The Internet is flush with webcam videos of people who clicked unwittingly on a malware link and opened their computer to anonymous miscreants intent on mocking, blackmailing or simply spying on them, according to a report being published Thursday.
There’s not enough being done about such little-known but alarming invasions of privacy, the Digital Citizens Alliance says in its report on computer “slaving” by programs known as Remote Access Trojans, or RATs.
However, the organization says both corporations and individuals can take steps to address the problem.
“Tape your webcam,” advises Adam Benson, deputy executive director of the Digital Citizens Alliance. “I have tape on both my work computer and home computer.” He also suggests not clicking on links with uncertain destinations, and keeping anti-virus software and device operating systems up to date.
“The camera on your computer, when hacked, can become a tool to spy on you in your own home. And it’s easy,” the report warns.
While the scope of the problem isn’t clear, report authors found hundreds of victim and tutorial videos shared online, as well as chat forums through which amateur hackers share tips and programs that are “inexpensive and technically simple to use.”
“I don’t think people necessarily know how prevalent it is,” Benson says. “The clear and present danger can be lost on people sometimes.”
For those who don’t take the adequate precautions, or whose virus-detecting software has not kept up with ceaselessly innovating hackers, the consequences can be dire.
One famous victim of computer slaving, 2013 Miss Teen USA Cassidy Wolf, fought back, informing the FBI and winning a prison sentence for a man who took photos of her using her webcam. But investigators believe many other victims don’t come forward or are unaware they were victimized.
Wolf was shown some of the victim videos in the report.
“This could have been my face blurred out,” she said, “and it’s sad because they seriously have no idea. I mean I had not one clue of having someone watching me. It never passed my mind for the entire year.”
One video cited in the report (but apparently removed from YouTube as of Wednesday), featured a discussion in Arabic of the young woman being surveilled. “This girl is seriously the most beautiful victim I’ve had so far. She is quite clean, I just saw her naked,” a viewer wrote in Arabic.
Benson says the use of RATs, which can affect viewers in less visual but equally disturbing ways by granting hackers access to all files on a computer, can’t be crushed entirely by the use of anti-virus and anti-malware software.
Even Internet users who are aware of the potential harm and take measures to protect themselves may not be immune. “I don’t think they realize there’s a community out there that’s strategizing all the time about how to bind malicious files to movies and music and videos,” Benson says.
Law enforcement experts cited in the report expressed concern about authorities’ readiness to combat the problem, and noted the various abuses hackers can inflict.
“I think that RATs are an interesting tool because they allow the criminals to do any number of crimes. I mean we’ve talked about going after young women and their computers, but you know the sky’s the limit for the types of cases that a RAT can be used in,” said Wesley Hsu, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office for the Central District of California.
Scott Aken, a former FBI cybercrime agent, told report authors that “law enforcement just isn’t equipped at this stage of the game to keep up with this stuff as fast as it’s changing. People aren’t trained enough.”
The Digital Citizens Alliance says it’s important that, in addition to Internet users and law enforcement, companies be more aggressive in combating the exploitation of victims.
Many companies unwittingly have advertisements on victim or instructional videos, according to the report. And revenue-sharing by companies like YouTube may pay some culprits for their misdeeds if they aren’t detected.
Google, YouTube’s parent company, has unveiled an online mechanism that allows people to request removal of non-consensual material from its platforms. The reporting form can be used to remove content taken from “slaved” computers, though it was established in part to address revenge porn.
But to report an intrusion, people first need to know about it. Despite hundreds or thousands of views on YouTube videos – which can be found by searching “rat victims” – it’s usually not clear victims are aware their actions have been broadcast to the world.
The report says that can be rectified if Google treats the content like child pornography and crafts a comprehensive response.
A YouTube spokesperson said in an emailed statement the video-hosting service, which sees an estimated 400 hours of video uploaded every minute, “has clear policies that outline what content is acceptable to post, and we remove videos violating these policies when flagged by our users.”
YouTube says it takes the matter seriously and that its policies include a ban on instructional videos for hacking people’s computers. Any user can “flag” a video for review.
Benson says the report’s aim is to help kick off a conversation about the threat. “It’s an issue that will simmer up at some point,” he says.
Source – http://www.usnews.com/news/articles/2015/07/29/tape-your-webcam-horrifying-malware-broadcasts-you-to-the-world