No hoax here: more of a Public Service Announcement.
A new Sophos story talks about public access PCs in two public libraries in the UK (specifically, in the Manchester area) found to be compromised by hardware keyloggers. In other words, for an unknown period of time, when library customers used those PCs, every keystroke was monitored by persons unknown. (Think data theft, password stealing and so on…)
Hopefully, you’re already cautious about the sort of transaction you carry out on computers you don’t own, and/or where you can’t vouch that the security is adequate, especially in public access contexts where there’s very little control over who has access. But it’s salutary to remember that entirely respectable organizations can overlook loopholes that threaten the privacy and safety of anyone who uses their services. And this sort of device is easy to get hold of: much less effort than stuff like ATM skimmers…
Note that according to the local press, another device disappeared from the Wilmslow library before it could be confiscated, so if you’ve been using a machine there, you might want to check the safety of your accounts (even stuff like webmail access).
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow