Saturday, 22 November 2014

Beware, Webcam Hacking On The Rise! 13 Tips To Protect Your Webcam From Hackers

The public is being warned about a website containing thousands of live feeds to baby monitors, stand-alone webcams and CCTV systems. Data watchdogs across the world have drawn attention to the Russian-based site which lists thousands of webcam streams from around the world -- including in the United States, Canada, western Europe, Zimbabwe, Kenya, Pakistan amongst others -- were streamed by a website thought to be based in Russia.

The website's operator claims to be republishing the feeds -- from sources including CCTV and baby monitors -- to highlight security weaknesses.

Sequel to this, fifteen people have been arrested, including four in the UK, in connection with the hijacking of computers. Other arrests were made in Estonia, France, Romania, Latvia, Italy, and Norway.
Police say the individuals were using software designed to remotely control computers - allowing for the stealing of information.

The practice, which in some instances can grant access to a victim's webcam, is known as "Ratting".
The phrase takes its name from the malicious software used to gain control - Remote Access Trojans (Rats). "Victims are typically infected by being convinced to click on a link purporting to be a picture or video, or disguised as a legitimate file, but is instead an installer for the Rat," the NCA explained in a statement.
"In many cases, those who unwittingly install such trojans will have no indication that their machine is infected."

Using Rats to view people through their own webcams, without their knowledge, is becoming "increasingly common" according to the UK government-backed Get Safe Online advice website.

The National Crime Agency (NCA) said it arrested two 33-year-old men, and a 30-year-old woman, in Leeds. A 20-year-old man was arrested in Chatham, Kent, while a 19-year-old man had his home searched in Liverpool and was brought in for "voluntary questioning". They are all accused of knowingly using Rats to spy on multiple targets.

As well as the arrests, the NCA said it was warning other users that the software was illegal, and its use would result in further action.

"The illegal use of Remote Access Trojans is a significant cybercrime threat, demanding this kind of strong, co-ordinated response from international to local UK level," said Andy Archibald, deputy director of the NCA's National Cyber Crime Unit.

"Suspected users of Rats are continuing to find that, despite having no physical contact or interaction with their victims, they can still be identified, tracked down and arrested by the NCA and its partners."


China-based Foscam was the most commonly listed brand affected, followed by Linksys and then Panasonic.
"We are still trying to determine which Linksys IP cameras are referenced on the site," said a spokeswoman from the US firm.

"We believe they are older Linksys IP cameras which are no longer being manufactured.
"For these cameras we do not have a way to force customers to change their default passwords. We will continue to educate consumers that changing default passwords is extremely important to protect themselves from unwanted intruders.

"Our newer cameras display a warning to users who have not changed the default password; users receive this warning whenever they log into the camera, until they set a new password."

Panasonic added that its CCTV kit was also designed to encourage users to set their own log-in credentials.
"Every time a user logs on to our system, they are prompted to change their default password," said Sean Taylor, a security executive at the firm.
"We would urge all users to change passwords regularly, in order to maintain the integrity of the system."

Foscam added that its current range of products also requested owners set their own passwords.

In the aforementioned scenario, the webcams were said to be using default login names and passwords such as “admin” or “1234,” which made the job of snooping on the feeds easy. 

Such websites “highlight the importance of password hygiene,” said Mark Nunnikhoven vice-president, Cloud & Emerging Technologies at security firm Trend Micro.

“The default password that any Internet-connected device ships with is trivial to locate. Leaving the default in place allows this type of site to be created through very basic scripts. After a simple web crawl and login attempt you can access these devices remotely and most likely without the owners’
knowledge.”

In the same vein, “Unsecured routers create an easy entry point for hackers to attack,” said Vince Steckler, chief executive officer at Avast. “Our research revealed that a vast majority of home routers in the U.S. aren’t secure. If a router is not properly secured, cybercriminals can easily gain access to an individuals personal information, including financial information, user names and passwords, photos and browsing history.”

13 Tips To Protect Your Webcam


The University of Surrey's Prof Alan Woodward is among security experts who have suggested internet users should now update their login details. He suggests the following rules should be observed when picking a new password.

1. For passwords, don't choose one obviously associated with you because hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

2. Choose words that don't appear in a dictionary. Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

3. Use a mixture of unusual characters. You can use a word or phrase that you can easily remember but where characters are substituted, eg Myd0gha2B1g3ars!

4. Have different passwords for different sites and systems such that if hackers compromise one system you do not want them having the key to unlock all your other accounts.

5. Webcams can be affected by viruses so be wary of emails and social network messages from strangers

6. If your laptop or desktop has a built-in webcam, be sure to have good computer security software. A good security suite includes antivirus, anti-spyware, a firewall and other tools to help keep the bad guys out. 

7. Also, good web browsers like Internet Explorer etc should also notify you if your webcam is being activated. Similarly, most video chatting websites, like Chatroulette, will warn you it’s about to enable your webcam (e.g. “Press Start to enable your webcam and mic”).

8. Avoid putting webcams in bedrooms or other private areas

9. When not in use, unplug the webcam, cover the lens or point it at a blank wall.

10. Be sure you can trust the person you are chatting to and remember webcam footage can be recorded and potentially shared online.

11. If you’re using an external webcam -- one that plugs into your computer’s USB port -- connect it only when you need it. Yes, it can be a pain to remember to plug it in whenever you want to Skype or Facetime with someone, but at least you’ll know 100 percent you aren’t been spied on if there’s no camera connected.

12. Should your PC need repairs, take it to a trustworthy source. Ensure your device doesn’t have remote-access programs on it that you didn’t install yourself, such as LogMeIn, Splashtop, TeamViewer and so on. If you find something suspicious, immediately uninstall it and bring your computer to a trusted source.

13. If you have been the victim of inappropriate sexual contact via webcam tell a trusted adult and report it to the police via the Child Exploitation and Online Protection centre (Ceop)


References:
CNN, BBC, ChildNet International, Ceop, Norton