Sunday, 18 July 2010

Webcam privacy & trojans - man suspected of peeking at schoolgirls

Previously a US school was caught spying on students via webcams on school-supplied laptops, but now a German man is being questioned on suspicion of planting a Trojan to switch on webcams on the computers of over 150 schoolgirls.

The Deutsche Weller news article says "It is now believed the hacker broke into one of the girl's accounts on the ICQ chat application and sent the virus to new targets he found on the girl's contact list."

The situation was discovered by data protection advocate Thomas Floss, who helps raise awareness of safer internet practices in schools, when some girls went to him after a presentation to tell him their webcams lit up of their own accord.

Police used the man's IP address to track him to his home - so an IP address was certainly very much "personal data" on this occasion!

While all this has, rightly, further raised awareness of the risks of webcams and other electronic devices being taken over remotely, and the importance of educating users, especially children, about internet security, it has also, rather less rightly, prompted a call by a Association of German Detectives spokesman for the mandatory identification of all web surfers and "the introduction of a 'reset button for the Internet' that would allow the German chancellor to remove Germany from the Internet in the case of an emergency." Shades of proposed legislation in the USA claimed to give the President a kill switch for the internet (or, as I'd like to call it, a "Kill Bill", with apologies to movie fans…) - on which see the further analyses in Wired and (quite detailed) in TPM.

Back to the webcam situation, the Deutsche Weller article quotes a riposte to the "reset button" suggestion, made by Constanze Kurz of German hacker association Chaos Computer Club who stressed the importance of internet anonymity: "Put a sticker over the lens".

Of course, everyone should always use a firewall, keep regularly updating malware and virus checkers, and regularly scan their computers for malware. But as anti-malware makers are usually playing catchup with the bad guys, physically covering the lens of web-enabled cameras when not in use really isn't such a bad idea.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.