Can ISPs use keyloggers to get passwords, etc?

[Wanna B Ageek]

Is it possible for an Internet Service Provider to log keystrokes of its customers?

It would probably be unlikely that an ISP company would sanction such an action as a company policy, I imagine. But regardless, could a "bad guy" who works at an ISP implement such a technology (unknown to his ISP employer), then sell to other "bad guys" the log-in names, security questions, and passwords that he records?

Would appreciate any light shed on this subject.

Wanna B Ageek

[jholland1964]

I would assume if some guy you don't know in Hong Kong can get your passwords then yes a guy at your ISP could get them too.

[cauzomb]

Anyone at anytime can possibly get your passwords just by plugging the computer into the internet without virus protection/firewall... They can even get past these protections because all of the new software has backdoors built in ever since the patriot act. even new supposedly "secure" routers have had their firmware inspected and traces of "backdoors" have been documented... And yes those people that may or may not work for the ISP's do know what the back doors are and they use them every day as part of their job...

Now if you could prove that it was your isp without any reasonable doubt, or "plausible deniability" like some hackers, or virus did it, or someone suggested to you a link for something that you "wanted" and so you go to the link and WHAMMO you are infected with a virus and keylogger.... If you could prove it was your ISP, you'd have a case that you could take straight to federal court... But it's too bad that the current administration fired all the federal judges that would have stood up for your constitutional rights to privacy in these matters... And not to mention the presidents fast tracking into law an indemnity clause for the big companies such as your ISP so that they are unable to be held responsible in court "this means they don't have to pay you damages" For circumventing the requirement of a warant by the federal courts for the "badguy" to "wiretap" your computer system.. etc.

[Wanna B Ageek]

I would assume if some guy you don't know in Hong Kong can get your passwords then yes a guy at your ISP could get them too.

Thx, jholland1964 . . .

First of all, thank you for your past help to me in my previous tech problems. Also I gain much insight when you have helped many others besides me.

RE: your response to my question: Well, I guess you are right.

However, I think there definitely would be a difference in the supervison between some guy in Hong Kong and a guy who wants to hold on to his job at an ISP in the USA. The USA has laws against such activity, but many other countries do not.

In fact, I think China, in particular, tacitly encourages it.

But I get your meaning. Hong Kong, Belarus, Czech Republic, Iran, Indonesia, my own ISP . . . take your pick, I guess.

On the other hand, when dealing with the WWW I have many protective shields in place -- including many behavioral shields (avoiding certain sites, not clicking on every "free" offer etc.), whereas my ISP has more of an "open door" to me and my computer(s).

Thanks for your response. I guess it was maybe a dumb question in the first place.

Wanna B Ageek

[Wanna B Ageek]

Thx for your reply. I read it seconds after posting my reply to jholland1964.

I had no idea that the Patriot Act provided for back doors like you said. If the provision for back doors prevents another WTC attack, I am OK with it. However, if it provides for a transfer of money from my bank account to the account of some "black hat" in Detroit who has no terrorist intention, it misses the mark, IMHO.

I guess the message to me is: "If ya wanna be on the Internet, ya just take all reasonable precautions, and hope for the best." In the USA, there is SOME reason to trust others, even our government (pick your decade or political party).

In many other countries there is less to fall back on -- no pertinent legislation, different (or non-existent) judicial system, etc. Plus many other countries regard any American as an enemy. My own government (USA) is at least supposed to be on my side, whereas others are sworn enemies who have already killed many of my countrymen.

My ISP is based in the USA and is a major corporation. I don't feel that they are interested in my passwords. However, I wanted to get some insight from folks more knowledgeable than I am about this.

I am getting that knowledge. Thanks. I appreciate it.

Wanna B Ageek

[cauzomb]

All I can say is, they will do whatever you let them do..

[jholland1964]

Wanna B Ageek. thanks for the compliment. You are right...I picked Hong Kong out of the air so to speak. And it was NOT a dumb question, no question is dumb.
The key to it all for me is your sentence in your last post

If ya wanna be on the Internet, ya just take all reasonable precautions,

and it absolutely knocks me over when each week we still have folks post here with a problem who do not even have the barest level of protection on their computer and then are stunned when their computer becomes infected. It is SO EASY to provide protection for your computer and 100% of it is available FREE. We all know that no matter what is done to add protection to your house, your car, your computer can be 100% foolproof but why make it easy for somebody to break in?

[Wanna B Ageek]

Thanx for the response, jholland . . .

I have not been on this forum that much, but I can tell from the dialog that I have read that many confuser (er...computer) users have really NO CLUE about the dangers of surfing the web, Instant Messaging, sharing files P2P (Peer to Peer), etc.

Luckily, I have no real interest in swapping music with others, or Instant Messaging, etc. So my security requirements are pretty basic:

That is:
Keep Microsoft Updates current. Do not use Outlook Express or Internet Explorer -- I use Firefox and Thunderbird (but there are other good choices I understand). Disable the Widows Services that you don't need (but which can allow vulnerabilities into your system). Use a good firewall. Employ a battery of good anti-spyware software. . . . And keep all of the above updated every week or so.

By "good battery of anti-spyware software" I mean, for example:

Spybot Search & Destroy
Lavasoft's Ad Aware
SpywareGuard
SpywareBlaster
AVG Anti-Spyware (from Grisoft)
AVG Anti-Rootkit Free (from Grisoft)
Microsoft Windows Defender

All of the above are FREE.

And, while I use the $70 Zone Alarm Internet Security Suite, there is the very good Zone Alarm FREE firewall, which is better than the Windows firewall that is part of Windows XP.

I have other software running that I have paid for in addition to the above. However, other good FREEware is CCleaner, CleanUp!, MRU Blaster, which I use also.

Hope this is helpful to anyone needing such information. Thx, again, jholland, for your responses. IANAG is a great forum. and it delivers a lot of great information.

Wanna B Ageek

[knight0334]

As is was mentioned above - yeah, your ISP could if they really wanted to.

A packet sniffer can be used to capture the encrypted passwords, then they would need to be decrypted - which could take .00001 seconds or 30 years, who knows..

A keylogger would have to reside on your machine for them to snag your password that way - which you'd have to be a complete moron to not know one is on there because just about every mal-ware detection program catches them. If you aren't running one, you had better be pretty good at knowing any/all programs that run on your machine whether in the fore or background.

The key thing to know about ISP's is, they dont give a flying F what your password is to where. And the type of people they hire are generally of the better nature. The odds are you'll get hit by a bus then struck by two bolts of lightning 2 minutes later well before some malicious person is hired and can actually capture your password(s).

[jholland1964]

I have other software running that I have paid for in addition to the above

Looks like you have all pretty well covered, however, must caution you...having TOO many running in the background can also open you up to invasion also. The reason being many of them will conflict with each other and spend too much time fighting each other rather than fighting malware etc.
We generally recommend the formula of running no more than 2 of these anti-malware programs in the background, along with of course your anti-virus program, your firewall. Just use the rest for weekly scanning is what is generally recommended.
SpywareBlaster of course does NOT run in the background anyway so that is not counted in the two.

You are correct, sharing files P2P is very dangerous. Many of the most infected computers we have dealt with here have been the result of this practice...honestly we have turned folks down also because this is just not something we condone. There is no guarantee using P2P file sharing that the person sharing files is not violating piracy laws and we will not enable this in any way, shape or form.
It always amazes me that people are willing to download a program to their computer from a person they don't know and no knowledge where the file came from in the first place but do it because it is free. I sort of liken it to eating a cheeseburger that has been mailed to your house, in plain brown paper, without a return address and not knowing who sent it to you but eating it anyway because it "looks like" a Big Mac and it is free...nobody in his/her right mind would even consider doing that because of the very likely risk of food poisoning but they will take a file from an unknown and load it onto their computer and take the risk of poisoning their computer because it was free! Most things worth owning aren't free.

knight0334
The key thing to know about ISP's is, they dont give a flying F what your password is to where. And the type of people they hire are generally of the better nature.

I agree. The ISP has THEIR business and reputation to protect also. If some snake happens to gain employment with them it wouldn't take long for that person to be caught in the act anyway.