My wife recently showed me an article about Miss Teen USA having her computer hacked. Let me start off by saying I konw this is a delicate subjct and I have a lot of sympathy for this lady as I know people who have gone
through similar horrible experiences. I think it is important to take a look at this incident from a technical perspective.
I've ready a number of articles on this incident now and they all focus on the social side of the issue and how scary it is to think that someone could be watching you through your webcam at any time and you wouldn't know about it. After my wife showed it to me, I did a little research on how this can be done. My goal here is to dispel a little of the fear surrounding this event and explain what you can do to keep yourself safe. There are two main methods an unscrupulous person could use to do this kind of thing.
through similar horrible experiences. I think it is important to take a look at this incident from a technical perspective.
I've ready a number of articles on this incident now and they all focus on the social side of the issue and how scary it is to think that someone could be watching you through your webcam at any time and you wouldn't know about it. After my wife showed it to me, I did a little research on how this can be done. My goal here is to dispel a little of the fear surrounding this event and explain what you can do to keep yourself safe. There are two main methods an unscrupulous person could use to do this kind of thing.
RATs
Or remote administrator tool is a way to access and control a remote computer from another physical location by sending commands over the internet. Programs like this have legitimate uses like help desks and tech support resolving problems for customers. They also have more nefarious uses, like watching girls over a webcam. With a RAT you can basically do anything on a computer you could do while sitting at the keyboard and using the mouse.
The interesting bit is how they get on your computer. Either to make their articles more interesting or from a lack of knowledge most of the authors write as though someone can magically make one of these appear on your computer and then turn on your webcam and take pictures of you. This is a little exaggerated.
A RAT is like any other virus or trojan. On modern operating systems you need to do something to let the virus get on to your computer. You need to download the executable and run it for anything to really happen.
A Webpage
There are some experimental java script libraries that would let someone activate your webcam and take pictures of you. However, for this to work you would have to be on the web page for long periods of time with your computer turned on. This is a specific web page too, not just facebook or gmail, but a webpage the attacker sent you.
So, what probably happened here? The fact that he knew her is probably significant. Most likely he circulated a program around his classmates. Tools are freely available that would let you package a RAT with a legitimate program. The attacker probably just put the link on his facebook or emailed it to a number of classmates with no idea who would wind up installing his RAT. The fact that he got a high profile girl was probably random chance.
How can I stay safe?
If you take one thing away from this article, make it this section. This poor young lady could've avoided this with some education about internet security and safety. Here are a few tips for preventing something like this.
- Don't click on links from people you don't trust (even friends who might be playing a prank on you)
- If you get a suspicious email with a link to a site you don't know, don't click on it
- Don't download programs from anywhere but a trusted website
- If you don't know if a program or website is legitimate, google "is <program> a virus" or "is <website> trustworthy" and read the first few results
Lastly, don't ever hesitate to find a geeky (trustworthy) friend and ask us to take a look at your computer. We'd much rather spend an hour of our time making sure you're safe than have you spend weeks or months in court getting something like this dealt with.
No comments:
Post a Comment