System intrusion is a major issue in today's data-driven world. Discovering adversarial activities before or as they happen, through any modality, makes a system more secure. A straight forward approach to determine threat level from typing data would be to analyze the text directly. However, natural language processing is hard to implement on complex real life data, therefore we explore how far keystroke dynamics can go in terms of classifying threat levels correctly. We show that keystroke dynamics (KD) on a desktop can be used to classify the type of activity, either benign or adversarial, that a text sample originates from. We show the inefficiencies of popular temporal features for this task. With our proposed set of 14 features we achieve high accuracies (93% to 97%) and low Type 1 and Type 2 errors (3% to 8%) in classifying text samples of different sizes. We further reduce our feature set to eight using correlation analysis with marginal trade-offs in accuracy and error rates. We collected data from 102 users for benign activities and 103 users for adversarial activities recording over 1.9 million keystroke events in total. Our experiments show that a user's typing behavior can reveal the nature of the typing activity, thereby providing vital cues of a system's threat level.