Can anyone identify this?

[2004LB7]

This is probably better suited for Reddit or another site but I dont have any account there. Maybe if one of you do you could post one for me

Anyways, I found this plugged into the back of our front desk computer that handles many of our check ins (hotel). The front desk agent was having trouble with the keyboard not responding. I followed the cable to the back and found it plugged into this device which was then plugged into the computer

Google yielded no results for the number on the outside of it

I opened it up and took a look. It appears to have a programmable Atmel chip, a 48.000 cristal osculator and some flash memory on the back. I didn't dig too much into the other chips and components

My first thought was maybe a key logger but I've never seen one in person so I have no idea.

Anyways, if anyone has any idea what this I would love to know

 

[rta1197]

I'm automatically suspicious. I've never seen or heard of something like that in line on a keyboard.

Maybe the Russians are spying on you. lol

Sent from my SM-G965U using Tapatalk

 

[PureHybrid]

+1, seems fishy. Maybe someone hoping to log a credit card or SSN input? But regardless I'd say someone did a hack job on it, if it wasn't allowing everything to work properly.

 

[rta1197]

+1, seems fishy. Maybe someone hoping to log a credit card or SSN input? But regardless I'd say someone did a hack job on it, if it wasn't allowing everything to work properly.

That's kinda what I was thinking.

Sent from my SM-G965U using Tapatalk

 

[duramaxnate]

Thats a key stroke logger. Usually those are suited for two purposes, to count key stroke , or record actual key stroke input. Usually found in data entry companies for counting key strokes as that's what they usually charge by.

Those are designed usually to only be recognized by the computer if and only if the driver is installed.

Sent from my Note 9

 

[2004LB7]

+1, seems fishy. Maybe someone hoping to log a credit card or SSN input? But regardless I'd say someone did a hack job on it, if it wasn't allowing everything to work properly.

Well it does seem to be well made. The keyboard only stopped working when the usb connector got pushed down, due to the added extra length and cramped space, and it seems, to have broke a solder joint or something. Otherwise was running for who knows how long

 

[2004LB7]

Thats a key stroke logger. Usually those are suited for two purposes, to count key stroke , or record actual key stroke input. Usually found in data entry companies for counting key strokes as that's what they usually charge by.

Those are designed usually to only be recognized by the computer if and only if the driver is installed.

Sent from my Note 9

It is technically a data entry terminal but not really for inputting large amounts of data. It is used mostly to check in guests, so CCs, names, address, etc are input. Also room status, such as dirty, clean, out of order, etc.

It is possible the "night audit" teem uses it for some other data entry but I've never been around to observe it. There is two other computers in the office that I would think would be better suited for that though

I guess if I fix the solder joint and plug it into another usb port I may be able to see it load the drivers and get some idea what it is loaded as. And see in the device manager what it is called

The computers are pretty locked down with admin rights and user policy restrictions so I may not be able to get into the device manager but I will give it a try

 

[Lethal_diesel_lb7]

This is a key stroke logger used to monitor or record what you type usually used for kids by parents put it also saves passwords card numbers ect


Sent from my iPhone using Tapatalk

 

[TheBac]

Id be alerting corporate to this. Might be someone was trying to scam CC numbers or commit identity theft.

 

[2004LB7]

Id be alerting corporate to this. Might be someone was trying to scam CC numbers or commit identity theft.

Thats what I'm planning on doing but I want to be sure before I cause a bunch of chaos. It may be nothing and if corporate starts an investigation and finds out this was there equipment, it would look a little foolish. But then again, one can't be too safe with this sort of thing so even if I am still not sure what it is after a short time I will report it bypassing all local staff/bosses

 

[TheBac]

Agreed, the Loss Prevention Dept should be alerted as soon as you can. Nice catch.

 

[snowman22]

I guess if I fix the solder joint and plug it into another usb port I may be able to see it load the drivers and get some idea what it is loaded as. And see in the device manager what it is called

The loggers I have seen in the past didn't load a driver and were completely pass through. They worked on local storage to log the key strokes and would require you to physically get the device back to retrieve the data. I'm sure there are wireless versions now, but that's clearly not one of them.

 

[2004LB7]

Checked and our other front desk computer has one installed too. Got me thinking that this is either normal or a major security issue.

I called maintenance guy at another building next door to us, same company/owner, to see if they have them too. Now I wait

I also resoldered the connections on the one I pulled out. I'm going to see if it acts like a usb drive if I type the "secret" key stroke. Found some online to try. If it does I know it is a key logger. Just need to find out if it is legit without tipping off anyone if its not

 

[2004LB7]

Its a key logger no doubt.

The instructions in this document worked for gaining access: http://keyllama.com/QuickStartUSBValue.pdf

Press and hold VMP pulled up a usb drive with a txt file containing logged key strokes. Looked to be a ton of user login/password data and a bunch of room numbers but no guest personal or financial information

 

[Rancelot211]

Any way they put it on there as a back up to keep logs? I know a few kids use to use them at our local library to save stuff incase the computer had to be rebooted.

 

[DAVe3283]

Could be an employee (or ex-employee) trying to get admin login credentials to the PC or some app, or trying to get CC data but they sucked at configuring the logger.

There is no reason the hotel management would use that. If they wanted to record keystrokes, they'd use software on the PC.

You should report it to loss prevention and/or IT. Seems like you may have been lucky with no guest information on the logger, it might not need any public disclosure. Still makes you wonder how it got there...

 

[2004LB7]

Could be an employee (or ex-employee) trying to get admin login credentials to the PC or some app, or trying to get CC data but they sucked at configuring the logger.

There is no reason the hotel management would use that. If they wanted to record keystrokes, they'd use software on the PC.

You should report it to loss prevention and/or IT. Seems like you may have been lucky with no guest information on the logger, it might not need any public disclosure. Still makes you wonder how it got there...

Agreed. If its needed a software solution would be much more suitable. Plus with this one actually has to come to the site to retrieve the information. A software version could be configured to send it to corporate automatically

It could, in theory, be used as some kind of backup. But without any time stamps its just a bunch of key strokes. No way of telling what category the information is being put into. When looking at the logger I saw long lists of rooms but no way of knowing if they where occupied, checked out, cleaned and ready, or what. Seems pretty poor as a backup. Now for retrieving login credentials that was pretty clear in it