12-09-2013 06:11 AM - edited 12-09-2013 06:12 AM
Whether hackers are able to remotely switch on victims' webcams without the camera light giving the game away has been the subject of some debate. Now we learn that not only can it be done, it is done by the FBI.
When Miss Teen USA announced she had been blackmailed over nude photos taken via her webcam, she said, "I wasn't aware that somebody was watching me [on my webcam]. The [camera] light didn't even go on, so I had no idea."
Is that possible, asked Naked Security. "Can webcams be rigged so as to record without the light coming on?" Chester Wisniewski, senior security advisor at Sophos, responded, "Some laptops allow you to turn the light on and off in software, others only work physically. I think it is certainly possible, if unlikely."
Now we learn, in a report published by The Washington Post, it is not only possible, it is done by the FBI. Details came to light in a Post article on court documents seeking – and gaining – authority to hack a suspect's personal computer and place spyware on it. "The FBI’s elite hacker team," reports the Post, "designed a piece of malicious software that was to be delivered secretly when Mo [the suspect] signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents." The method used is a classic spear-phishing attack. In this particular incident, the attack worked, but the malware failed.
12-09-2013 10:29 AM
Nice one, my friend.
I have always wondered about this and heard many people at work (a number of which I assume are knowledgable based on what they do) expouse on the topic...but this is the first time that I have come across something that looks this conclusive.
At least it needs a malware 'drop' to undertake and hopefully the like sof WSA will catch the little critter in its tracks when it tries to do its nefarious best.
Am going to take time to re-read the full topic.
Thanks, and regards
Webroot SecureAnywhere Complete Beta Tester v188.8.131.52, imaged by Macrium Reflect v7