Carson City robbed by key loggers
The illegal transfer of almost US$450k out of the municipal funds of Carson City Nevada, using credentials stolen by keystroke logging, was thwarted last week only after US$45k had been lost. Apparently the thieves targeted the personal computer of municipal Treasurer Karen Avilla, and thereby obtained critical passwords which they used to divert funds by electronic transfer.
This is a high profile example of a growing problem that threatens to erode public confidence in internet banking. There are numerous recent examples of malware and social engineering techniques for introducing key loggers onto victims' computers. Research by Google demonstrates steady growth in prevalence, and identifies a number of common vectors. But all of these have a single proximal cause: users running active content from untrusted sources. Until the general level of security awareness improves, users will continue to browse indiscriminately with default security and to fall for increasingly well-presented enticing spoof "offers". This is as much a problem of education as of technologies, but one that has so far proved intractable.