Blog: The Dangers of Keyloggers

by Miles Jolley, Associate Staff

A few college kids have recently found themselves in federal hot water for taking advantage of campus computers.  For two different but sinister ends, Matthew Weaver and Marcus Barrington used keyloggers to steal others’ online usernames and passwords.  If you’re like me, you have hopefully never encountered this technology.  Keyloggers are covert devices that can easily assist ne’er-do-wells in stealing your identity and accessing personal information.  Also, if you’re like me, you’ll be surprised at how obtainable these are and the relatively weak legal response preventing their use.  First, let’s marvel at the idiocy of these students.

Matthew Weaver was running for student council president at California State University, San Marcos in March of 2012.  Instead of kissing babies and shaking hands, he decided to steal the election.  Weaver installed keyloggers on campus computers to steal other students’ university network usernames and passwords in order to cast hundreds of votes for himself.  Once university officials got wise, they involved federal investigators.  The election ended up winning Weaver a year in jail for committing identity theft, wire fraud, and unauthorized access to a computer.[1]

Barrington was a student at Florida A&M University and similarly used keyloggers to access the school’s Registrar’s system.  Once Barrington infiltrated the system, he altered grades and other vital information.  All total, there were over 650 changes made which involved over 90 students.  Barrington wound up with 84 months in prison for various identity theft and fraud convictions.[2]

Keyloggers are computer applications that record your keystrokes.  The common criminal usage of a keylogger is for stealing online usernames and passwords that protect email accounts, online banking, you name it.  They come in both hardware and software formats and all it takes is a little internet surfing to get your hands on one.  Legitimate companies market keyloggers to IT admins and parents that want to track activity on their computers.  However, it is easy for criminals to wield this otherwise legal technology for wrongdoing.[3]

The reality is that this is a hard situation to remedy.  Nowhere in the federal code is the illegal use of a keylogger specifically mentioned.  Lawmakers attempted to pass relevant provisions in 2007 with the Securely Protect Yourself Against Cyber Trespass Act, but it died in the Senate after twice passing the House.  The law would make illegal “[c]ollecting personally identifiable information through the use of a keystroke logging function.”[4]  A clear law such as this might make technology companies think twice about to whom they sell keyloggers.  Additionally, this definitive language would let potential criminals know there will be consequences for illicit use.  However, until more is done, these devices will be used to take advantage of innocent, hard-working Americans.