For more than a year, unbeknownst to people who used Internet terminals at Kinkos stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords.
Jiang had secretly installed, in at least 14 Kinkos copy shops, software that logs individual keystrokes. He captured more than 450 user names and passwords, and used them to access and open bank accounts online. The case, which led to a guilty plea earlier this month after Jiang was caught, highlights the risks in using public Internet terminals at cybercafes, libraries, airports and other establishments. "Use common sense when using any public terminal," warned Neel Mehta, research engineer at Internet Security Systems.
Catching the culprit
Jiang was caught when, according to court records, he used one of the stolen passwords to access a computer with GoToMyPC software, which lets individuals access their own computers from elsewhere. The GoToMyPC subscriber was home at the time and suddenly saw the cursor on his computer move around and files open as if by themselves. He then saw an account being opened in his name at an online payment transfer service.
Jiang, who is awaiting sentencing, admitted installing Invisible KeyLogger Stealth software at Kinkos as early as February 14, 2001. The software is one of several keystroke loggers available for businesses and parents to monitor their employees and children. The government even installed one to build a bookmaking case against the son of jailed mob boss Nicodemo "Little Nicky" Scarfo.
News source: CNN