Remote Administration Tools, or simply RAT, are extensive packages that can give experienced users complete control over targeted machines, without going through much hassle. Once infected, the attacker can freely and silently access private data, initiate transfers, record keystrokes, find out passwords, restart the computer and even open the CD/DVD tray. Amongst these “advantages”, remote control of one’s webcam is included.
How can a Webcam be Used for Spying?
As Ars explains, RAT tools firs appeared in 1998 at a white-hat hacker meeting, where Sir Dystic developed BackOrrifice, a primitive tool which could hack a computer and allow the master to log keystrokes, execute simple file transfers and restart the machine. As time passed, both hackers and security experts grew smarter and new tools breached the market, even though anti-malware tools should have blocked them. At the moment, depending on the strength of the RAT server used and the cunningness of the attacker, computers can be detected without leaving any kind of trace, thanks to fully undetectable software (FUD). What’s even more threatening is that hackers are truly needed to develop the software, but even a 14-year old kid can use it to infect a target. All that needs to be done is to send someone a file, which once double-clicked, will deploy the malicious component inside the operating system. As some explain, this is usually done through torrent websites, social media services (Facebook especially) and other regular places, where hundreds of people gather and communicate. From this point on, attackers can pretty much access everything on the computer, using a rather easy-to-manipulate software panel. As you may well suspected, the most “fun” can be obtained by tapping the victims’ camera and spying it, without their knowledge.
RAT’s biggest weakness
Well, if we were to be conscious only for the webcam spying part, where attackers use the laptop’s eye to see what the victim does on a daily basis, there is a simple concept implemented in webcams that proves to be quite the guardian: a beacon light. Usually, whenever the laptop camera becomes active, a green light activates, letting the user known that the unit is running and someone is watching. Unfortunately, there are ways to bypass even this. Mostly because there is a huge community of attackers helping each other online, entire threads are dedicated to teaching others how to overcome the webcam light disadvantage. One of them is to compile a list of laptop models which simply do not have such a light, and pay extra attention to infect only victims that have devices included in that list. Another tactic is to trick the victim into believing that the webcam light has reasons to be glowing, which is usually done by displaying a fake computer message and warning the user that the camera software is currently updating (as attackers claim, this works surprisingly well). Fortunately, something to disable laptop lights has yet to be developed.
Prevent being hacked – be SMART
In order to spare yourself from such a misery, and avoid being spied and posted online, where thousands laugh at your misfortune, there are a couple of common-sense tactics which should not be ignored:
Maintain protection – at all times, make sure you have a good anti-malware solution, and even more if possible. While anti-virus software and tools that detect malicious codes can see if something bad was installed without your will, an extra layer of detection can be added with a good firewall. Update the OS – taking care of the operating system and maintaining Windows updated, at all times, will ensure the latest bugs fixes are received and security holes are patched. Mind the plugins – in a fashion similar to Windows, several plugins like Flash and Java can also be victims, and easy-to-use portals towards your computer. To ensure safety, keep them updated as well. Have a light – before buying a webcam, or a laptop in full, make sure that it has a webcam light to warn you when something tricky happens. Be cautious – don’t click on any suspicious content, do not download dodgy email attachments and certainly don’t run any executable received from untrusted sources. Even more, try keeping torrent downloading at a minimum, and always do so from trusted sources, that require an account and have staff to supervise content.
While most of the victims encountered online were running Microsoft’s Windows on their machines, these range of tools can do equal damage on Mac OS X, as well.