Some HP laptops users came with a preinstalled program to capture the keystrokes of users, a security researcher recently discovered.

The researcher, Michael Myng aka "ZwClose," discovered the keylogger software while trying to solve a keyboard problem for a friend. The software is turned off by default.

After Myng contacted HP about the program, it quickly released a patch to get rid of it.

"A keylogger is a very dangerous piece of software," said Lamar Bailey, director of security research and development at Tripwire.

"It is like having someone looking over your shoulder while you are typing," he told TechNewsWorld. "Keyloggers can capture passwords that can be used to access financial accounts, record personal communications or even proprietary code under development."

No Malicious Intent

Keyloggers are an important weapon in the arsenal of cyberattackers, noted Chris Morales, head of security analytics at Vectra Networks.

"They're often used in the recon phase of targeted attacks to gather user credentials and other sensitive information which can later be used to compromise user accounts," he told TechNewsWorld.

"Keyboard loggers can be very hard to spot with consumer AV," Morales added.

Once a machine is compromised, instead of using a malicious payload that possibly could be identified by security products, a smart attacker might turn on and use the built-in keyboard logger feature, explalined David Picket, a security analyst with AppRiver.

"This would help them evade traditional detection methods that security products might have otherwise detected," he told TechNewsWorld.

Production Error

As dangerous as keyloggers can be, the software in the more than 460 HP laptop models doesn't appear to have any malicious intent behind it.



Intelligence agency GCHQ has advised the UK government to ensure no Russian cybersecurity vendors are protecting Whitehall networks critical to national security.

In an update issued on Friday, National Cyber Security Centre (NCSC) CEO, Ciaran Martin, argued — as Prime Minister Theresa May did recently — that “Russia is acting against the UK’s national interest in cyberspace”.

He added:

“We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used. This will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information.”

He said this could also include departments responsible for critical infrastructure.

The news will be a blow to Moscow-headquartered Kaspersky Lab, which has been trying to clear its name after being accused in several newspapers of either working with or allowing Russian intelligence to use its products to steal sensitive info from the NSA.

Its detailed investigation of the incident in question revealed that the NSA contractor actually disabled Kaspersky Lab AV on his laptop after illegally taking his work home with him, as it had started to detect new NSA-developed malware. The firm said that backdoor malware was then installed on the machine as part of pirated software package.

The contractor in question, Vietnam-born Nghia Hoang Pho, has pleaded guilty to one count of wilful retention of national defense information, and could now face several years in jail.

However, the NCSC claimed that its current guidance — applicable solely to central government at this stage — is just a preliminary missive.

“As well as keeping this guidance under review, we are in discussions with Kaspersky Lab, by far the largest Russian player in the UK, about whether we can develop a framework that we and others can independently verify, which would give the government assurance about the security of their involvement in the wider UK market,” explained Martin. 

“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state. We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”

However, the decision is already having an impact on Kaspersky Lab’s wider business. Barclays has withdrawn its offer to customers of free software from the provider.


A member of the US National Security Agency's elite hacking team has been charged with illegally removing top secret materials, in an embarrassing breach for the crucial electronic espionage body.

The Justice Department said Friday that Nghia Hoang Pho, 67, a 10-year veteran of the NSA's Tailored Access Operations unit, which broke into computer systems, agreed to plead guilty to a single charge of removing and retaining top-secret documents from the agency.

He kept the material at his Ellicott City, Maryland home.

According to The New York Times, it was Vietnam-born Pho's computer that apparent Russian hackers accessed via his use of Kaspersky software to steal files and programs the NSA developed for its own hacking operations.

The Justice Department said Pho had taken printed and digital copies of documents and writings labelled "secret," and containing sensitive "national defense information," and stored them in his home from 2010 until he was caught in 2015.

It gave no detail on why he did that, and did not say whether Pho had revealed or lost any of the information.

Pho faces up to 10 years in prison, though could negotiate a lighter punishment.

He was the third NSA employee charged in the past two years for taking home top-secret information.

The NSA declined to respond to questions on the case.

In October The Wall Street Journal reported that Russian hackers exploited anti-virus software made by Kaspersky Lab to steal top secret materials from an unnamed NSA employee.

The Journal said the 2015 hack led to the Russians obtaining information on how the NSA itself penetrates foreign computer networks and protects itself from cyberattacks.

The incident was a key reason why the US government earlier this year announced a ban on use of Kaspersky anti-virus software on government computers, warning that the Moscow-based company has suspect links to Russian intelligence.

Kaspersky denies any ties to the Russian government, but said its own forensic investigation did show that hackers made use of its software to break into the NSA worker's home computer.

Kaspersky said what was stolen included essential source code for so-called Equation Group hacking software from the NSA.


No really, get ready. Do these security basics now, because online criminals are going to get even more aggressive next year.


After the year we've had, do you need any more convincing that your personal information is constantly being exposed to hackers?

It wasn't just the Equifax hack, which leaked 145.5 million Social Security numbers, or the WannaCry ransomware attack that locked up our computers and demanded a ransom paid in bitcoins.

Even the security software on millions of our computers became suspect when, for example, the US government banned the widely popular Kaspersky Lab software over concerns about connections to the Russian government. And experts made us question whether we can trust the invisible systems that connect our devices to the internet, like Wi-Fi.

But as scary as all this news is, I don't recommend putting your fingers in your ears and chanting "fa la la la" until the next hack (though sometimes I'm tempted to do that myself).

The good news is that even as things get worse, you can still do a lot to protect yourself from many types of cyberattacks. In fact, it's because these trends aren't likely to turn around in 2018 that you should do all of the following:

Sound like too much work? You should really carve out some time for this stuff. If you'll permit me to be Debbie Downer for a moment, our security situation is likely to get worse, not better in 2018. Here's how.

Ransomware will get sneakier, so your backups will be even more important

It's hard to imagine how ransomware could get much worse. In the WannaCry attack, hackers used NSA hacking tools that leaked into the criminal underworld, repurposing them to launch ransomware at regular computer users.