A young woman surfs the internet on her laptop, while she casually chats to her friends on Facebook Messenger before she calls it a night. She closes the browsers and applications on her laptop and starts to get ready for bed. But before she gets ready, the little green light next to the lens of her webcam turns on.
The young woman looks at her laptop with confusion for a few brief moments. Little does she realise that someone has turned on her webcam remotely, and started to watch her through it. Have you heard this kind of story before? If it does, then you know that stories like this have happened in real life.
There have been hundreds of reported incidents where people’s webcams have been hacked, or ‘camfected’. Hackers that can utilise webcams, either build into laptops or propped externally, can also take the advantage of hacking into phone cameras, home security systems and anything else that’d be hooked up to your network (e.g. wifi, broadband).
The thought of an incident like this happening to you can be both distressing and disturbing, especially when hackers can watch, photograph, and collect images of you for illegal and malevolent reasons.
Webcam Hacking Incidents That Caught The Media’s Attention
It doesn’t matter if you’re a specialist in cryptography, a prolific socialite, or an average computer user, anyone is prone to getting their devices hacked and being watched by others via webcam.
In 2013, Rachel Hyndman from Glasgow, Scotland, saw her webcam turn on by itself while she was watching a DVD in the bath. Due to her knowledge and occupation in the IT industry, she immediately thought that someone else was accessing her network. She brought the story forward to BBC Radio 5 Live and explained how she thought that the police wouldn’t be able to help her case as it would have been difficult to track down the perpetrator.
In 2014, Russian hackers created a website that invaded the privacy of thousands of people around the world by hacking into their security cameras and live streaming both workers and non-workers that were unaware that they were being viewed. Journalists from the British Newspaper, the Telegraph, visited the site and recorded what they saw through the devices that were camfected. The viewings included an elderly woman sleeping and children watching television in living rooms. Fortunately, the website has been shut down near the end of 2014.
In 2015, a couple in Ontario, Canada, had their webcam that was placed in their child’s nursery, and ‘eerie music, and a voice [was] heard indicating the parent and child were being watched.’ started to play from their computer. In that same year, a young woman in Toronto, Canada, was photographed watching a programme on Netflix with her boyfriend one night from her webcam, and the images were sent to her the next day via Facebook.
In 2016, a distributed denial of service (DDoS) attack on the DNS host, Dyn, halted the service of various major websites like Twitter, Spotify, Amazon, Reddit, Netflix, and many more. It was later discovered that webcams distributed by Hangzhou Xiongmai, a Chinese electronics company, were involved in the biggest DDoS attack in internet history.
Why Hackers Would Hack into Your Webcam
There are a variety of reasons why hackers, especially black-hat hackers, would crack into your computer and utilise a your webcam without your knowledge. But most of the incidents that were brought to the public’s attention involved illegal profit and malicious content.
Before their site got shut down, the Russian hackers made an income from their website by showing advertisements on there. All while allowing unauthorised users to view others via the cameras. The Insecam project is a directory that allows users to browse and survey the public through IP cameras that aims to promote ‘the protection of individual privacy’. But the ethics and intentions of the people behind Insecam were questioned, if not scrutinised.
A Finland-based hacker under the name of ‘Matti’ told the BBC in 2013 that he hacked about 500 computers and obtained details which he sold on to others so they could install their own programs and control the devices and webcams remotely. While there are users that hack into webcams for profit, there are others that do so for their own personal intentions.
In 2014, Jared James Abrahams was arrested and imprisoned for 18 months for hacking into more than 100 people’s computers. Alongside that, he threatened girls and women with nude photos of them that he had secretly taken through their webcams.
After photographing the girls without their awareness, he threatened to post the images on their social media accounts unless they either send him more explicit photos, or undress for him on Skype. One of Abrahams’ victims was Miss Teen USA Cassidy Wolf.
How They Hack Into Your Webcams
It’s not hard for anyone to obtain a software that enables them to access your webcam from the outside. Furthermore it’s not hard for a hacker to crack into your computer and watch you if you have weak security defenses.
Remote Administration Tools (RATs)
A remote administration tool (RAT) is a piece of software or programming that allows a ‘operator’ to control a system as if they sitting in front of your computer. Usually used for criminal or malicious activity, an RAT software would be installed without your knowledge, which is why RATs are also known as Remote Access Trojan.
They can be downloaded easily from any website that you search on, or any peer-to-peer file sharing programs (P2P) like LimeWire, or P2P protocols like BitTorrent and Freenet.
A botnet is a network of private computers that can be controlled as a group to perform various tasks. The owner of a botnet can control it with a command and control software (C&C).
Additionally, the controller of a botnet, with malicious intentions, can take control of computers when their security has been breached, and it has been penetrated by a malware. The DDoS attack that happened in 2016 was performed with the Mirai botnet, a malware that turns networked devices, specifically outdated versions of Linux, into remote-controlled bot. Dyn labelled the Marai botnet as the ‘primary source of malicious attack traffic’.
If you operate on a computer that doesn’t have the latest version of an anti-virus software or operating system, someone can easily hack into that computer with malicious coding. Malicious code can be any code in a script or software system that intends to cause security breaches, along with any unwanted outcomes.
If your computer runs on applications that aren’t up to date, and you visit a web application that contains a malicious code, the hacker that embedded the code can take control of your computer and webcam within immediate effect.
How to Prevent Your Webcam From Getting Hacked Into
From learning about the cases and methods of webcam hacking, it is easy for a black-hat hacker to access the your webcam. However, it’s also easy for you to protect your computer from a hacker that wants to control your system and violate your privacy.
Keep up to date on your applications
In regards to malicious coding, keeping up to date with all of the applications that run on your computer is a way to minimalise the risk of your webcam getting hacked.
Having good anti-virus software or firewall on your computer is crucial if you don’t want the device to get affected by a RAT or other types of malware that can compromise your control over your webcam.
Keep your webcam covered or disconnected
One of the ultimate ways to prevent hackers from photographing you with your own webcam is to cover it with tape, or disconnect it from your computer if it’s external.
FBI Director, James Comey, warns the public at the Centre for Strategic and International Studies in 2016 that everyone should start covering up their webcams with tape(14) for privacy when connected to a network.
If your webcam is embedded into your laptop, and your LED light begins to blink randomly when you don’t have any applications open, cover your webcam immediately and disconnect your computer from internet.
Modify your webcam settings
If you have technical skills, you can modify the settings in your webcam application, and restrict the IP addresses that can access the webcam without your authorisation.
Getting a VPN, or better yet, a proxy that’s much stronger than VPN, installed onto your computer can also minimalise the risk of your webcam getting hacked too. To boost the security further, a strong password for each application, protocol, and/or proxy can be implemented.
To make sure that your applications don’t have any vulnerabilities, white-box testing can also be performed for you to see if there are any flaws, and fix them before a hacker would take advantage of them.
Saving Yourself From Potential Cyber Threats
With the way that technology is rapidly expanding, there is no 100% guarantee that your webcam is protected from malware and cyber criminals. But the little things you do right now, can save you from potential cyber threats in the future. That is why it’s more important than ever to follow the customs mentioned here to reduce the chances of your webcam being used by unauthorised users.
You don’t want to turn into one of the ‘bots’ that had their privacy held at ransom by malicious hackers, so it’s up to you to choose the best means that’ll prevent you from being viewed by someone who would impose a cyber attack on you.