Keylogging in the newsroom

Jenn Henrichsen | Commentary | April 2, 2015

In late February, a reporter for the German daily newspaper Die Tageszeitung (Taz) was suspected of installing a device that monitored and recorded the communications of fellow employees for more than a year.

The journalist, Sebastian Heiser, is facing possible legal action for his alleged monitoring and recording of 16 fellow employee accounts with a hardware-based keylogger found on a USB device that he had plugged in to a newsroom computer.

Heiser reportedly said upon his removal from the newsroom that he was unaware that the USB device had a keylogger program, but he has not responded to interview requests from media organizations to explain further.

So what exactly is a keylogger and should newsrooms be worried?

A keylogger is a program that records the keystrokes on a computer by monitoring a user’s input and keeping a log of the keys that are pressed. The log can be saved to a file or sent to another machine over the Internet or a network, depending on how the keylogger is installed. Keyloggers can be used for legitimate purposes, such as by law enforcement, but they are more commonly used by criminals or other attackers seeking sensitive information.

Keyloggers can be software-based or hardware-based. Software-based keyloggers are more prevalent, perhaps in part because they are easier to install. They are often connected to a larger piece of malware that can easily be downloaded by an unsuspecting journalist who may click on a malicious link via email or Twitter, or even by visiting a compromised website.

Hardware-based keyloggers aren’t as common, in part because they typically require physical access to a machine. A hardware-based keylogger can be installed through a USB flash drive or as a fake connector for the keyboard that sits between the PC and the keyboard cable, as well as during the manufacturing process at the factory.

Newsrooms and journalists should be aware of the harm keyloggers pose to their ability to keep their communications and sources safe, but should keep the greater security context in mind when evaluating the potential harm this particular threat poses. In particular, the case of Heiser is unusual in that it involves a newsroom employee allegedly utilizing the technology for seemingly nefarious purposes.

Some simple steps journalists can take to avoid keyloggers include opening attachments in the cloud whenever possible to avoid the surreptitious installation of malware with a keylogger function. Journalists should also regularly scan their computers with trusted anti-virus programs, although these vary in their effectiveness based on the sophistication of the keylogger and where it has been installed on his or her system. Journalists should also carefully consider what devices they bring with them when traveling and how best to secure those devices when they are abroad. Meanwhile, news organizations can help by providing information security training to their journalists on a regular basis. As a result of the alleged activity by Heiser, Die Tageszeitung appears to be doing just that.