
Men who spy on women through their webcams - bretthoerner
http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/
======
tlrobinson
_In June 2012, the FBI arrested Michael "xVisceral" Hogue at his home in
Tucson, Arizona and charged him with selling "malware that allows
cybercriminals to take over and control, remotely, the operations of an
infected computer."_

First of all, I don't condone this behavior, and _using_ such software for
"ratting" should obviously be illegal, but is it really illegal to sell this
type of software (or any malware)?

It seems incredibly dangerous to make software illegal based on it's potential
illegal uses.

I recall a controversy about a "hacking tools" law in Germany a few years ago,
but never in the US. What law would this fall under, if any?

~~~
Confusion
If you sell software with features that could only reasonably used for illegal
activitities, such as sending you the creditcard number someone is entering,
then: a resounding YES! Also if you advertise features for illegal use, even
if they could be used for legal things.

~~~
philhippus
ACME kitchen knives: great for chopping onions and murder sprees.

Yes that is tongue-in-cheek but there is an equivalence here in that the
consumer decides how the product will be used. I do agree that advertising use
for illegal activity should be quashed (does that impinge on free-speech?).

~~~
wuest
> does that impinge on free-speech?

It could be argued that free speech necessarily has limitations. Depending on
where you are in the world, this involves hate speech and incitation to
violence.

I would readily agree that distributing (especially SELLING) tools with the
expressly stated purpose of criminal use should be punishable. That being
said, the same tools are likely useful for legitimate purposes. Heck, I could
see an argument for Back Orifice being useful in that one would really like to
be assured that their network's egress filtering would raise flags when BO
traffic is on the wire. This brings up another important point--these tools
are always useful for people who are writing protection and mitigation against
the tools' methods.

------
swang
I feel like its 1998 and everyone has discovered Back Orifice again.

~~~
Andrenid
I honestly thought this was another one of those "Let's post a 10 year old
article to reminisce" posts...

To be honest, i'm semi-impressed this is still a thing. I assumed it had died
in the late 90s.

It's also scary of course, that these people seem to have antivirus running
and it hasn't stopped it. Seems like a pretty trivial thing to detect?

~~~
xyzzy123
Antivirus is much less effective than most people believe. The problem is that
the AV is "entrenched" and the malware is "mobile"

Malware authors can simply tweak or repack their code until the AV engines
don't detect it anymore.

Getting around behavioral detection is harder, but possible. If malware is
privileged it becomes an arms race of who can hook lowest and who can disable
who.

~~~
jiggy2011
Agreed, I don't bother with AV software for myself anymore the performance
penalty and nagging isn't worth it.

I tend to notice a correlation between people who have problems with
malware/spyware/crapware and people who have AV software installed and it's
the opposite of what you might expect. Perhaps people who install it get a
false sense of security?

AV software tends to be either ineffective in that it doesn't detect a lot of
actual malware or it is constantly generating a lot of false positives which
people just learn to ignore "Tracking cookie detected! Your life is in
danger!".

~~~
S_A_P
I think this is a necessity to justify AV to the masses. They have to find
lots of "threats" to a) keep your average user scared into renewing every year
and b) impress the owner that the application is so thorough. Look at this! it
found all these cookies that could harm me! This software rocks!

------
alphamale99
"Amanda todd", in canada died because of these ratters.

They are rotten people who do this to innocent girls,they bullied her to
death. This same(dark,whatever )service will be used to make these girls
slaves for pornography on cam....it must stop,

its being used by human traffickers, who will threaten her and than make her
real computer slave.

This needs to stop, we are better human race than this.

~~~
bingobingo
<https://en.wikipedia.org/wiki/Suicide_of_Amanda_Todd>

~~~
lttlrck
That just ruined my day.

------
lmm
Am I alone in feeling uncomfortable at the article's consistent use of
"slaves"? This is very different from slavery, and if it's the perpetrators'
term then it seems like buying into their worldview.

~~~
Millennium
The master/slave terminology has a history in technological circles, typically
being used to describe situations where one device is used to control another
device. It actually predates computers; you can find examples in mechanical
and hydraulic machinery going much further back.

As far as that context goes, the term is accurate for what RATs do: the
hacker's "master" device can be used to control what the "slave" machines do.
I assume that this is the context in which these people are using those terms.
But it is, admittedly, somewhat jarring for people unfamiliar with that
context.

~~~
barik
It's true that it has history in technological circles, but the politically
correct wording appears to now be "primary" and "secondary". Interestingly, in
2003:

"Los Angeles officials have asked that manufacturers, suppliers and
contractors stop using the terms "master" and "slave" on computer equipment,
saying such terms are unacceptable and offensive." [1].

[1] <http://www.cnn.com/2003/TECH/ptech/11/26/master.term.reut/>

~~~
solistice
I honestly couldn't doubleminusagree with the political correctness movement
any doubleplusmore.

~~~
roguecoder
"That's treating people with respect gone mad!"

------
satori99
People that do this are evil.

~~~
chrischen
As the article suggests, the people who do this are probably 14 year old boys.

~~~
DrJokepu
By the age of 14 you are supposed to have a developed enough sense of morality
to understand that this is very bad. I don't think this is an acceptable
excuse.

~~~
Confusion
Who are these mythical 14 year old boys that are supposed to have developed
'enough' of a sense of morality? To paraphrase The Virgin Suicides: obviously
Dr., you never were a 14 year old boy.

~~~
DanBC
14 is older than the age of criminal responsibility in many countries.

~~~
flyinRyan
That has nothing to do with anything. Do you think countries are consulting
scientists before making these kinds of decisions?

------
pixl97
These poor guys where born in the wrong countries, here they are poor slobs
forced to illegally install shifty software to watch their 'slaves'. Had they
been born in China, Egypt, or any of the number of countries with strict
internet monitoring they could now be employed by the state monitoring
dissidents. There is still hope for them, if they do good in college the NSA
may still hire them.

~~~
archivator
Really? And why would the NSA be interested in the services of simple
scammers? These are not hackers, crackers or anyone with sophisticated skills.
They're just scamming people into installing what is essentially a pimped-out
VNC server. I bet there even aren't any exploits involved in getting access to
the features that they use, just standard APIs.

All in all, I doubt the NSA (or any TLA) would hire them.

~~~
olefoo
If the DHS gets into cybersecurity, that's about the level of the people they
hire for airport security...

------
sharjeel
Could anyone comment about this issue in mobile devices? On Desktop one can
get suspicious when the LED of the Webcam blinks but on Mobile Phones, the
camera is a completely silent watcher. And it is shocking to imagine how we
carry around our mobile devices everywhere compared to desktops and laptops.

~~~
TazeTSchnitzel
Ooh, and mobile phones have less security-concious users and often no AV
software. Seems like a major oversight.

On that note, Japanese law requires cameraphones sold there to always make a
loud shutter sound upon taking a picture, to prevent voyeurism etc. This is
why the Nintendo 3DS handheld console's shutter sound can't be silenced.

~~~
brndn
Same goes for the camera on the Sprint GS3.

------
strictfp
I'm surprised that the article doesn't mention Netbus, which was out before
BackOrifice.

------
rtb
Breaking news: people do immoral shit on the internet. Luckily you can read
all about it on arstechnica, including lots of voyeuristic photos you can look
at "for research".

~~~
kahawe
Breaking news: people do immoral shit. Regardless of where or when.

------
krichman
Hopefully in the future when all users can install trusted root certificates
and only run software that is signed by a descendent we won't have this
bullshit.

~~~
ewbuoi
That sounds like a good way to kill innovation: make it impossible to
distribute (and possibly develop) software without consent of a CA.

~~~
klodolph
There is a middle ground. OS X default configuration only allows software to
run if it is signed by a developer, unless you right-click on the application
and select "open" through the contextual menu, in which case you are presented
with the option to override it.

I like this, and I am a software developer.

(Windows has something like this too. I don't remember the details.)

~~~
krichman
I hate OS X's implementation. They need to allow third-party CA's.

I don't want to choose between what Apple allows developers to do and "fuck it
let it run free and do whatever it likes". Nor do I want the global choice in
System Preferences to be between developers that paid $100 to Apple this year
and Wild West.

~~~
chrisbolt
What would prevent malware authors from just signing with their own CA?

~~~
krichman
Users shouldn't install self-signed root certs unless they trust that root
with access to all of their computer.

------
throwaway125
The users at hackforums are terribly incompetent. These kids all run their
command and control center on their local computer. The RAT has one (or
several) free dns name(s) embedded and the user keeps updating those with his
home ip to receive connections from them.

How hard would it be to launch an investigation into this ip address once you
find it out? Would filing John Doe lawsuit allow you to do discovery on those
ip addresses? Does _'an ip address is not a person'_ prevent you from further
investigating who the actual person was?

~~~
tomjen3
Not hard at all. Almost certainly. You should be able to get a warrent and
these kids will crack when start talking about juvie at that point an ip
address isn't a person doesn't really matter because a confession is (mostly)
admissible in court.

------
foohbarbaz
The root of the problem here is that 1. A lot (most) people do not have any
security enabled on their PCs (logged in as admin at all times) 2. Majority of
software installs require admin privileges by default.

Of course, the guilty party here is the software developers that are unwilling
to do anything about the status quo. Also the vendors, Microsofts, Apples and
Redhats.

These days it is getting even more common and acceptable to install binary
packages on a system as root and often in unattended manner (OS and package
"updates", pray-and-run RPM installs, etc).

More so, there used to be some hope in this area by Apple, where you would
just copy an app to install, w/o being an admin. Now even Apple is moving to
store apps where every install seems to want an admin.

Linux and Windows people have been always lost in that regard: MSI and
RPM/whatnot have always been unquestioned standard (Linux people, however,
have a choice to not install software as root and build it locally when
necessary).

Until this (admin installs) changes, we are going to have to deal with
malware. Fixing this would not solve all the issues, but would help a lot.

In the meantime, enjoy your PC owned by some teenagers overseas.

~~~
nodata
> Until this (admin installs) changes, we are going to have to deal with
> malware. Fixing this would not solve all the issues, but would help a lot.

This is a hopelessly misguided argument. Could you maybe explain your
reasoning a bit?

The argument _for_ requiring admin rights to install is that the binaries are
not user infectable. Now whether or not this leads to other problems is a
different matter, but I don't see how making binaries user writeable on a box
which receives automatic updates is going to make everything more secure...

~~~
foohbarbaz
The reasoning is simple: if no random third parties ever get full control of
your machine, than most likely the OS is going to stay intact (with the
exception of possible local privilege escalation exploits).

If the OS is intact, the job of checking whether a user environment is
compromised is easy and actually doable (as opposed to the case of trying to
find malware on a compromised OS).

If, in addition, a user account has limited privileges (which it should of
course), then even when compromised the chances of malware being able to do a
lot are a lot less. For instance, turning off a webcam light being a root is
probably easy, otherwise probably not. Setting up a server, listening for
incoming connections and punching a hole in local firewall as root is
available, but as a regular user is not.

Stop giving admin rights to your computer to random people (install software
as an admin) and live much happier. As an additional benefit, there's never a
situation 'I installed this and now computer is messed up, because Joe-the-dev
ran "rm -f " with a wrong path as a parameter'.

~~~
nodata
I don't agree at all: I think that apps should be installed as admin and auto-
updated. I don't follow any of your arguments that installing things as non-
admin are more secure.

~~~
foohbarbaz
It's more secure because you don't have to delegate admin access to random
people to install the software. Any of these "RAT kits", I guarantee you,
requires admin access to the system at one point or another, be it during the
install, by explicitly asking for admin password, or implicitly by using the
fact that most users are logged in as admin.

------
joshaidan
I remember a few years ago the Privacy Commissioner of Canada was going all
out on Google for capturing data from open wifi connections, which Google
promptly deleted. It was a huge story for the Privacy Office, and to me it
felt like the story was being exploited to boost the profile of the Office--
they made it sound like a much bigger deal than it actually was. Now, here is
an issue that I think is a much bigger problem, and has been going on for a
long time with very little word from the Privacy Commissioner.

Why hasn't the Commissioner gone after Microsoft in the same way they went
after Google? This is caused by a fundamental flaw in Microsoft's products,
and I don't think having to purchase and install security software should be
the solution. Fix the software itself.

------
tunaman7787
Good article. I always check my iMac and MacBook LEDs. Can never be too
careful. Sometimes I wonder if the Internet is all Travis Bickles doing pull-
ups and yelling at their monitor in the dark. There are some desperate and
lonely people out there. <http://cnp-keythai.com/speaker-mesh>

------
kayoone
I am sure alot of those infected pcs still run XP, so one could argue that
these type of things go away as the more secure operating systems spread.

Then again, if people continue to execute some shady stuff found on the
internet, the OS doesnt really matter all that much.

~~~
sah2ed
Windows 7 may be more secure than XP but that doesn't make it immune to this
type of infection. The "OS" column in this screen shot[1] from the article has
a number of "Windows 7" victims.

[1] [http://cdn.arstechnica.net/wp-
content/uploads/2013/03/bs1x.j...](http://cdn.arstechnica.net/wp-
content/uploads/2013/03/bs1x.jpg)

------
lollancf37
What's wrong with those bastards ?

------
aw3c2
* People who spy on people through their webcams

The article itself had several images of male humans.

------
gadders
Man, some people are weird.

------
niels_olson
why are all the screenshots of Windows machines?

~~~
orbitingpluto
Aren't most of the screenshots of what you are seeing the script kiddies
computer point of view?

There were only ~3 screenshots that show the victims OS GUI. OSX usage is
what, 8%? .92 _.92_.92 = 78% chance? I hope you're not taking the article as
evidence that you are 'safe' on your choice of OS.

The first time I ever felt that my privacy was violated on a computer I was a
using NeXT slab.

~~~
dfc
I'm not that familiar with NeXT, what are you referring to? SGI's Indycam was
the first time I was exposed to hardware that had privacy designed in.

------
martinced
Which is why I _hate_ laptops on which you cannot physically block the webcam.
Laptops used to have a little slider that could cover the webcam but nowadays
they don't anymore!?

I love my MacBook and MacBook Pro but... I'm putting a little piece of paper
on the webcam "just in case".

Oh and the difference between nowadays and BO in the 90's is that nowadays
virtually _everybody_ who has a laptop has a webcam. That's quite a big
difference.

~~~
davej
The green light next to the webcam will come on when the camera is in use on
MacBooks. It is programmed to come on at the hardware layer so unless somebody
has physical access to your MacBook then it will always come on.

~~~
ilikepi
It's true the light will come on, but that doesn't mean it's impossible to get
away with surreptitious monitoring. Remember the controversy in 2010 in the
Lower Merion School District?

* [http://www.wired.com/threatlevel/2010/02/school-district-hal...](http://www.wired.com/threatlevel/2010/02/school-district-halts-webcam-surveillance/)

* <http://www.pcworld.com/article/190101/article.html>

