A webcam is certainly one way the bad guy can get intelligence about you. They can use it to spy on you. They can listen into everything you say all day. They know when you are home or not, whether or not you have an alarm, they watch you. But in my opinion, the real issue here isn’t the webcam, but the technology that allows for full remote control access to your network.
If you are a cave dwelling uni-bomber you may have missed the story about the family who is already involved in numerous civil judgments (litigious bugs me) suing their sons school for spying on him with the school issued laptop. Apparently, it’s not OK to spy on students who are issued a school laptop.
The school apparently installed laptop tracking software that is designed to find a stolen laptop. Laptop tracking is often IP and GPS based that provides location based detection when plugged into the Net. The trick to this particular laptop tracker was a peeping Tom technology called a RAT. AKA “Remote Access Trojans.”
RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. But what’s most damaging is full access to your files and if you use a password manager they have access to that as well.
RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”. This RAT allowed the school district full remote access to the student’s laptop, and at his home and in his bedroom. Creepola!.
Now the FBI is in the fray. According to the original complaint, the student was accused by his school’s assistant principal of “improper behavior in his home” and shown a photograph taken by his laptop as evidence. That kind of backdoor slap in the face for bad behavior certainly raises an eyebrow. For every action there is a reaction as they say.
Installing RAT’s can be done by full onsite access to the machine or opening an infected attachment, clicking links in a popup, installing a permissioned toolbar or any other software you think is clean. More ways include picking up a thumb-drive you find on the street or in a parking lot then plugging it in, and even buying off the shelf peripherals like a digital picture frame or extra hard drive that’s infected from the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.
There are plenty of remote access programs that use legitimate back door technology that we consume every day. Examples include LogMeIn and GoToMyPC remote access. Your desktop has “remote desktop” which acts in a similar way. There are a dozen iPhone Apps that do the exact same thing.
An unprotected PC is the path of least resistance. Use anti-virus and anti-spyware. Run it automatically and often.
A PC not fully controlled by you is vulnerable. Use administrative access to lock down a PC preventing installation of anything.
Many people leave their PC on all day long. Consider shutting it down when not in use.
Unplug your webcam if you are freaked out by it. If it’s built into your laptop cover it up with tape. You may also be able to disable it on start-up and uninstall it and remove the drivers that make it work.
And invest in identity theft protection.
Protect your identity.
1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE
4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing Webcam Spying on The CW New York