Developers installing key logging software

Associate
Joined
3 Aug 2004
Posts
1,614
Location
Bendigo, Australia.
I potentially have a problem that I hope the you can help with.

After being let down by numerous developers, I was delighted when I eventually found one who could not only speak English correctly but who's work was top notch and we worked together on several projects with no issues.

However, a few weeks ago we had a weird conversation where he warned me that he was being watched closely by colleagues and that if his standard of English and level of skill suddenly deteriorated, that it might be because it was no longer him at the other end.

He explained that some development houses had the dubious reputation of installing key logging software on the machines of their coders in order to extract client details and then approach the clients directly, leaving out the developer.....or something like that.

I'm not clear on the exact process or the hows and whys but to cut a long story short, within days of this odd conversation/revelation, my developer's language skills did seem a little different and I have since been struggling with numerous minor issues which would previously never exist. These little issues of not following a design exactly, not aligning elements correctly, incorrect spacing and such, were the the constant bug bear with previous developers and something we discussed and overcame from the outset but have now crept into his work.

So given the noticeable change, I am wondering whether this is indeed the guy I was working with. Either way, it just doesn't feel right, I don't want to take the risk and will employ another developer.

My question is, how do I check my sites for malicious software such as key loggers and the like? I want to be sure that if my suspicions are correct, that there is no unauthorised access to these accounts or the server.
 
Right, not a lot of that adds up. Lets break this mother down.

However, a few weeks ago we had a weird conversation where he warned me that he was being watched closely by colleagues and that if his standard of English and level of skill suddenly deteriorated, that it might be because it was no longer him at the other end.

He explained that some development houses had the dubious reputation of installing key logging software on the machines of their coders in order to extract client details and then approach the clients directly, leaving out the developer.....or something like that.
Struggling with this bit, so he works for a development house. But then, the development house doesnt know about its own clients? So the dev house installs key logging software to discover its own clients from its coders? It just doesnt make sense. Even for whatever reason this is true, what stops your good contact from using some sort of IM from a home computer to remain in touch?

I'm not clear on the exact process or the hows and whys but to cut a long story short, within days of this odd conversation/revelation, my developer's language skills did seem a little different and I have since been struggling with numerous minor issues which would previously never exist. These little issues of not following a design exactly, not aligning elements correctly, incorrect spacing and such, were the the constant bug bear with previous developers and something we discussed and overcame from the outset but have now crept into his work.
So your new contact point has kept all of the same details? Taken on the persona if you will? I would have organised another channel of communication for the good developer prior to him going AWOL. If he has.

So given the noticeable change, I am wondering whether this is indeed the guy I was working with. Either way, it just doesn't feel right, I don't want to take the risk and will employ another developer.

My question is, how do I check my sites for malicious software such as key loggers and the like? I want to be sure that if my suspicions are correct, that there is no unauthorised access to these accounts or the server.
I doubt there would be anything put into your software. It would be a serious offence to include anything of that sort. The key logger was on your good developers machine, not in the software he was developing for you. Unfortunately you are at the mercy of third parties, but if you are worried and its software you can share, you could get someone here to look through it, or get your next developer to look through it.
 
It seems more reasonable that the developer has probably been put on to another project and you have been left with a lesser qualified programmer within the same company, either this or they have out-sourced your work to save money.

If anything is on your website (I doubt there will be) then the next programmer will most certainly pick it up. A quick search of the code for email/website/IP addresses would be first port of call just in case they could be relaying client info, but i seriously doubt it.

In all fairness, it sounds like a very tall tale as an excuse to give you somebody less qualified within the same developer house, in my opinion.
 
Look through the code? If you are having software built for you and someone has decided to a) take the risk of putting key logging in somewhere and b) write it in bespoke, you arnt going to find it with some easy to use tool.

What makes you think you have a key logger in your software?
 
Thanks...but how do I actually sweep the sites?

If you aren't a developer, you don't bother. Hire someone (preferably a reliable, recommended freelance developer who you can actually meet) and make it their first task to run through your code and look for anything suspicious. If you really think it's remotely likely they'll find anything, that is.
 
In all fairness, it sounds like a very tall tale as an excuse to give you somebody less qualified within the same developer house, in my opinion.

This!

They got a well spoken person to make the deal and then passed it one to the guys that sit the dark rooms with no windows.
 
Back
Top Bottom