Whether hackers are able to remotely switch on victims’ webcams without the camera light giving the game away has been the subject of some debate. Now we learn that not only can it be done, it is done by the FBI.
When Miss Teen USA announced she had been blackmailed over nude photos taken via her webcam, she said, “I wasn’t aware that somebody was watching me [on my webcam]. The [camera] light didn’t even go on, so I had no idea.”
Is that possible, asked Naked Security. “Can webcams be rigged so as to record without the light coming on?” Chester Wisniewski, senior security advisor at Sophos, responded, “Some laptops allow you to turn the light on and off in software, others only work physically. I think it is certainly possible, if unlikely.”
Now we learn, in a report published by The Washington Post, it is not only possible, it is done by the FBI. Details came to light in a Post article on court documents seeking – and gaining – authority to hack a suspect’s personal computer and place spyware on it. “The FBI’s elite hacker team,” reports the Post, “designed a piece of malicious software that was to be delivered secretly when Mo [the suspect] signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents.” The method used is a classic spear-phishing attack. In this particular incident, the attack worked, but the malware failed.
However, the purpose was to obtain any information possible to tie Mo into bomb threats made shortly after 12 people were shot in a movie theater in Denver in July 2012. “The most powerful FBI surveillance software can covertly download files, photographs and stored e-mails, or even gather real-time images by activating cameras connected to computers, say court documents and people familiar with this technology”, continues the Post.