
How the FBI found Miss Teen USA’s webcam spy - r0h1n
http://www.wired.co.uk/news/archive/2013-09/30/miss-teen-usa
======
jgrahamc
The question to ask yourself when reading this article is... "Why the hell is
there a Miss Teen USA competition?"

~~~
DanBC
The competitors of Miss Tween, Miss Pre-Teen, and Little Miss America need a
competition to move into?

Child beauty pageants is a reasonable amount of money. $20bn according to WP.
([https://en.wikipedia.org/wiki/Child_beauty_pageant](https://en.wikipedia.org/wiki/Child_beauty_pageant))

~~~
spongle
Even if ethically dubious...

There are far worst things happening in the UK though. It's becoming a career
decision to neglect your children so you can claim special needs status and
therefore disability benefit (and celebrity status on FaceBook amongst peers).

~~~
vdm
Citation needed.

~~~
spongle
[http://en.m.wikipedia.org/wiki/M%C3%BCnchausen_syndrome_by_p...](http://en.m.wikipedia.org/wiki/M%C3%BCnchausen_syndrome_by_proxy)

------
mikegioia
I can't believe this idiot was sending the data back to a .no-ip.org domain.
Aside from the fact that he did some pretty awful stuff to a lot of girls and
deserves to be jailed, how could you be so proficient in web camera hacking,
frequent so many hacking forums, and still not know to send the data back to a
domain that can't be linked DIRECTLY to your home machine?

~~~
dalore
He isn't proficient in web camera hacking. He managed to install someone
else's tool on someone else's computer. He didn't write the RAT I bet. There
isn't much hacking in this story at all, the guy just got lucky that he
managed to get Miss Teen USA's computer.

~~~
JonSkeptic
Seeing how it turned out, I'd say he was rather unlucky that he got Miss Teen
USA's computer.

Little bastard could use some jail time.

~~~
FireBeyond
Admittedly, this article changed my understanding - for better or worse I
confess my first thoughts in hearing all this was that it was someone she was
"sexting" with, he discovered the competition aspect, blackmailed... and the
whole "webcam hacked" was the excuse.

------
chiph
Why are the camera lights controlled by software? I would rather they come on
when the camera gets powered up, ie. controlled by hardware.

~~~
jgrahamc
I would like that too, but my solution is to not trust the camera and have a
sticker over it which I can remove when I want.

There work well because they have a sticky portion and a part that has no
adhesive: [http://www.post-
it.com/wps/portal/3M/en_US/Post_It/Global/Pr...](http://www.post-
it.com/wps/portal/3M/en_US/Post_It/Global/Products/Product-Catalog/~/Post-it-
Flags-Value-Pack-Primary-Colors-1-in-and-1-2-in-wide-240-Pk-
BONUS?N=4327+3294647218&rt=rud)

The view from my camera with the sticker on is:
[http://i.imgur.com/y0OKxqO.jpg](http://i.imgur.com/y0OKxqO.jpg)

~~~
euroclydon
My solution is to be a moderately unattractive male with facial hair, lead a
boring life, and keep my clothes on when in front of my computer (although the
later is probably a mitigating factor).

~~~
jarman
Does being overweight male with excessive facial and body hair, wearing
nothing but underpants counts as black ICE?

------
r4pha
Nothing technically relevant here. Just your regular not-so-clever asshole
behind a computer.

------
jcromartie
It's interesting to note that at least one school system itself has
surreptitiously installed this kind of thing on laptops given to students,
with the express purpose of monitoring them at home. A student was punished
for behavior at home which was only detected by the secret image capture
software installed.

So why don't all embedded cameras have hardware indicator lights that can't be
disabled?

~~~
pilom
Didn't that student sue his school and get a settlement for a whole lot of
money? I know that doesn't mean there aren't more of these cases but its still
illegal.

------
Nursie
It's hard to describe the contempt I feel for ratters. I hope the guy gets a
nice long jail sentence.

~~~
DanBC
Coercing an under 18 year old (and knowing she was under 18) into providing
nude photographs against her will should be prison time.

It's cases like this - where people are rightly disgusted and horrified - that
make other cases seem really baffling.

([http://www.wired.com/threatlevel/2011/06/webcam-scandal-
resu...](http://www.wired.com/threatlevel/2011/06/webcam-scandal-resurfaces/))

> A suburban Philadelphia school district embroiled in a webcam spy scandal
> was hit Tuesday with new allegations that a student-issued laptop secretly
> recorded more than 8,000 images.

> The latest accusations, which were said to occur during a six-month period
> ending September 2008, has left the high school student “shocked, humiliated
> and severely emotionally distressed,” (.pdf) according to a federal
> invasion-of-privacy lawsuit, which seeks unspecified monetary damages.

> As part of an FBI investigation and a lawsuit brought by a different
> student, a judge had contacted the boy’s parents informing him of the
> breach, and invited them to view the pictures. The youth’s parents were
> shown 4,404 webcam photographs and 3,978 screenshots captured with the Lower
> Merion School District–issued MacBook.

Who the hell thought that could ever possibly be a good idea?

~~~
jcromartie
School districts have an enormous sense of entitlement. These are the same
people who put zero tolerance disciplinary policies in place.

------
Ecio78
Two considerations: 1) a real genius, using VPN for sending email and then
using his own IP for remote back connection from the infected clients 2) why
FBI went to FB to search for his name and check who he is, when they could use
the dyn-dns logs (or even just do a lookup on the current-at-that-time IP) and
ask his ISP who was using that IP address?

~~~
k-mcgrady
Would the FBI need a warrant to get that info from the ISP? If so that's
probably why they went the FB route.

~~~
Ecio78
Don't they need the same for historical dyn-dns logs and account owner
details? And same for warrant for searching his home?

------
sequoia
My take away from this article is _teach your children about digital security_
and always keep webcams covered or hardware disabled.* There will always be
people willing to do this and it will probably continue to be technically
feasible for the foreseeable future (if not "as long as we continue using
computers) so preventing it at the demand side isn't realistic.

Children/teens are apparently being digitally raped (I think this is a
reasonable description of blackmailing/coercing a teen into doing "what I tell
you" over webcam)... it baffles me that we place so low a value on the sort of
computer literacy that could prevent this. Hopefully cases like this will
cause enough outrage to give hardware producers the kick int he ass they need
to fix this issue & alert parents & others to this issue.

* Why the hell don't cameras & mics have hardware switches to turn them off?? Wifi hardware switches are common on laptops now, why doesn't this _basic_ defense covering an obvious, proven attack vector exist??

------
dpweb
all these guys thinking connecting to a no logging proxy will protect them.
logs show kid connected to vpn and show vpn connected to victim. another evil
genius not so genius.

~~~
pyre
The no-logging VPN was a dead-ended according to the article. His 'sin' was
that all of the RATs were connecting back to him directly (via the no-ip
dynamic DNS).

~~~
njharman
Malware was connecting back to an ip, at a household with multiple people.
It's hard to arrest an ip. The logs at his university confirmed that __he
__and not anyone else at his household connected to VPN.

~~~
pyre
Once they had it traced to his household, it was pretty much game over though.
Even if they didn't have technical means to determine which family member was
using it, I'm sure they could find others.

Using just the information that he used VPN Product A, and the extortionist
used VPN Product A doesn't mean anything without other information, and they
wouldn't have even found the information that _he_ connected to VPN Product A
without having a reason to look into him specifically (vs. any other customer
of VPN Product A).

------
StavrosK
Doesn't this count as possession/production of child pornography, under
current laws?

------
ianstallings
Summary: _Well, he was an idiot._

------
od2m
This was the easiest way this guy could figure out to see naked women on the
internet.

------
BoxTop
What VPN provider this he use?

