Excerpts from an
unsettling story at GQ:
Amy, a 20-year-old brunette at the University of California at Irvine,
was on her laptop when she got an IM from a random guy nicknamed
mistahxxxrightme, asking her for webcam sex. Out of the blue, like that.
Amy told the guy off, but he IM'd again, saying he knew all about her,
and to prove it he started describing her dorm room, the color of her
walls, the pattern on her sheets, the pictures on her walls. "You have a
pink vibrator," he said. It was like Amy'd slipped into a stalker
movie. Then he sent her an image file. Amy watched in horror as the
picture materialized on the screen: a shot of her in that very room,
naked on the bed, having webcam sex with James...
Amy decided to call the cops herself. But the instant she phoned the
dispatcher, a message chimed on her screen. It was from the hacker. "I
know you just called the police," he wrote. She panicked. How could he
possibly know?..
The campus police were in no position to handle a case like this.
Whoever devised the malware—a sophisticated program capable of dodging
antivirus software—clearly had a leg up on university cops. The task of
hunting him down fell to agents Tanith Rogers and Jeff Kirkpatrick of
the FBI's cyber program in Los Angeles...
Hackers had been accessing cameras here and there for a while. But
Mijangos started thinking big: He decided to weaponize them on an
unprecedented scale... As soon as she opened the file, Mijangos was in—he had access to her
every file, every photo, and could even keep a log of every keystroke,
which meant every password. But that wasn't all. Mijangos hit a few
buttons, then watched in awe as his screen filled with an image taken by
her webcam...
He says it didn't take long for word to get out that he was the go-to
guy for anyone looking to spy on a girlfriend or wife. For $150, he'd
infect the target's computer, then send his clients links so they could
snoop themselves. Mijangos knew a few of his clients were "just
perverts" spying on some unsuspecting stranger, but their money was just
as good...
You can read
the rest of the story at GQ. BTW, your webcam light is off? Good. Now read this:
It's a good thing the FBI discovered the scam when they did, too.
Mijangos told me that he'd figured out how to turn off a camera's LED,
cloaking himself completely.
Consider covering the lens with a Post-It note...
Use black duck tape or similar; Post-It notes are opaque and fall off easily.
ReplyDeleteOr don't have a webcam. I think he'll have trouble trying to see into my room..
ReplyDeleteNot an option if your computer has one pre-installed.
DeleteMy cam came with a lens cap that stays on all the time when not in use.
ReplyDeleteI'm less concerned about anyone watching me through the webcam than I am about this bit: "[H]e had access to her every file, every photo, and could even keep a log of every keystroke, which meant every password."
ReplyDeleteI have been told (not sure if it's true) that one way to bypass a keylogger is to copy/paste your passwords, rather than typing them in. They can even be copied from an incorrect version (if you'd rather store that) and then after pasting change the 3s to 9s or whatever.
DeleteBut don't take my word on that.
Plus, if someone has access to all my files, that means the file with the passwords, too.
DeleteI personally put a bandaid over the webcam lens on my laptop after I watched a Discovery Channel show about evading surveillance.
Right, but if you're going to store them on your computer, you can store incorrect versions, with the conversion kept only in your mind (or in your bank safe deposit box for your heirs).
DeleteFor example, if your real password to the National Butterfly Association is NBA3yrs#3dh, then store it as NBA9yrs#9dh, with the understanding that any password of yours containing a 9 actually uses a 3.
If the attacker had access to a keylogger on your machine - and nothing more - then copy/pasting passwords might be effective. In reality, if an attacker has enough access to your computer to install a keylogger, they have enough access to do everything else, which includes reading your password file and watching you edit them. It's roughly the equivalent of having a fake front door on your warehouse and counting on that to protect you when the thief is already inside the building.
DeleteGenerally speaking, security by obscurity is a bad idea. It's much more effective just to keep your machine patched and use a good antivirus to avoid being hacked in the first place. Tape over the camera isn't a bad idea either. If you want more security than that, learn to use linux. :-D
having just discovered that some website security systems do not allow cut and paste passwords, I think it would be minimally effective.
DeleteThese days, it's probably safer just to write your passwords in cursive with a pen and paper and leave them on your desk.
This is why the webcams on the notebooks at school are locked off in the BIOS.
ReplyDeleteBandaid. --a.
ReplyDeleteNo pity from me mate.What the hell are you doing banging with the camera there? Too much dilapetated morals going on in the world. Have some COMMON decency.
ReplyDeleteAnd that is why the webcam light should be done in hardware, not in software. (And for what it is worth, I deliberately choose a laptop without a camera.)
ReplyDeleteI keep a piece of tape over mine
ReplyDeleteEasy solution: CLOSE THE LAPTOP.
ReplyDeleteThe hacking...? My guess is the government does this all the time. Nothing on a computer is truly private.
It's ever-so-slightly hyperbolic to state that the government (of the U.S.A. anyway) is actively snooping on every laptop user, but there is a grain of truth in your statement - I recall reading something a procedural doc at cryptome.org (or similar) detailing the requirement that machines with built-in webcams have the webcams physically removed.
DeleteI keep a post it flag over my camera lens. It'll let a tiny bit of light through, but you can see anything. I checked. :) I should really install a better firewall, though.
ReplyDelete