When Philadelphia news anchor Alycia Lane complained to her bosses that someone was accessing her e-mail and using it to destroy her reputation, they called her “paranoid.”

When the details gleaned from those stolen e-mails became public, Lane’s company –- CBS –- was embarrassed and fired her.

Now she’s suing her former employer because a jealous co-worker and co-anchor, Larry Mendte, is suspected of stealing her messages.

The FBI’s investigated Mendte, both he and Lane are off the air and their company’s reeling from the loss of the popular on-air duo. Mendte entered a guilty plea last week in Federal Court Friday after being charged with a felony count of intentionally accessing the private e-mail accounts. (Read about his plea here.)

How’d the e-mails get stolen? With keystroke logging software.

In court, Mendte admitted that in August 2006 he purchased a keystroke logger. The U.S. Attorney’s Office says he logged on from his Chestnut Hill, PA, home, his vacation home, KYW and another location. He then leaked information, including attorney-client privileged information relating to both criminal litigation in which Lane was involved in New York and civil litigation Lane brought against KYW, to a reporter at the Philadelphia Daily News.

Who might have prevented the theft and costly fallout? A savvy IT pro could’ve detected the software on Lane’s computer and disabled it.

Both users and IT pros know about computer viruses, worms and Trojans. And there are plenty of defenses against them.

Fewer, however, are familiar with keystroke logging.

These programs are just as insidious. They can place anything a user types – log-in passwords, credit card numbers, bank PINs or other personal info – in the hands of a thief.

Sometimes, the snoops who use keystroke logging aren’t criminals at all. They’re company technicians recording the employee keystrokes for a good reason.

Keylogging can be used for finding sources of errors in computer systems. Or it can be used to study how users interact and access with systems.

It’s also sometimes used to measure employee productivity on clerical tasks.

Keylogging is also helpful to law enforcement and for espionage – for example, it can be used to access passwords or encryption keys and bypass other security measures.

Keylogging software is designed to work on the target computer’s OS. It can be kernel-based (the toughest to combat), hook-based or custom code.

Remote-access keyloggers have the added capability to transmit recorded data from the target system to a remote location using either:

• upload to a Web site or FTP account
• periodic e-mail to a pre-defined address
• wireless transmission, or
• a log-in to the local machine via the Web or ethernet.

While much nefarious keystroke logging is done with software, there’s also hardware keystroke logging.

Devices that can’t be detected by software are attached to a PC and record every key tapped. Then these devices can be removed and the data downloaded for viewing.

There are also remote-access hardware keyloggers, which can be controlled and monitored remotely.

To rid a system of an unauthorized keystroke logger, you have to find it.

Hardware loggers are easily located. Your techs or users can check the keyboard cable where it connects to the PC. If there’s a small cylinder between the end of the cable and the computer, you’ve found one.

Just remove the cylinder and reconnect the cable.

Software loggers are a bit more sinister. Chances are the user has inadvertently downloaded it from a Web site or as an e-mail attachment.

Antivirus programs can’t block loggers. They require detection software, and there are plenty of inexpensive programs around.

Check out SpyBot Search & Destroy, SpyCop, Who‘s Watching Me, or XoftSpy 3.

Tags: e-mail, employees, kestroke logging, messages, stolen