So potent, even 007 could use one

commentary Two months ago, authorities foiled a clandestine operation to steal a total of Ã,£220 million (AU$535 million) from the Sumitomo Mitsui bank in London.The UK National Hi-Tech Crime Unit began investigating the affair in October 2004 and discovered that the bank's computers contained keylogging software which provided unauthorised access to confidential data including account information and passwords.

commentary Two months ago, authorities foiled a clandestine operation to steal a total of Ã,£220 million (AU$535 million) from the Sumitomo Mitsui bank in London.

The UK National Hi-Tech Crime Unit began investigating the affair in October 2004 and discovered that the bank's computers contained keylogging software which provided unauthorised access to confidential data including account information and passwords.

The crime lab soon joined hands with its counterpart in Israel to nab its first suspect, 32-year-old Yeron Bolondi.

Bolondi was arrested in Israel for allegedly attempting to transfer Ã,£13.9 million (AU$33.8 million) into the country from a Sumitomo account.

There are numerous unconfirmed reports on how the bank's computer systems were compromised. One publication cited the possibility of intruders -- posing as cleaners -- who illegally installed keyboard-logging devices to capture keystrokes.

Such products are a common find. One provider is KeyGhost -- simply plug its keylogger into a keyboard cable and connect it to the keyboard port.

Once installed, it discreetly captures and records all keystrokes typed, including chat conversations, e-mail, word processor, or even activity within an accounting or specialist system, the company says on its Web site. The thumb-sized device has a two million keystroke capacity.

The Sumitomo incident reinforces the need for both physical and technical security, and serves as a stark reminder that people with nefarious intent have a variety of tools at their disposal.

For Internet users, the proliferation of spyware has led to heightened security alert. These malicious files or programs -- which are installed on users' PCs without their consent -- continue to infect machines despite growing awareness amongst consumers and businesses, security software maker Webroot believes.

The combination of methods used to trap surfers has also become increasingly creative. Mistyping "Google.com", unbeknownst to users, would trigger the download of destructive software on their computers.

Such veiled attacks are expected to continue unabated so companies have no choice but increase IT security budgets. Today, the standard configuration in an IT department should include antivirus, anti-spam, anti-spyware and firewall products. It's best to err on the side of caution ... technology is, after all, a double-edged sword.

Fran Foo is ZDNet Australia managing editor.