FBI Director James Comey gave a speech at Kenyon College in Ohio last week, making his case that “absolute privacy” has never existed in America – until now, when encryption by default creates spaces where law enforcement can not go, even with a court order.
Comey has made this kind of speech many times before, saying encryption in everyday products has tilted the balance between privacy and security too far in favor of privacy.
But during a question and answer session with students after his speech, Comey said something unexpected that caught the attention of privacy activists.
Comey commented that he puts a “piece of tape” over the webcam on his personal laptop.
That’s probably a good idea for someone as high-profile as Comey, as spies and hackers have made a habit of going after government officials and hacking their personal accounts.
Hackers can use malicious software called a remote access trojan (RAT) to take over your computer, record your conversations, or even turn on your webcam to spy on you.
RATs are perfect for surveillance, which is probably why the FBI has used similar malware to infect the computers of suspects in criminal investigations, court records have shown.
Comey’s admission about putting tape over his webcam got the immediate attention of a privacy activist who pointed out the irony of his statement.
Christopher Soghoian, a senior technologist and policy analyst with the ACLU, tweeted that Comey had created a “warrant-proof webcam,” and jabbed Comey with tweets saying “patriots don’t cover their webcams” and “anti lawful surveillance of webcam tech” (tape) is widely available.
Comey made his comment about taping over his webcam in response to a student’s question about panopticism – pervasive surveillance – and what effect it has when people become aware that “other people are listening.”
On balance, Comey said, public awareness of surveillance since the Snowden revelations is “a good thing,” because it should make people realize they have “a decision to make” about how the government balances security and privacy:
I don’t think it should freak you out. I think you should demand the details, demand to know how the government conducts surveillance, how they’re overseen, how they’re constrained, demand to know how these devices work, demand to know whether it is true.
I saw someone do this so I copied it … I put a piece of tape – I have a laptop, a personal laptop – I put a piece of tape over the camera because I saw somebody smarter than I am had a piece of tape over their camera.
And so I think you should channel it into a healthy awareness, a demand for information, and engagement – especially young people.
You can hear the question and answer in a Livestream video at around the 1:24 mark.
Comey’s comments on surveillance and privacy come just a few weeks after a stand-off between Apple and the FBI over a dead terrorist’s locked iPhone, when a court ordered Apple to create a backdoor to help the FBI get around the iPhone’s passcode and encryption.
These legal issues should be addressed by Congress and the courts, Comey says – although as technology changes, the laws will need to change to keep up.
The conversation about privacy, security and surveillance in our society needs to keep going, too.
What you can do to stop RATs
One high profile case that put the spotlight on RATs was that of Miss Teen USA Cassidy Wolf, who was blackmailed by a criminal who used the RAT known as “Blackshades” to take nude pictures of her through her webcam.
The FBI has a good description of what Blackshades in particular can do, which is a lot more than just taking control of your webcam:
[Blackshades RAT] allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer for ransom; and use the computer in distributed denial of service (DDoS) attacks.
Here are some simple tips you can use to defend against RATs and other malware that someone could use to spy on you:
- Cover your webcam when you’re not using it with something non-transparent like tape, or point it towards the wall. If your webcam is embedded in your laptop, close the lid when not using your laptop or cover the camera with a webcam cover (like these cool ones available in The Sophos Store!).
- Patch your OS (Windows, OS X) and applications (web browser, email and messaging client, etc.) as soon as security updates are available.
- Malware often arrives in emails, so be wary of links and attachments in emails or social media messages from strangers. Even messages that appear to come from people you know could be faked by crooked hackers.
- Keep your computer safe from RATs and other types of malware by installing security software and keeping it up to date.
Image of webcam courtesy of Shutterstock.com.
19 comments on “Why the FBI director puts tape over his webcam – and you should too”
The camera can be disabled with tape, but it’s not so easy to disable the microphone. I wish device manufacturers would make it easier to disable these things in a way that software cannot override.
That would need to be a physical switch or you pull out the built-in mic. Switches are 1 more thing to put in mobile devices while they try to keep the product as small as possible.
For your desktop camera, check out the FujiFilm FinePix 4800Zoom and the 6800Zoom. They have an automatic lens cover for when it is not required. If some remote hacker succeeds in activating it, you soon know about it when the lens motor opens the cover and extends the lens, giving the hacker a fine view of the backside of your speakers where you leave it when you don’t need it.
I’ve also seen other agents do the same. Notably Agent Fox Mulder.
Ever since my first laptop with built in camera (way before any leaked data showed there was potentially a problem) I have placed a small peace of post it note over the camera. All my friends and collogues thought I was mad, but they all do it now!
While I’ve seen some hardware hackers prove it’s possible to override the indicator light, I haven’t seen any detail in the recent breaches as to if it had been disabled in those cases or not. I’m guessing not, because it isn’t trivial to do, but I do then wonder how people didn’t notice that and immediately suspect something.
Also, as anonymous says (the commenter above, not the hacker collective), it’s easy to disable the camera, perhaps not so easy when it comes to the mic.
I think the deal is this: some webcam LEDs light up with the camera and aren’t independent of it, and other webcams have LEDs that can be controlled separately. I have no idea how you tell reliably which sort you have 🙂
Thanks. Not to say that it would be foolproof, but I’m guessing one strategy for camera makers could be to electrically tie the operation of the LED to the camera being on. When it’s receiving power and has the ability to capture video, the light should be on. No doubt it’s likely cheaper to remove all the expensive computer control logic around it anyway.
What about phones on the Internet? Cameras on the phone?
Duct tape can easily be cut to size 🙂
I have always disabled the camera by removing it’s drivers & so to the mic . My mic doesn’t have a driver , nor do my speakers work . I use an external sound card . My other portable laptop , I cover the camera & mic with rubber gasket tape . It comes in white & black & soundwaves do not travel so easy through gasket tape .
I never cover my webcam. In matter of fact, I am as hairy as Oleg on the Two Broke Girls sitcom – I sit naked in front of my laptop in all my Orangutan glory. If hackers what to get a good look at that, if the WORLD wants a good look at that … why should I deny them. LOL I pass gas periodically, sometime loud enough to scare the cat, so it’s okay if they want to hear that too.
I think Sophos should give us all a webcam cover!
Give my webcam cover to B.T.
Best Comment Of The Day Award goes to Jim!
It also protects you from accusations stemming from your own carelessness. I once moved a Professor’s webcam that he’d carelessly put down in an unfortunate position. He insisted it was unintentional, and I’m inclined to believe him, but had I been wearing a skirt, it would have looked right up it.
Don’t laugh, I graduated in Scotland.
I buy a packet of assorted Bandaids. There are a number of miniature Bandaids in a rectangular shape which fit over the iPad selflie camera beautifully. If you ensure the padded section is centred over the camera this works really well, and, can be taken off at the drop of a hat.
I experimented and took a photo of myself and all it shows is the flesh coloured weave of the Bandaid. Too Easy!
My ten year old granddaughter asked about the presence of the bandaid. I explained hoping this would be helpful. She was upset at the thought that I couldn’t take a selfie!!
Very well written.
Pen-test your own devices, how many ports are open and services are they running? Any of these openings could be used to gain a foothold on your devices. including webcams.