The dirty secrets of webcam-hacking peeping toms and sextortionists

Virtually every computer sold today comes with a dirty little secret.

It can spy on you.

What’s more, if hackers can infect your computer with malware they can hijack your webcam and secretly watch you too – regardless of whether they’re based down the street or on the other side of the world.

In some cases, if they’re really crafty, hackers can even spy on you without the LED on your webcam lighting up.

Notable victims of webcam hacking include Cassidy Wolf, an American model who was crowned Miss Teen USA in 2013. In her case, Wolf was spied upon by one of her former classmates – Jared James Abrahams – who had installed the Blackshades RAT malware on her laptop in order to covertly take naked photographs of the beauty queen.

Abrahams sent Wolf an anonymous email, threatening to post the intimate photographs of her on social media websites, unless she agreed to send additional photos to him or (eww…) strip for him during a Skype video chat.

Here’s a video of Cassidy Wolf being interviewed about the hack on CNN last year:

Wolf did the right thing. She didn’t give in to the extortionist’s demands, she told her parents what was happening, and contacted the police so they could investigate.

Fortunately, Abrahams was caught, and received an 18 month prison sentence for his crimes against Wolf and other victims.

But it’s not an isolated problem. In May last year, the European Union’s Judicial Cooperation Unit, announced it had arrested almost 100 people worldwide, in an operation targeting the developers and users of Blackshades, a kit of malware tools sold online for just $40.

Amongst those arrested was Swedish hacker Alex Yücel, the co-creator of the Blackshades Remote Access Tool (RAT), which provides an easy way for perverts to remotely commandeer the webcams of unsuspecting parties and snoop upon their activities.

Yücel was clearly doing quite nicely by selling software that helped hack people’s webcams and access their computer files, being able to hire several paid administrators, including a director of marketing, customer service staff, and a director of marketing.

Between September 2010 and April 2014, Blackshades had generated sales of more than $350,000.

You can do your maths yourself to determine just how many people must have been buying the malicious software, and had within their power the ability to hack into stranger’s computers and spy upon them.

Yücel pleaded guilty earlier this year to distributing malware,

Although arrests have been made in relation to the Blackshades RAT malware, there are plenty of other tools and trojan horses in existence which can help strangers snoop upon you.

So what can you do to prevent webcam hackers?

Well, you could follow the example of delegates at the recent Infiltrate conference held at a swanky hotel in the city of Miami Beach.

According to press reports, the Fountainebleau hotel offers guests the use of an Apple Mac computer in every room.

So what do Infiltrate’s security-conscious delegates do when they get into their room and see the Mac (including built-in webcam)?

Why, they turn it around, unplug it, and put a towel over the monitor for good luck!

Hotel Mac

That approach may be a little extreme for some of us on our own computers, but when you use a PC or Mac in an environment where it is likely to have been used by strangers, you should certainly be aware that you cannot have much confidence regarding whether the device has already been compromised by malware.

When it comes to your personal computer – be it Mac or PC – make sure that you are always running the latest anti-virus and other security software, have kept your software patches updated, and be alert about opening unsolicited email attachments and clicking on potentially dangerous links.

Also, if you have internet-accessible cameras elsewhere in your house – such as baby monitors or CCTV – be aware that many such devices are sold with default or weak passwords that are child’s play for hackers to crack. Make sure to configure with unique, hard-to-guess passwords just as you would for, say, your bank account.

In addition, it should go without saying that you should also update your webcam’s firmware regularly to protect against newly discovered security holes and vulnerabilities.

Furthermore, although it can be circumvented in some cases, keep a keen eye out for the webcam’s LED lighting up unexpectedly as it may imply unauthorised access by an application – perhaps being controlled remotely by a hacker or peeping tom.

Finally – cover it and unplug it. If you can, disconnect the webcam if you only use it infrequently but at the very least put a Post-It note over the lens so you can choose when you want to be “on camera” and when not.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.