NOVEMBER 7: Surfing the Internet from a cyber cafe could well be one of the fastest and surest ways of losing one's password and privacy. Computers in several cyber cafes in the city have secretly installed a hacking technique called keylogging that slyly records everything that has been keyed in by the user, including the hidden passwords.Eighteen-year-old Amit Bhavnani was one such victim of keylogging. ``Since my personal computer (PC) crashed, I had to visit a cyber cafe in Bandra to check my e-mail and chat with my online friends,'' recalls Bhavnani, a student of Mithibai College. However, he was shocked to discover that not only was his e-mail hacked the very next day, somebody had also adopted his online identity to chat with his cyber-girlfriend! ``It's amazing how a hacker can get access to my personal e-mails and even impersonate me on the Net. Only then did I realise that a keylogger at the cyber cafe had got hold of all the data I had entered in that PC,'' says Bhavnani.``Though there is noway I can prove that the cafe had installed keylogging, it is a fact that most places use it to know what users are surfing through and gain access to their passwords,'' he stated.Another victim of keylogging, 16-year-old Ruchit Shah, added: ``The best way of knowing if a computer hardware has been keylogged is to check for the file 97x in the directory of windows Though this technique is relatively old in advanced countries, it is fast catching up in India.''The Director of IT firm, DirectI Web Services, Divyank Turakhia, added: ``I have told all my business associates not to access sensitive information such as online bank accounts in cyber cafes primarily because of keylogging. In fact, it takes very little to install it in the computer, but is impossible to detect it with any anti-virus.''Just two years ago, there were barely 20,000 Net users in the city and a clutch of expensive cyber cafes. But with the slash in prices, the number of users has leapt to 100,000. And there are at least250-300 cyber cafes in the city.The Operations Head of Videsh Sanchar Nigam Limited (VSNL), Amitabh Kumar acknowledged the presence of keylogging. ``It is always a risk to use a PC but in the absence of any concrete cyber laws it is very difficult to book hackers,'' said Kumar. Keyloggers in cyber cafes does not fall under VSNL's purview, he added. ``They can only be pulled up once Parliament passes pending cyber bills,'' stated Kumar.However, none of the cyber cafe proprietors admit to using keylogging, and many said they were not even aware of it. ``Surfing at a cyber cafe is like wearing your heart in your sleeve as there is little privacy there. But it is not just the cyber cafes as any one on the Net is not safe; viruses can also be sent to your home computer via e-mail,'' explained the head of Bandra's SuperComp Cyber Cafe, Mahendra Mamnani. He was aware of keylogging, but said he had not installed it in his machines. However, Internet professional Vijay Mukhi felt that keylogging is essential incyber cafes. ``Suppose somebody sends a threatening e-mail to a person from a cyber cafe, which is eventually traced by VSNL. The police are bound to nab the cyber cafe owner unless he proves with keylogging that the letter was not his,'' reasoned Mukhi.Key to hacking accountsKeyloggers record every key that anybody has ever pressed from the time they log on; this means that hackers have access to information such as every site that you have visited, every email or document you have typed, every little chat you had on the Net and the password.Keyloggers invisibly log computer activity to a file, providing a clear picture of your PC's use. It records all keystrokes as well as times, dates, and all window and dialog titles. One type of keylogger hides the log files in a secret directory, the other actually emails the file to any person as soon as your computer is connected to the Internet. Keyloggers can be either directly or indirectly installed on machines. In the direct method, theperson installing the keylogger could be the victim's hardware engineer or an employee of the company or any other such person who has direct access to the machine. Or `trojans' could be sent to the victim which will give the hacker complete access to uploading and running files on the victim's PC.
