Expert: Brian Benosky - 5/3/2009

Question
QUESTION: Hi :)

Thanks for taking the time to answer my question.  For months now, I suspected that a family member (who was given remote access one time to fix something before I stopped trusting him) has downloaded a key logger on my computer.  I took it to a computer repair guy who did find a stealth key logger program and one other key logger I can't think of the name of.  To add to my suspicion it was my family member who did it, my family member's roommate said in writing "I have a tracking device on all of my pages which includes your IP address as well as a log of every place you visited" but then both of them denied it was a keylogger claiming theirs was legal under the freedom of information act (rolling my eyes) ad only tracked HIS websites that I went to. So, I was told I had nothing to charge them with because I couldn't track it back to them.  Well, just this week, the family member said he knows when we've written emails and gave the following example (I'll use a fake name):

To:
From:
Sent: Thur 18 Sept 2008 5:04pm
Subject: then it's the subject of our email

Now, correct me if I'm dense but it seems to me that me mailing a private email to myself would not be accessible to the public somewhere. While I don't know if it's them, it doesn't look good. but from other experiences this slimeball is very good at wiggling his way out of things and because I'm no computer expert I can't say "oh no you don't...".  So ... I need to know if there's any possible way that there's a logical explanation besides a key logger program to show why he was able to get a copy of an email from me to me and sent to no one else? Is this the "smoking gun" I've been looking for to finally tie him to the key logging software found on my computer? If so, what's my next step in this? Legal recourse? Thanks for your help! :)

ANSWER: Hi Ellen

I will answer your last question first by saying that you should contact your local law enforcement to find out if they have a cyber crimes division (most of them do).  Only they could tell you if you should file a complaint and have the grounds for legal action.  Read the following article on the legality of keyloggers:
http://www.inside-logger.com/legal_keylogger.html
When you say that they said they tracked your visits to their website, that can be done without the use of keyloggers.  Web Hosts can track the IP address of visitors to their site and log that information.  Tracking cookies are commonly used to report sites visited back to the owners.  
It does, however, seem like they went too far in tracing your email messages.  There is no way that I know of for any web host to track someones emails unless they had access to that persons computer through a logging program.  
I do believe you were hacked, but it is for you and law enforcement to decide just how much you were harmed by this action.  Were any credit cards or bank accounts compromised?  Have passwords to private accounts been stolen?  Were threats made using information gained illegally?  
Traps may be able to be placed that would catch them "in the act", further strengthening your case.
If you need any further help in determining if you currently have unwanted software on your machine, just let me know.  In any case, I wish you well, and to be safe.

Brian

---------- FOLLOW-UP ----------

QUESTION: Brian,
Thank you for helping.  Can you please guide us as to what programs and cost we use to "catch" him in the act or find our source of keylogging? We have since learned that private, work related emails that were sent from me to me via a personal email may have comprimised.  Our other question is, can a keylogger read incoming emails from a nonkeylogged source?

Thank you again for your time.
Ellen

Answer
Hi Ellen

Keyloggers generally record any keyboard action and transmit that information to whoever installed it.  It's possible that your email is somehow being redirected to these people, but that is a bit more difficult to do.  
Again, your best bet is to contact law enforcement.  They may have you set a trap by putting false information out there and wait for the suspects to act on that information.  For example, they might have you send an email saying you're leaving $500 under a mattress, then see if they show up to look for it.  I'm sure the police might be a bit more sophisticated than that, but you get the meaning.
As for finding your source of keylogging, I can certainly help with that.  Please download HijackThis to your desktop from here:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Make sure you close EVERY open window and ALL browser windows. The only thing that should be open is the HijackThis program.
Double-click on the file you just downloaded.
Click on the "Install" button.
Upon install, HijackThis should open for you.
Should it not open, go to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
Choose 'Do a system scan and save a log file'.
Copy the text file which opens in Notepad and paste it in your follow-up to me.
   * Do not fix any entries in HijackThis, as they may be harmless.


Brian