We Are Watching You

Recently there has been a lot of media hoopla over a website that displays IP cameras from all over the world.  The site looks to be based in Russia and purports to exist in order to demonstrate the importance of changing your device's default credentials.

"This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password."

Which I suppose is a reason to create a site like this.  After all, it is getting the media's attention.  However, I suspect that the reason might have more to do with the ad revenue being generated on the site as opposed to education.  I am sure the operator would say that the ads are to cover the costs of running the site.

I have worked on some pretty high-profile IP cams over the past few years and I have observed that my systems were being constantly probed.  The bulk of the probes have been coming from China, Taiwan, and Eastern Europe.  These are areas of the world that seem to have more than their fair share of probes and attacks.  I have done my best to ensure that my systems are not breached, and to my knowledge they never have been.

The insecam.com site comes as no surprise to me as I have been watching IP cameras from all over the world for years now.  There are plenty of databases where folks can register any "open" devices that they discover.  There exists plenty of software and web applications that are designed specifically to scan and probe IP cams, and just about any other connected device.  There is even malware or perhaps more appropriately spyware 🙂 that is designed to infect your computer and gain control of your webcam.  Last year there was a high-profile case in which Miss Teen USA 2013 was the victim of extortion after her laptop webcam was taken over.  The cracker took video of her, in her room, without her knowledge, and then threatened to release the pictures if she didn't perform online sex acts for him.

I personally don't like cameras in my house.  I have been poked fun of, because I will usually tape over the webcams and mics on my laptops.  I understand that when we are in public we are constantly being watched, but I do not care to invite prying eyes into my own home.  As Cassidy Wolf discovered, just because the camera's light is not on, does not mean it is not active.  I suggest that you put a little piece of electrical tape over your camera.  It is a low tech solution for a high tech problem.  If you want to use your camera, simply take the tape off.  So far I haven't had any problems with glue residue, but I can't vouch for your tape so you might want to test it on an inconspicuous area before putting it over your lens.

In Miss Wolf's case her attacker infected her laptop with a $40 piece of malware that not only allowed him control of her webcam, but also enables the controller to deny access to files and to record keystrokes.  The FBI reports that more than 500,000 computers world-wide are infected with this one piece of malware.

The massive data breaches this year have received some media attention, but none of the sensationalism of the photo and camera hijackings.  Take a look at this wonderful infographic to get an idea of how big the data breaches this past year stack up historically.  Still, the camera hijackings are much more personal.    Jared James Abrahams was sentenced to 18 months in federal prison for his sextortion case.  Although Miss Wolf did not submit to Jared's demands at least two other teens did.

The idea that children can be exploited in this manner is abhorrent and shows that our ubiquitous technology can be very dangerous.  Technology is a tool.  As such, it can be used for moral, amoral, or immoral purposes.  As our civilization becomes ever increasingly dependent on our technology these issues will continue to grow more hazardous.

It is important that we have at least a basic understanding of what is dangerous behavior.  Just like us country folk can be obvious marks in the city, most people on the Net are marks to hackers.  Even other hackers can be marks, just like criminals target other criminals.

You may notice that I don't use the term "hackers" very often when I am talking about "attackers" and "crackers".  I come from a time when you could not bestow yourself the title of hacker, it was something that was earned and bestowed by your peers.  A title that was held in high esteem.  I am sorry to say that at this point in history we have lost the original meaning of hacker to the media and popular culture.  Some have taken to labeling hackers as white, grey, and black hats.  Trying to distinguish between good, neutral, and evil.  But I always understood hacker to be a title of skill and not morality.  And then there are gurus, but I will leave that for another post.  🙂

The Net is no longer the playground of the few, it has become a world of its own, a world capable of affecting the real world.  The philosopher in me longs to drone on about what is the "real world" but I won't.  The point is to not go blindly into the cyber reality thinking that it has no effect on your reality.  The cyber world is enmeshed onto our reality.  You should no more venture on to the Net naively, than you would walk with your family down the streets of NYC wearing "I ♥ NY" t-shirts.  No dis on NYC, just something I think most people can relate to.  If you have never seen this gem, maybe it will help illustrate my metaphor.

Educate yourself, be careful, behave responsibly, and most of all, have a good time.

 

 

 

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Posted in Technical.

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *