The IT Law Wiki


A key logger (also called keyloggers, keystroke loggers and keylogging software) is

(1) software that captures and "logs" every keystroke typed on a particular keyboard, (2) advertising applications that track users' web browsing and (3) programs that hijack users' system settings. All typed information thus can be obtained by another party even if the author modifies or deletes what was written, or if the characters do not appear on the monitor (such as when entering a password).
[a] program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.[1]
[s]oftware or hardware that tracks keystrokes and keyboard events, usually surreptitiously/secretly, to monitor actions by the user of an information system.[2]


The standard features of a key logger include:

Some also have special features, such as:

Legitimate uses[]

There are legitimate uses for such programs; they create work-in-progress back-ups that can be useful in the event of power failure or accidental deletions. They can be used to keep track of chat room conversations. They also provide the absent computer owner a level of security, allowing the owner to see if others are using the computer without their knowledge.

Illegal uses[]

Keyloggers may collect credentials for a wide variety of sites. Keyloggers are often packaged to monitor the user’s location, and to transmit only credentials associated with particular sites back to the attacker. Often, hundreds of sites are targeted, including financial institutions, information portals, and corporate VPNs. Various secondary damage can be caused after a keylogger compromise. In one real-world example, a credit reporting agency was targeted by a keylogger spread via pornography spam.

Hackers can use keylogging software to silently collect keystrokes from unsuspecting victims whose use of online chat rooms and instant messaging programs may makes them vulnerable. Some of the more commonly targeted data includes:

It has been noted by experts that the popularity of keystroke loggers that log each keystroke has decreased significantly over the last few years. Currently, the most popular malware data-capture technique is to intercept the submitted data stream before it is transmitted by the web browser. For a criminal, the benefits of this approach are many: cleaner data (you don't see mis-typed keys in the data, or data from other applications), the use of a simple "virtual keyboard" requiring mouse-clicks is defeated, data can be identified on a semantic level for each targeted institution (e.g. the user name and password can be identified at the client end) and closer ties to the web browsing application. Often, the definition of "keystroke logger" is expanded to include this technique, though it is sometimes classified as spyware.

Some keylogging software require the attacker to retrieve the data from the system, whereas other loggers actively transfer the data to another system through e-mail, file transfer, or other means. Examples of keylogging software are KeySnatch, Spyster, and KeyLogger Pro.

Use in criminal cases[]

The existence of keylogging software was publicly highlighted in 2001 when the FBI, with a search warrant, installed such software on a suspect’s computer, allowing them to obtain his password for an encryption program he used, and thereby evidence.[3] Some privacy advocates argued that wiretapping authority should have been obtained, but the judge, after reviewing classified information about how the software works, ruled in favor of the FBI.

Press reports also indicate that the FBI is developing a Magic Lantern program that performs a similar task, but can be installed on a subject's computer remotely by surreptitiously including it in an e-mail message, for example.


  1. NIST Special Publication 800-82, at B-4.
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. See United States v. Scarfo, 180 F.Supp.2d 572 (D.N.J. 2001) (full-text).


See also[]