More details are emerging about the graduate student accused of stealing 60 people’s UMICH passwords. According to legal documents, he obtained most of the passwords through a physicial keystroke logger – a device that plugs in between a keyboard and computer. He also got passwords: “by creating a bogus log-in screen that appeared to be the official U-M log-in screen, surreptitiously observing computer users while they logged in, and using a computer software program that recorded users’ keystrokes.” None of the technologies he used were particularly sophisticated.
> AANews: “Keystroke logger used to swipe user passwords”