It’s Not Paranoia: Hackers Can Use Your Webcam to Spy On You

WASHINGTON (McClatchy Washington Bureau/TNS) -

Mark Zuckerberg does it. So does FBI Director James Comey. Should you?

What they do is cover up their laptop webcams — sometimes with just a piece of opaque tape — blocking computer hackers from activating the built-in cameras and spying on them.

The hackers do it using a type of malware, or malicious software, that lets them remotely hijack computers. In hacker lingo, they take control and “enslave” computers.

Motives of the hackers vary. Some are extortionists. Others lurk to obtain any kind of personal information or image to sell on the underground global market.

At a forum on cybersecurity this week in Washington, Assistant Attorney General John P. Carlin, who heads the national security division, said he was all for taping over webcams, given the prevalence of computer hacking.

“It does seem like a good idea,” Carlin said.

He’s got brainy company.

Zuckerberg, posted a routine-looking photo last week to his own social-media account — 70.2 million followers. Sharp-eyed viewers noticed that a laptop computer behind him had silver tape over the webcam and the microphone jack.

FBI Director Comey admitted in a question-and-answer session April 6 at Kenyon College in Ohio that he saw a colleague with tape over his webcam and decided to follow suit.

“I have, obviously, a laptop, personal laptop. I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera,” Comey told students.

Data security experts say the threat is real, prevalent and worth precautionary action.

“It’s not bad advice, per se. The effort it takes is very minimal,” said Satnam Narang, senior security response manager at Norton by Symantec, the California-based global data security firm.

The culprits commonly use RAT malware — which stands for remote access Trojan — and the hackers are sometimes called ratters. They attach the malware to photos, music files, documents or video and lure the user to click.

If you think you’d notice a little light coming on, indicating the webcam is in use, you could be wrong, experts said.

“It’s been shown that there is software that is able to disable the little light and still activate the webcam,” said Balint Seeber, the director of vulnerability research at Bastille, a cybersecurity firm with offices in Silicon Valley and Atlanta.

The RAT malware is easily obtainable and out-of-the-box easy, said Adam Benson, deputy executive director of the Digital Citizens Alliance, a nonprofit organization focused on internet safety.

“What’s scariest about it is not who’s doing it but how easy it is to do,” Benson said.

Malware with names like Sub7, Cerberus, njRAT, DarkComet and Sakula can let hackers root around a computer’s hard drive, performing all tasks — without consent.

“They can see into people’s lives, which is pretty eerie,” said Dan Ford, forensic analyst and tactical security engineer at Rook Security, a global IT security firm based in Indianapolis.

Curiously, Apple Inc. filed a patent claim this week that allows it to disable iPhones from recording video or sound or taking photos in venues where it’s prohibited, such as concert halls or theaters.

Seeber, the vulnerability expert, said those applying tape to their webcams shouldn’t rest easy. If they use wireless devices like a mouse, the radio frequency between the device and the dongle plugged into the computer make it vulnerable, too.

“You can actually hack into someone’s computer through that wireless dongle,” he said.