Spying
on someone by hacking into his webcam is disturbingly easy. Why don't more
people do it?
The
China-based cyber-spy network known as "GhostNet" is a sophisticated
group of hackers capable of logging its victims' keystrokes, stealing their
documents, capturing images from their screens—and staring creepily at them
through their webcams.
In
a report released last month, Canadian researchers concluded
that GhostNet has cracked at least 1,295 computers in 103 different countries,
specifically targeting the Dalai Lama and other Tibetan activists and
officials. Stealing documents and logging keystrokes—that I understand. You can
get all sorts of useful information reading someone's e-mail or looking at
their bank records. But peeking at them through their Web cameras? That seems
creepy even by the standards of shady cyber-spying rings. It's one thing to
read the Dalai Lama's IM conversations. It's another to actually watch him LOL.
GhostNet
might be the most prominent example yet of webcam infiltration, but it's
certainly not the first. The practice dates back to 1998, when a group of
hackers calling itself the Cult of the Dead Cow designed a piece of software
that, when downloaded onto a computer, let someone control the machine
remotely. Anything you could do sitting at your desk, they could do thousands
of miles away, from creating documents to playing MP3s to popping open the disk
drive. They dubbed the program Back Orifice—a
twist on Microsoft's BackOffice.
The authors "were not malicious guys," says Frank Heidt, CEO of
Leviathan Security. "They thought it was funny as hell."
Webcam
scams do occur, though they're far less common than other types of online
extortion. In 2004, four hackers in Spain were arrested after threatening to post candid webcam videos
online unless their victims paid up. In 2008, a Canadian man told young girls that he had nude pictures of them and
would post them on the Internet unless they posed for him again.
Governments
and businesses have adapted. For example, the Department of Defense has
regulations about where you can carry a laptop. And unlike the most advanced computer worms, this isn't a threat
that's constantly evolving to outpace security measures.
Since
Back Orifice hit the market, the basic methods of cyber-peeping haven't changed
much: Just get your target to download an e-mail attachment or click a link
that triggers an automatic download, activate the camera, then sit back and
watch. "Writing the malware is a total triviality" even for middling
programmers, Heidt says. Back Orifice is still available for download, and
beginners can find instructions on how to write their own programs with a
simple Google search. Or you can just take a college course
on how to do it.
What's
changed is the prevalence of cameras. You can't buy an Apple laptop these days
without a built-in camera. Even Sony's smallest notebook has a webcam. Sometimes they're
practically invisible: The MacBook Air's built-in camera is "so smartly
integrated, you hardly notice it's there," brags
Apple. That said, almost all laptops have a light that turns on whenever the
camera is on—a feature that hackers can't disable since it's controlled
electronically, not programmatically.
Still,
webcam espionage isn't very common. Most scammers are interested in money, and
video of someone's slack-jawed mug isn't going to yield much cash. "Most stuff you'd capture on a camera, they've already
posted on Facebook," says Kevin Haley of Symantec Security Response. *Even if you did have hundreds of
hours of video and audio capturing someone's conversations, it's a lot harder
to index and search than written information. (Some programs solve this problem
by activating the camera only if they sense movement.) If it's profit the hacker
wants, the contents of the computer are much more valuable than whatever's
happening in front of it.
If
someone hacks into a webcam, therefore, it's usually a targeted attack. Pure
creepiness is one motivation. A 15-year-old girl in Texas reported in 2004 that a hacker who took over her computer
would eject the disk drive and say things like, "I like your shirt."
Then
there's spying on people you'd like to keep an eye on, such as, say, your
spouse. One could see this being useful for private investigators, though PIs I
spoke with say they don't know of anyone hacking into webcams as part of their
work. "The technology is there for it to happen," says Charles
McLaughlin, a PI in Andover, Mass. "But in the private sector, although
there are some characters willing to break the law, most reputable PIs
don't." You might get away with it if you install the spyware own your own
computer—say, the one in the bedroom—but even that gets into shady legal
territory.
More
threatening than video is audio. By accessing a computer's microphone, you turn
the computer into a bug. It's also more clandestine than video, since the
microphone is always on and there's usually no light to tip you off when it's
recording. "The mic thing worries me a lot more," says Chris Wysopal
of the security firm Veracode. "Unless you can lip-read, [video alone]
isn't that useful."
So
how do you prevent someone from spying on you? The usual Internet hygiene
applies. Don't click the weird attachment your computer-illiterate relatives
send you, update your antivirus software regularly, and so forth. If you want
to be really cautious, the best solution is the simplest: Put a piece of
tape over the camera. It may be the laptop equivalent of the tinfoil hat, but
it's the only way to absolutely guarantee privacy. The microphone is trickier,
since you can't tape it up. You can disable it, though, by plugging a converter
or some other cord into the computer's microphone jack, which turns off the
internal mic.
But
ultimately, there's only so much you can do. Vulnerability is a fact of cyber
life: Anytime you open a portal to the outside world, it makes intrusion
possible. The problem is when we don't even know the portal exists, or are only
dimly aware of it. There's a general rule that you shouldn't write anything in
an e-mail that you wouldn't want shared with the world. Perhaps the same should
apply to dancing in your underwear while your laptop is watching. Read
More>
Don't be the next victim protect yourself now with the best webcam cover on the market C-SLIDE.
No comments:
Post a Comment