beginning in the 1st week of work but he is a glad-hander so everyone likes him

If you're in the US, then nothing can stop you from going over their heads and file a harrassment claim with the local authorities. Especially if your superiors are "in the same bed" with that guy so to speak.

Eric

the3dfxdude 06-04-2011 11:18 AM

After reading that wiki page, H_TeXMeX_H suggested, it might be better to take your keyboard and mouse with you.

Edit: Just to be clear, the reason why I say this is that it would be way too easy to disassemble those and install the keylogger on the inside.

H_TeXMeX_H 06-04-2011 11:27 AM

If he was a former hacker (or is one now) it very hard to cover all possibilities if he has physical access. It might be worth it to go over their heads like mentioned before.

If you can't here's a list of what I would do:

Encrypt HDD.
Put BIOS password, and boot ONLY from HDD.
Use strong passwords for all your passwords.
Check for hardware keylogger BEFORE booting (will steal all your passwords).
Don't use anything wireless, especially keyboard (can be hacked).
Have a case with a lock on it (I do).
NEVER leave your computer running with you away from it, ALWAYS do a cold shutdown before leaving it out of your sight.
Install and use a firewall, rkhunter, chkrootkit, clamav, etc.

dugan 06-04-2011 11:40 AM

If the guy had remote access software on your Windows machine and kept interfering with your work, then he had created a hostile work environment and you should have started looking for another job. If your response was to switch operating systems and he didn't notice or care, then your company's security expert was an incompetent idiot and you should have started looking for another job.

H_TeXMeX_H 06-04-2011 11:49 AM

Quote:

Originally Posted by dugan (Post 4376160)
If the guy had remote access software on your Windows machine and kept interfering with your work, then he had created a hostile work environment and you should have started looking for another job. If your response was to switch operating systems and he didn't notice or care, then your company's security expert was an incompetent idiot and you should have started looking for another job.

Yeah, but remember that jobs are harder to find now.

dugan 06-04-2011 12:08 PM

Quote:

Originally Posted by H_TeXMeX_H (Post 4376164)
Yeah, but remember that jobs are harder to find now.

Which is why he should start looking immediately.

Var 06-04-2011 12:18 PM

Quote:

Originally Posted by dugan (Post 4376160)
If your response was to switch operating systems and he didn't notice or care, then your company's security expert was an incompetent idiot and you should have started looking for another job.

He noticed immediately. He began looking over the cubicle divider to see what I was doing the moment that I shut Windows down. When I rebooted from the Slackware64 install DVD he became even more interested, but didn't say anything. Since then he has done a lot of a-hem coughing when I'm around. But I agree, I'd have to be crazy to not be looking for a new job.


All times are GMT -5. The time now is 09:24 PM.