Imagine laying in bed with your significant other on a random Wednesday night watching something on your computer.
Now imagine finding out that a hacker had been watching you the whole time through your laptop.
That’s precisely what happened to Chelsea Clark and her boyfriend one night while watching Netflix on their laptop. Unbeknownst to them, a hacker was taking pictures of the couple laying intimately in bed with each other by accessing the laptop’s webcam.
Clark wasn’t aware of the invasion of privacy until she logged onto social media the next day and saw pictures that the hacker sent to her.
Besides hacking into the computer to use the webcam, the perpetrator also worked their way into Clark’s profile and added themselves to her contacts, so that they could send Clark the pictures. Since Clark’s privacy settings prevent “non-friends” from sending her messages, the hacker had to do so in order to show her the images.
If you’re not creeped out, perhaps you should be. After all, you’re probably sitting on your laptop right now with a webcam pointing straight at you. Do you know if you’re being watched?
Devices at Risk: Use With Caution
The good thing about the progression of technology is that you can keep tabs on just about anyone at anytime at any location. The bad thing about the progression of technology is, well, the same.
Although it may be a good idea to keep tabs on what is going on at our homes, schools, and jobs by monitoring them with cameras, it can also create the catalyst for a terrifying situation.
A Minnesota couple told KTTC that they noticed something was off with their surveillance system when they heard it playing strange songs at night. They later discovered the camera was hacked by someone with an IP address located in the Netherlands and that their pictures were posted online.
An Ohio couple thought they had an intruder in their home one night when they heard a loud voice shouting, “Wake up, baby!” Turns out the voice was coming through their baby monitor camera. Hackers were able to move the camera independently, which was only supposed to change position upon sensing the baby’s movement, and shout obscenities at the couple, as well.
Do you have a device that is at risk for hacking? Chances are the answer is yes.
“In general, there are two types of devices that are hacked: devices connected to a personal computer (e.g., a webcam) and standalone devices that are connected to the Internet (e.g., networked security cameras or baby monitors),” says Jonathan Katz, PhD, professor in the Computer Science Department at the University of Maryland and director of the Maryland Cybersecurity Center.
“Accessing the first type of device would require a hacker to get access to the computer; this could be done by exploiting a vulnerability on the computer, but more often happens if the user is tricked into visiting a malicious website, installing malicious software, or opening a malicious email attachment.”
Getting into the standalone devices, however, is often easier for hackers, as these products typically have weak security features, says Katz.
Keeping Hackers Out of Your Device
In 2016, then-FBI Director James Comey said in a Q&A that he placed a piece of tape over the webcam on his laptop to prevent hackers from seeing through his webcam. He urged everyone else to do the same.
Although it sounds archaic, if the old tape-over-the-camera technique is good enough for a Director of the FBI, then it should be good for the rest of us, right?
But besides that, is there anything the average citizen can do to stop nosy hackers from getting into their devices?
“To prevent this type of attack, users need to follow basic security practices: they should not click on links from unknown sources, install software from questionable sites, or open email attachments from unknown senders,” Katz says. “In addition, they should be running antivirus software.”
Another way to keep your private business private is to think long and hard when it comes to creating a strong password. Hackers are less likely to access accounts that contain tricky passwords than those that are easy to figure out.
The long-held idea about password security involved creating a splatter of random numbers, symbols, and whatever other characters you could squeeze out of your keyboard. The reality is far simpler: A random string of words will typically be more secure than most attempts to handcraft a cryptographically-secure password.
XKCD cartoonist Randall Munroe illustrated this in “Password Strength,” writing, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
The National Institute of Standards and Technology, which originally recommended the aforementioned password splatter, now recommends verifiers to avoid composition rules and expiration dates and encourages users to make longer, memorizable passwords. Cybersecurity company Sophos suggests using passphrases with appropriate capitalization and spacing.
Owners of standalone devices have a bit more to worry about as they typically aren’t nearly as protected as a laptop.
“Unfortunately, the second type of device (standalone devices connected to the Internet) often have poor security, and there is not always anything users can do about it,” says Katz. “However, they should check for security updates from the vendor and also change the default password, if possible.”
Owners can also register their devices with the manufacturer. Doing this means that if the company detects an issue, they can alert owners that an update is needed. Using encrypted Wi-Fi and ensuring the device’s firmware is up-to-date can also keep trespassers out.
Along with covering your webcam with tape or even a piece of paper, you can also remove devices that have cameras out of rooms in which incriminating behavior could occur, such as the bedroom or bathroom. Although you still want to take measures to stop hackers from getting into your computer, this at least prevents them from seeing you when you’d rather not be seen.
Where are the laws to protect us?
Hackers can obtain some seriously personal information by accessing laptops and other devices. In fact, they can probably get their hands on items you didn’t even know about, including frequent flyer miles, your tax returns, and your health insurance. What’s more, a hacker can even access your company’s chat system, commit crimes in your name, and impersonate you on social media, all by getting into your laptop or computer.
It’s probably natural to want to see the hacker who accessed your personal information receive some kind of punishment. Under the current set of laws regarding cybersecurity and data privacy, however, you may not see much done.
The Computer Fraud and Abuse Act is an amendment that was made in 1986 to the Counterfeit Access Device and Abuse Act that was created in 1984. As the law stands, victims must experience $5,000 or more in damages before they are able to go after the hacker. Additionally, 1986 was the last time this act was changed. Surely, computer technology has changed since then, but for some reason, the wording of the act has remained the same, stopping many victims from being able to seek justice.
For example, the bill states that “interception, use, or disclosure of electronic communications without the consent of at least one party” is prohibited. However, based on that wording, it doesn’t seem that courts believe getting into a webcam illegally and taking pictures of people unsuspectingly and then potentially posting them online is a violation of the act.
Are you at risk for hacking?
In 2014, CNN reported that hackers had exposed the personal information of 110 million adults in America: That’s almost half of the adults in the country. Also in that year, up to 432 million accounts were hacked. That’s a whole lot of information leaked.
By now, you’re likely wondering what the odds are of getting hacked. If you click on ads and suspicious emails willy nilly, your chances are probably high, particularly since hackers typically access webcams through Trojan horses. If you’re careful, however, you may not have to be as worried.
Hacking into a nanny cam or similar device is far more rare.
“I don’t know if the average user has to be very concerned about this—the odds are against them being targeted, and other threats (like ransomware) are probably more serious. But it is definitely a possibility,” says Katz. “And it is easy to defend against by simply covering webcams when not in use and taking other basic security measures.”
Save for seeing yourself in pictures on the web that you don’t remember taking, or noticing charges you didn’t make personally on your accounts, there’s not a whole lot you can do to find out if you’ve been hacked.
“Some devices have a light that goes on when active, and that can be a tip-off; however, hackers can also sometimes disable those,” says Katz. “In general, one can run antivirus software to try to detect malicious software running on your machine.”
And just who can hack into your devices? Just about anyone, thanks to tutorials and online advice, says Katz. Wannabe hackers can easily look up how to access certain devices and purchase software packages that can help in the hacking process.
After reading this, it’s probably natural to want to chuck all of your devices and start living off of the grid. But if that’s not possible, know that you can likely keep yourself safe by just playing it smart. And covering the camera.