When Chelsea Clark slipped into bed with her boyfriend for a cozy night of Netflix viewing, she probably didn’t consider the possibility that they weren’t alone in the room.
But, unbeknown to the couple, they were actually sharing their movie night with a third party who was watching them via the webcam on their laptop.
It was only the next morning, on 23 July, when Clark logged into Facebook, that she realised someone had invaded her privacy.
Someone identifying themselves as Mahmoud Abdo from Cairo, Egypt, had sent a misspelled message saying:
“Abdo” also included a number of photos of Clark and her boyfriend, possibly taken via the webcam using a remote access Trojan (RAT).
RATs are a type of malware that criminals can use to control your computer to do anything you could do – such as turn on your webcam, record your screen or keystrokes (to steal passwords, for example), look at your files, launch applications, or hold your computer to ransom.
A high profile case that put the spotlight on the use of RATs was that of Miss Teen USA Cassidy Wolf who had her webcam hijacked and the stolen footage used to blackmail her.
Speaking to Newstalk1010 in Toronto, Clark said the thought that someone was watching her was “a terrifying notion,” adding that:
It was a really bizarre thing to receive those messages and it really took a second to be like, "Oh my God, that's what this means, that's the implication of receiving this message is someone was just watching us."
We obviously had no idea it was taking place in the moment, but retroactively it was like a really, really deeply creepy feeling. It was very unnerving. I mean it does feel like there's someone just in your home with you.
Clark went to the police the day she received the messages. Officers are conducting forensic analysis on her boyfriend’s laptop as their investigation continues.
A hacker doesn’t need to be particularly skilled to use a RAT to hijack your computer – RATs such as the infamous Blackshades are widely available on cybercrime forums for as little as $40.
As we recently reported, there are even instructional videos for using RATs available on YouTube.
The good news is there are some simple ways to defend against this kind of malware:
- Ensure that your computer is not susceptible to RATs and other types of malware by installing security software and keeping it up to date.
- Patch applications in a timely fashion.
- Think carefully about who you connect with on social networks, especially if you don’t know the person well.
- Be wary of emails or social media messages from strangers, and never click on links or attachments in those messages.
- Think twice before stripping for a conversation with someone – remember, whomever you’re talking to can record and share the video.
- If you are not using your webcam, switch it off if you can, or cover it with something non-transparent such as a plaster. Failing that, point it towards the wall or close the lid if its embedded into your laptop.
- Tell someone if your privacy has been violated or if someone is trying to use stolen images against you – either report it to the authorities yourself or, if you are a child, please do confide in a responsible adult.
Oh, and while you are thinking about security, why not check your Facebook settings – we have 5 tips for making your Facebook account safer.
Webcam images courtesy of Global news.
8 comments on “Webcam spy sends couple photos of previous night’s Netflix snuggle session”
I don’t understand why emphasize the Netflix name (probably the company has nothing to do with the security flaw) and didn’t even mention the names of the PC manufacturer, operating system and anti-virus in use.
Because sitting passively, intimately, and with others for hours in front of your computer is not very common. Netflix makes it more common. Most of the time I’m working, I’m fully clothed and alone. Netflix changes the intimate (and solitary) factor.
Why is not using Linux in the list of security recomendations? 99% of these RAT’s only work on Windows!
And why no info on the OS they were using, or the RAT?
…because 99% of people DON’T use Linux
And that percentage could change with more advocates for it, especially with the blatant privacy issues inherent with Windows 10.
Maybe because Android aside, Linux just isn’t consumer grade, no matter how much we pretend otherwise. When it is, the market will say so by adopting it (like they have Android)
@Sophos you really are scrapping the bottom of the barrel with this scaremonger story.
More #secops less #scareops please!
Well, AFAIK it’s a true story and it’s a handy reminder that some cybercrooks aren’t money-mad ransomware purveyors but instead are pervy stalkers.
Not sure how we’re being scaremongers when we didn’t suggest that this was a common crime, didn’t hype up the threat, gave a few examples just to put the crime in context, and provided a number of general tips about computer-related privacy.