Why you should care
Because even in the age of Facebook, we still want some privacy.
At an old job in New York, one OZY editor and all her female colleagues covered their laptop cameras with yellow Post-its. Each had had one too many creepy experiences with an overly friendly IT guy. Call them paranoid, but maybe they were just prepared. In one study, researchers at the University of California, Berkeley found:
of people know when their computer is recording them.
Rebecca Portnoff, the lead researcher, happened across some Web forums that discussed things like webcam hijacking. “Obviously creeped out,” she wanted to figure out a defense for the public. She and the other researchers had 98 people sit at a computer and perform two tasks — one computer-based, the other paper-based. During the session, the webcam would activate and record a 10-second video, also activating the computer’s camera indicator light. Less than half of everyone working on his or her computer didn’t notice when the light was on. Even worse? Only 5 percent noticed the light when they were distracted by filling out a paper questionnaire. This is problematic because most computer spying happens when people are in front of their computer but not actually using it. Noticing the indicator light doesn’t do much, though: The researchers also found that a majority of the participants had no clue what the light even meant.
Hackers conduct this wizardry through Remote Administration Tools, or RATs, which are just as nasty as the beady-eyed rodents. RATs allow a person anywhere in the world to do sinister things on your laptop like commandeer the camera or rifle through your files and photos — all by tricking you into downloading a program. Some criminals use these “Swiss army knives of cybercrime,” as cybersecurity firm Lancope’s threat intelligence expert Gavin Reid calls them, for “sextortion,” which is pretty much what it sounds like: Creeps film videos or take photos of unsuspecting people undressing or having sex and then threaten to release the recordings if the victims don’t pay a ransom. It’s similar to what the FBI calls “ransomware”: An attacker overtakes your computer, turns on your webcam and demands payment to restore control of your device. Hackers not-so-affectionately refer to the unwitting performers as their “slaves” in online forums or websites dedicated to the display of the ill-gotten acquisitions. Reid says this happens all too commonly.
Portnoff says there aren’t reliable statistics on how many people are being recorded without their knowledge, but the effects can be devastating. She adds, “The ones who you hear about are the ones who get caught.” Last year, the FBI estimated around 700,000 people had been victims of just one RATs program created by a couple of 20-somethings and sold online for $40. Nick Buchholz, senior threat researcher at computer security company Damballa, says he wouldn’t be surprised to see more and more RATs created that allow hackers to initiate chats, stream video or take snapshots. It’s like the Chatroulette you didn’t sign up for.
All is not lost, however. Portnoff’s study also looked at ways to get people to notice when their webcam is on. A giant, red, flashing camera symbol on the screen helped. Portnoff hopes the computer industry will adopt more proactive warnings like hers. Unfortunately, noticing your indicator light isn’t enough to guarantee someone isn’t spying on you: It’s possible to activate a laptop’s little camera without detection, according to Reid. Pulling off that trick, though, says Portnoff, is the hacker “holy grail.” So what does Portnoff herself do? “I keep a sliding sticky device over my webcam. And make sure my anti-virus is up to date.” The cybersecurity experts suggest you do the same. (Paranoid OZY editor, consider yourself vindicated.)