Computer Security – Don’t forget the sticky notes

sticky noteOn March 21, Miss Teen USA, Cassidy Wolf, received an alert from Facebook that someone was attempting to change her password. She quickly checked her other online accounts and realized someone had already changed her Twitter, Tumblr and email passwords as well as her Twitter profile picture to a half-nude picture. She soon discovered this someone had hacked her laptop’s webcam.

30 minutes after discovering her altered accounts, she received an email. The person wrote he would give her back all of her accounts and delete pictures if she 1) sent good quality pics on snapchat 2) made a good quality video 3) went on skype and did what he told her for 5 minutes. If she did not, he would post nude pics of her all over the internet. He attached several naked pictures of her taken in her house. It was clear he had spied on her using her own webcam.

Ms. Wolf reported this email to the police. After months of investigation, the FBI tracked down her attacker. He was a 19-year-old computer science major. Ms. Wolf was not his only victim. When arrested, he had hijacked 30-40 computers.

Nate Anderson wrote an excellent article for Ars Technica, Meet the men who spy on women through their webcams, profiling these RAT operators. These men use a type of software called RAT – Remote Administration Tools. Once the software is downloaded to the victims’ computer, the RAT operator can remotely control the computer i.e. “slave”. Once these men take over the computer, they can do anything from harassing their slave to taking inappropriate photos.

These men trick people into downloading their software by attaching it to other files. Many RAT operators post infected files on file-sharing networks and name them after popular songs or movies. Some also use social media. According to Facebook, someone may accidentally download this type of file when trying to watch a “shocking video” from a friend’s status update, visiting a website that claims to offer special features on Facebook or downloading a browser add-on that claims to do something that’s too good to be true. Once downloaded, it is typically undetectable to the user of the computer. 

While apparently easy to do, this type of hacking is also easy to prevent. One of the simplest fixes is to cover the webcam. A sticky note over the webcam works well. If you need to use your webcam for recording or video chatting, simply remove it then stick it back on when not in use.

RAT operators can also look through your files. A sticky note will not prevent a stolen password. Thankfully, most security software and firewalls will prevent these type of attacks. This is a good time for parents to check in to make sure teens are keeping their software up to date. Teen should also be careful when downloading files and stick to well-known sites. To be extra safe, it doesn’t hurt to buy them a package of sticky notes.