There's a guy in New York who may have gotten into your personal business. If he did, he probably looted your online bank account. Juju Jiang is now serving time after pleading guilty. But for a couple years, he bugged public computers at Kinko's with software that logged keystrokes. He used it to capture usernames and passwords. Some he used to steal money; others he sold on the Web.
He got caught in 2003 when he manipulated a victim's home computer while she was present. She watched incredulously as he methodically searched her computer. He was using GoToMyPC, which allows travelers to manipulate their computers from afar. The victim had used GoToMyPC previously from a Kinko's machine. Jiang stole her username and password.
This raised an issue that many people hadn't considered. Spying software can easily be placed on public computers, such as those not only at Kinko's stores, but also in Internet cafes, airports, libraries, and other public places.
With spying software, a criminal can grab your passwords and usernames. Ultimately, you could lose your money or have your identity stolen. That should tell you enough to be wary of public PC terminals.
Software is unobtrusive
Spies usually use software because it is invisible to the untutored eye. Hardware to do virtually the same thing also can be used, placing it between the keyboard and computer. But using it is too obvious in a public place.
The software programs, however, can unobtrusively make a record of a victim's every keystroke. The keystroke loggers can then email the collected information on a set schedule. It also can be downloaded. Other software programs take screen shots of places you go. These, too, send their collected information via email.
As I said, the spying programs are inconspicuous. Unless you know how to look for them, you'll never see them. It's a good idea to check the computer for spy software before you use it. I'll explain how to do that in a minute.
But keep in mind that there are other threats besides spy programs. Trust me, this can be worse than using a public toilet seat! Here are five things to consider when you sit down in front of a strange computer:
1. Check for spy programs
Download X-Cleaner spyware remover from Xblock.com. Put it on a floppy disk. If the public computer you use has a floppy drive, insert the disk and run X-Cleaner from the floppy to check the hard drive. You do not have to install X-Cleaner
2. Erase your tracks
When you use an Internet browser, it keeps records of where you went. When you finish surfing with Microsoft Internet Explorer, click Tools > Internet Options. On the General tab, click Delete Files and Delete Cookies. Then click Clear History.
If you're using Netscape Navigator, it's a little more complicated. Follow these steps:
3. Protect your passwords Browsers also track passwords. Before going on the Web, if you're using Internet Explorer, click Tools > Internet Options. On the Content tab, click AutoComplete. Uncheck the four boxes.
When you finish surfing, again click Tools > Internet Options. Go to the Content tab and click AutoComplete. Click Clear Forms and Clear Passwords.
If you're using Netscape, click Edit and Preferences. Click the arrow next to Privacy and Security. Click Passwords. Clear the box next to Remember Passwords. When you finish browsing, click Passwords again, under Privacy and Security. Click Manage Stored Passwords. Select the Passwords Saved tab and click Remove All.
Netscape has a feature similar to AutoComplete. It saves data entered into forms. To disable that, under Privacy and Security, click Forms. Uncheck "Save form data from Web pages when completing forms." When you finish browsing, return to the Forms page. Click Manage Stored Form Data. Click Remove All Saved Data.
Cleaning out the browser will ensure that no one can track your surfing or grab your passwords with saved data. But a keystroke-logging program will still catch your passwords.
Some - but not all - key-logging programs can be defeated if you copy and paste in the letters or numbers of your password. For instance, say the page you have open in the browser has lots of type on it. And say your password is jim (let's hope it's not that simple!). Find a "j," an "i" and an "m" on the page. Copy and paste them into the password box.
Probably the best password protection is a temporary password. Use it while you're on the road, then discard it.
4. Don't rely on encryption There are a number of encryption packages on the market. They can be used to encrypt email. However, they encrypt the mail when the Send button is clicked. That's too late if a key-logging program is on the computer. It will make a record of the password and message as it is being written.
5. Use some common sense Public computers may be secure. But you really have no way of being sure. You can secure your home or business computer, but you can't be certain of what has been done with a public machine.
Approach these machines with care. Don't do any banking or stock trading on them if you can avoid it. Avoid credit-card transactions. Use a temporary password if you must check your email. And ask your system administrator how to "expire page views."
If you're just surfing, that should not be a problem. But avoid sensitive business if you can. There might be a Juju Jiang watching.