This subject was once considered paranoia, though events have proven that it is possible to spy on a user by hijacking a webcam. Of course, if there is hardware attached to an operating system, theoretically it’s possible for a hacker to takeover this kit and use it for their own malicious purposes. You may wonder, Why would anyone want to do that? Well, read on (but first, go to the closet and get a sock to put over your webcam!).
For a while, kids-who-want-to-be-hackers (or ‘script-kiddies’) have been using easily acquired tools to command the cameras of people – often those of people they know, for a prank. This is unseemly voyeurism, and may not be fully understood by a teenager, though it becomes more than this when images or video are uploaded to dubious ‘sites, or used to blackmail a person. Webcams can be very entertaining, and very useful in both teaching and learning; though if you have children, read this and have a long think about how to keep them safe on-line – and when you think they are off-line.
How a Webcam is Hacked
Webcam hacking employs a remote access tool (or RAT). This is usually delivered in an infected file, these are commonly deployed on peer-to-peer networks. Technically, this malware is a trojan and can be hidden in a file such as a song or picture and once installed on a system gives the hacker a great deal of control – including covert use of webcams. These RATs are also used for key-logging for such tasks as hacking bank credentials. In some advanced variants, the malware stays undercover by whitelisting itself (registering the program as trusted – so avoiding some AV scans). The warnings more than ten years ago about this was possible were largely ignored. In the intervening years, many cases have proven this to be a serious problem.
Here are a few highlights of webcam-spying evolution:
1998 – Cult of the Dead Cow (cDc) hacktivists released the Back Orifice RAT that was fundamental to spyware/malware development – their stated aim was to demonstrate Windows vulnerabilities;
2004 – Operation Tic-Tac in Spain led to the arrest the following January of the author a highly sophisticated RAT who hacked hundreds of PCs, stealing passwords and filming victims;
2009 – A U.S student discovered that his school-provided laptop was taking covert photos of him. An investigation discovered more than 56 000 had been taken. The school replied that this was a device to help recover lost or stolen equipment, and it should have been disabled. This demonstrates that the capability was around at this time;
2010 – A new RAT called Blackshades emerged, sold for $40 on-line;
2012 – FinSpy surveillance ‘ware first appeared on a university lecturer’s computer. This program was developed by a U.K-German firm, Gamma and has been sold to many governments with questionable regimes [The Independent]
2013 – To disprove Apple’s claims that it was not possible to remotely operate their webcams without activating the warning light, researchers managed this by manipulating one of the micro-processors that operate hardware. After this was accomplished, an FBI agent confirmed that they had been using this technique for the last ten years. This year also brought Snowden’s revelations including the news that the NSA had successfully opened a backdoor to access cameras on iPhones and Blackberries.
2014 – The Swedish author of Blackshades, Alex Yücel and 100 associated people were arrested. The hacker was running a corporate style business that had generated sales of more than $350k – which suggests that many thousand copies of the spyware have been distributed. Further excerpts from the Snowden documents revealed that GCHQ in the U.K and the NSA in the U.S were routinely using malware for monitoring purposes. Privacy International claimed that British intelligence services used tracking malware such as Foggybottom (which collects browsing history and log-in data), Tracker Smurf (that monitors geographic location) and Grok, which is a key-stroke logger. Nosey Smurf takes over the microphone to record conversations. Both countries are though to use Gumfish, malware which hacks webcams.
What to do
The best option is to harden security in and around a system to stop infected files from entering or running. It is possible to disable a camera in the Operating System menu, though a RAT should not have trouble re-enabling it here. It is possible on some systems to enter BIOS and disable here, which is safer. To unplug external cameras when not in use is obviously the best option. Or simply cover it – go get that odd sock!