A couple of days ago I was interviewed on LBC radio about the recommendation from FBI director Jim Comey that everyone should cover their webcams. You can listen to what I had to say here:
The media response to this advice (much like the response to the fact that Mark Zuckerberg covers his) seems to have been one of surprise. However, for most in the cybersecurity industry, it won’t come as a shock. I’ve covered my laptop webcam for years as one of many precautions to stay safer online.
How a webcam can be hacked
Criminals can gain access to a webcam by using malware or Remote Administration Tools (RATs). Malware and RATs can be planted on your machine most commonly via infected files or malicious links, so being wary of what you click on whilst using the internet and opening emails is crucial.
Remote-access webcams are vulnerable to hacking like anything else connected to the internet, often by owners using default or weak passwords.
How often does it happen and why should I care?
Like all crime, let alone cybercrime, it’s impossible to say how often it happens. They key consideration for me, here, is impact. If your webcam is hacked, the impact of that can be huge. Think about the amount of time your laptop screen is left open, ‘looking’ at you. Perhaps you leave it open in your room while you get changed, perhaps you work in your underwear, perhaps I’ll leave you to think about all of the other things you do in front of your laptop screen that you would rather not share with the rest of the world.
There have been some pretty well-known cases of webcam hacking:
- In 2014, Jared James Abrahams was sentenced to 18 months in prison for hacking the webcams of women and girls and secretly taking photos of them while they were undressed. He then contacted his victims and threatened to publish the photos online if they did not send more or undress for him via Skype. Abrahams reportedly told investigators that he hacked the webcams of 150 women and girls. One of his victims was Miss Teen USA, Cassidy Wolf, who has since campaigned to raise awareness of cybersecurity among young people.
- In 2014 it came to light that a Russian website was sharing videos illegally captured from 10,000 webcams worldwide (584 of which were in the UK). The site targeted remote-access cameras that were still ‘protected’ by the manufacturer’s default password, whilst also providing the information needed to hack into the camera systems, plus GPS locations and postcodes. The site proclaimed that it was in operation to highlight the importance of security settings.
- In 2015, Stefan Rigo was convicted in the UK of using the malware ‘Blackshades’ to infect victims computers and take over their webcams. Forensic examination of his computers found images of people engaged in sexual acts over Skype or in front of their computers. During his trial he admitted to being addicted to monitoring people via their computers, spending 5 to 12 hours a day doing so over a three year period.
So, should I cover my webcam and then I don’t have to worry about it?
I recommend covering your webcam. You probably don’t use it much and it’s easy to cover it with a little sticker or piece of sticky paper which you can simply temporarily remove when you need to use it. This will stop anyone being able to see you or take images of you via our webcam without you knowing about it.
However, this is – literally – a sticking plaster for the problem. Covering your webcam is one thing but if your webcam is hacked, that means your machine has been hacked and the attacker could be accessing all of your other information and / or using your machine as part of a DDoS botnet. So at the same time as covering your webcam, you should also:
- Be wary of clicking links and downloading documents when you browse the internet and read emails, texts, whatsapp messages, etc
- Use anti-virus and anti-malware software
- Keep devices and software up-to-date so that known bugs will be patched and can’t be exploited by attackers
- Don’t use public wifi where you could become the victim of a man-in-the-middle attack
- If you have a remote-access webcam, change the password from the default one. Use a strong password
Remember: there is a webcam on your mobile phone and your phone probably sees more intimate images of you than even your laptop does. Your mobile is a computer and can be hacked just like your laptop, so all of my advice relates to them, too. Chances are that you use your phone camera more than your laptop one and so a sticker might not be practical, in which case there are products available which can cover the front and back lenses whilst still giving you access to the camera.