A friend mentioned in a Facebook status update that their spouse was placing tape over the lens of the webcam on their computer, in light of a Guardian report that there were “millions of Yahoo webcam images intercepted by GCHQ [Great Britain’s Government Communications Headquarters]” between 2008 and 2010 as part of a program titled “Optic Nerve” (original story: http://tinyurl.com/pmb4l6j).
In this particular case, the images came from Yahoo’s Messenger product, which doesn’t encrypt the video data exchanged between users. Anyone who can tap into that data stream (say, by placing equipment on one or more Internet service providers) can “grab” the images as they go by. As you might expect, “substantial quantities of sexually explicit communications” were intercepted. But that is much different from someone accessing the webcam on your computer to spy on you. Of course, if you’re going to share sexy webcam time with someone, you should probably check whether the service you’re using encrypts data beforehand. For example, Skype has a FAQ titled “Does Skype use encryption?” And the first sentence of the answer is “All Skype-to-Skype voice, video, file transfers and instant messages are encrypted.” So, if you trust Skype, it would be a better choice than Yahoo! Messenger for those “special” conversations.
Even so, the chances that anyone will see those images and do something nefarious with them are pretty slim, if only because of the tremendous volume of data. Unless you’re a celebrity, there’s not much chance that being in flagrante delicto will be of much consequence.
The important thing to remember about your digital security is this: If you don’t have physical control of your device, everything is up for grabs. If a dedicated hacker has even a few moments alone with your computer, it’s possible for him or her to install malicious software on it. If you or your business has computers where unauthorized people have access to them, you should take steps to remove that access. There are lots of establishments I visit where reaching over the counter would give me quick access to an unattended system.
And it doesn’t have to be a hacker. Suspicious husbands (and wives) have been known to install monitoring software on their spouse’s computer. Public computers at the library or in hotel lobbies can also be infected with software that monitors what you type (so-called “keyloggers”). In the same vein, if you open an email attachment or downloaded file, you may be unintentionally installing malicious software that—yes!—can snoop on you with your webcam.
So, it is possible that your webcam is watching you, but only if your computer is running software that enables it. Software that most likely got there because you didn’t take some basic security precautions. But how can you know what your computer is doing?
There are two parts to this. First, you want to know there isn’t malicious software on your computer. Second, you want to make sure that—whatever software is on your computer—it isn’t communicating with the outside world without your permission. The first task is the job of so-called anti-virus software, and the second is the job of a firewall. You should have both on your computer.
Most businesses will have IT support to look after their computers and network, but it’s never a good idea to blindly assume they have everything in hand. Ask questions. For example, “What happens if someone picks up a USB drive in the parking lot and plugs it into their machine to see what’s on it?” That very strategy has been used to bring malware inside otherwise secure installations. The network isn’t the only way bad stuff can make its way inside your digital walls.
More and more Web-based services understand the importance of encrypting traffic between your computer and their servers. For example, when I type http://www.google.com into my browser, it’s “magically”changed to https://www.google.com. The “s” is for “secure.”
With an “https” connection, whatever I type—a search query for “hot monkey love” or my Gmail password—is encrypted from the time it leaves my computer until it arrives at Google. That’s particularly important if I’m logging in using a public Wi-Fi network, since it’s possible for anyone on the same network (like the shifty looking guy at Starbucks) to see unencrypted traffic. To its credit, Facebook does the same thing, and it’s been a feature of online banking services since day one. In general, if you’re doing any activity you want to be private, you need to start with a secure connection (note that the server on the other end of that connection can expose your data if it isn’t properly secured).
But even with https, if there’s malicious software on your computer, any data you can see or type is up for grabs. Even if you encrypt your entire hard disk, which is good protection if your computer is lost or stolen, data is still unencrypted on your screen and while you type it in, accessible to clever software. You must make sure your device is free of such programs.
So, if you’re just worried about strangers peeking through your webcam, covering the lens with something will work just fine. But if you’re really interested in making sure your entire digital life remains private, you need to look at the bigger picture: physical security, updating software to take advantage of security fixes, monitoring your computer’s network activity and making sure you have an encrypted connection when transmitting and receiving private data.
Security is a process, and there’s always a new wrinkle. The recent NorthBay biz “BEST Of” survey started linking the phrase “Health Care” on the survey form to an advertisement. It turns out that some free browser plug-ins include an advertising module that inserts these links on-the-fly and pays the plug-in owner when people click on ads. Anyone with one of those plug-ins installed would see the link, completely unknown to us. In this case, it was just an unwanted advertising link. But it could have just as easily done something more nefarious. And you wouldn’t be the wiser.
On second thought, put some tape over that webcam.
