An international bust of people illegally using remote-access Trojans (RATs) to hijack people’s webcams last week led to the arrest of 16 people across Europe.
The UK National Crime Agency said on Friday that five people had been arrested in the UK, and another man was brought in for voluntary questioning.
The list of those targeted in the UK:
- Two 33-year-old men and a 30-year-old woman arrested in Leeds.
- A 20-year-old man arrested in Chatham, Kent.
- A 40-year-old, arrested in Darlington, whose gender wasn’t disclosed.
- A search warrant was also executed on a 19-year-old man from Liverpool who was brought in for voluntary questioning.
Another 11 people were arrested in Estonia, France, Romania, Latvia, Italy, and Norway.
RATs let crooks gain complete control over targeted computers anywhere in the world, enabling them to turn victims’ webcams on and off, to access banking or other personal information, to download new and potentially illegal content, or to use the victim’s computer to commit additional crimes, such as being a zombie computer in distributed denial of service (DDoS) attacks.
Victims are typically infected when they fall for a rigged email, clicking on a link purporting to be a picture or video or disguised as a legitimate file, but which is in reality an installer for the RAT.
The Trojans quietly, insidiously slip onto victims’ computers, often leaving no clue that a machine is infected.
The international bust comes in the wake of recent news about a site – Insecam – that appeared to be based in Russia and which was until recently showcasing feeds from webcams secured with default passwords.
On Thursday, the UK privacy regulator, the Information Commissioner’s Office (ICO), warned about Insecam.
Information commissioner Christopher Graham urged Russian authorities to take immediate action to take down the site.
Graham said that in addition to taking part in the international effort to close down the Russian site – which was streaming live feeds from baby monitors, bedrooms, gymnasiums and gym CCTV – he also would be working with the US’s Federal Trade Commission (FTC) to try to force the site to close if the Russian authorities failed to cooperate.
Graham said in an interview with BBC Radio 4’s Today that it’s imperative for people to secure their webcams, which are often installed with default passwords that are easy for crooks to guess:
I’m very concerned about what this [website] shows and I want the Russians to take this down straight away ... We now want to take very prompt action working with the Federal Trade Commission in the States to get this thing closed down. But the more important thing is to get the message out to consumers to take those security measures. If you don’t need remote access to a webcam then switch off that function altogether.
The ICO also published these tips on how to secure webcams by setting hard-to-guess passwords and other steps, including turning off remote viewing if you don’t think you’re going to use it (an option that normally won’t stop you from viewing the footage on your home’s Wi-Fi network).
The NCA didn’t say if there is any connection between the arrested RATters – who allegedly installed malware to take over webcams and/or commit other remote-access dirty deeds – and Insecam, which seems to have used a different tactic to take over webcams: namely, using tools that crawl the web, looking for unsecured webcams, and who then apparently broke into those internet-enabled cameras by guessing their easily guessed passwords.
At any rate, as of Sunday, Insecam seemed to be kaput, and whoever was running the site seems to be looking for a job.
Each tab on the site, which previously led to various categories of webcams, has now been appended with “No”.
No World CCTV cameras online, No AvTech DVRs, No Foscam cameras, etc.
Instead, each tab led to the same request, for a “good remote job” for a programmer with skills in Linux, FreeBSD, C/C++, Python, and MySQL.
At this point, with the way things are going with webcam hijackers, Mr or Ms Insecam might have to do that remote work behind bars!Follow @NakedSecurity