In addition to computer, network and corporate surveillance, there is also a method of continuously monitoring a device’s activity and stored data by installing an actual surveillance program. Such programs, frequently referred to as keyloggers, have the ability to record keystrokes and search the contents of any hard drive for suspicious or valuable information, can monitor the computer’s activity and can collect usernames, passwords and other private details.
The keylogging software/malware can either store the collected information locally on a hard drive or it can transmit it over the internet to a remote hosting computer or web server.
Remote installation is the most common way of installing malicious software onto a computer. When a computer becomes infected with a virus (Trojan) the malicious software can easily spread to all computers in the same network, thus subjecting multiple people to constant monitoring and surveillance.
Notorious viruses such as “CryptoLocker”, “Storm Worm” and others infected millions of computers and were able to leave digital "backdoors" open which could be accessed remotely, thus allowing the infiltrating entity to install additional software and execute commands.
However, lawless individuals are not the only ones creating viruses and trojans, sometimes such software can be developed by government agencies in order to fulfil highly nuanced and difficult tasks.
Software like CIPAV (Computer and Internet Protocol Address Verifier), which is a data-gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance, or Magic Lantern, which is keystroke logging software again developed by the FBI, are programs designed to monitor and catch outlaws and criminals off guard by gaining leverage on their physical location and online activity.
The U.S. government is also actively working on malware detection systems due to unanticipated disasters, like the rise and fall of “Stuxnet” which is a computer virus developed by the CIA that was originally aimed at Iran’s nuclear weapons with the purpose of neutralizing them but has now mutated and its original code is being used by unknown entities to create newer viruses in order to attack electrical grids and power infrastructure.
A list of “Stuxnet” successors includes:
- Duqu (2011). Based on Stuxnet code, Duqu was designed to log keystrokes and mine data from industrial facilities, presumably to launch a later attack.
- Flame (2012). Flame, like Stuxnet, traveled via USB stick. Flame was sophisticated spyware that recorded Skype conversations, logged keystrokes, and gathered screenshots, among other activities. It targeted government and educational organizations and some private individuals mostly in Iran and other Middle Eastern countries.
- Havex (2013). The intention of Havex was to gather information from energy, aviation, defense, and pharmaceutical companies, among others. Havex malware targeted mainly U.S., European, and Canadian organizations.
- Industroyer (2016). This targeted power facilities. It’s credited with causing a power outage in the Ukraine in December 2016.
- Triton (2017). This targeted the safety systems of a petrochemical plant in the Middle East, raising concerns about the malware maker’s intent to cause physical injury to workers.
- Unknown (2018). An unnamed virus with similar characteristics of Stuxnet reportedly struck unspecified network infrastructure in Iran in October 2018.
Currently, the U.S. government is working on a 2019 malware detection project known as “MalSee” which aims to use vision, hearing, and other innovative features to quickly and unmistakably detect malware.