"Some criminals have learned how to spy on Americans, hacking into our home computers and looking out through the video camera attached to the screen."
Sheldon Whitehouse on Thursday, June 16th, 2011 in a speech in the U.S. Senate
Sen. Whitehouse says criminals can hack into home computers and spy on victims through video cameras
Alarmed by reports of computers being hacked in the United States, including at major corporations, U.S. Sen. Sheldon Whitehouse took to the Senate floor in June to call for a heightened campaign against cyber-crime.
The country’s increasing dependence on the Internet, he said, "allows criminals, terrorists and hostile nations to exploit cyberspace to attack America, to invade our privacy, to loot our intellectual property and to expose America’s core critical infrastructure to cybersabotage."
Whitehouse, a Democrat, went on to say, "Some criminals have learned how to spy on Americans, hacking into our home computers and looking out through the video camera attached to the screen."
We nervously glanced at our webcam, wondering if anyone was watching, and just to be safe covered our mouth when we asked, "Is that true?"
Then we reached out to several technology experts to ask whether hackers can seize control of our home computers and secretly keep a digital eye on us.
"Yes, it’s absolutely possible to do," said David Sherry, chief information security officer for Brown University and former vice president of information security for Citizens Financial Group. "It’s actually quite easy to do. It’s really nothing new."
The know-how has been around since 1998, said Sherry, ever since a group of hackers calling itself the Cult of the Dead Cow designed software that, once downloaded, could be used to control a computer remotely. With the proliferation of webcam-equipped laptops, the potential pool of voyeur victims has swelled immensely, he said.
Adam Wosotowsky, a principal engineer at McAfee, a company that sells anti-virus and anti-malware products, agreed. Home computer users can be victimized by hackers who deploy software to exploit unprotected machines, he said.
"So if they have a webcam, then you can take advantage of it," said Wosotowsky.
How is it done? Typically, when computer operators click on a file, link or pop-up window created by a hacker, they could inadvertently install malicious software on their hard drives. That opens the door for hackers to control victims’ computers remotely.
Just because something is possible doesn’t mean people are actually doing it. So we searched for examples of webcam wrongdoing.
We learned of several cases.
An Ohio man who was a registered sexual offender reportedly got 25 years in prison in 2007 for charges that included hacking into minors’ webcams and secretly watching and recording them in their homes, according to InformationWeek.
A disturbing case took place in Texas in 2004. While instant messaging with a friend, a 15-year-old girl suddenly realized that her words weren’t her own. They were vulgar and clearly the work of a hacker. It became clear that the hacker was manipulating her webcam too when he sent a message complimenting her shirt. [He apparently was using the microphone too since he sent messages quoting things that had been said aloud in her home.]
The FBI informed us of a 2010 case in California in which a 31-year-old man posed on a social networking site as a friend of teenage girls. By persuading them to download a song, he infected their computers.
Soon, he could stealthily search hard drives of hundreds of computers for explicit photos and videos. When he found such material, he demanded his victims send more explicit material or he would expose them. He also was "occasionally successful" controlling webcams to catch his victims in intimate situations.
Eric Strom, unit chief within the FBI’s cyberdivision, said that while the technology exists to manipulate people’s webcams, that’s not what most criminals are interested in. For instance, the same man who victimized the California girl also used a "keylogger" program to monitor keystrokes and steal credit card numbers and other personal information, he said.
"They are looking for financial gain," said Strom.
Still, he said he’s noticed in airports more people "taping up their webcams." That’s a simple step experts recommend to prevent webcam spying, as well as placing objects in front of the camera. If the webcam light comes on when you’re not using it, that’s a telltale sign it’s being operated remotely, they say.
Sherry, at Brown University, recommends updating operating systems, keeping firewalls turned on and maintaining antivirus protection that also fights malware and spyware. If you rely on wireless connections to the Internet, he said, ensure that security settings are at the highest level and, when using unprotected public wireless sites, do not conduct sensitive transactions. Also, avoid clicking on anything suspicious.
"This is something that can easily be prevented," he said.
So let’s return to the senator’s claim that hackers are spying on people through their webcams.
The experts say that the technology is readily available for hackers to seize control of home computers, including webcams. And while such cases are seemingly rare, law enforcement officials have arrested people in cases that involved webcam hacking to "spy on Americans," the phrase Whitehouse used.
Before we issue our ruling, rest assured of one thing: No one has ever hacked the Truth-O-Meter. We rate this claim True.
(Get updates from PolitiFactRI on Twitter. To comment or offer your ruling, visit us on our PolitiFact Rhode Island Facebook page.)
Published: Sunday, July 17th, 2011 at 12:01 a.m.
YouTube.com, Sheldon Whitehouse speech on the floor of the U.S. Senate, June 16, 2011.
InformationWeek, "Ohio man gets 25 years for hacking into webcams," July 12, 2007.
Slate.com, "I see you typing," accessed June 22, 2010.
PCWorld.com, "Botnet spammer’s sentence: 18 months," Nov. 28, 2010.
FBI, "Orange County man suspected of hacking computers," accessed July 6, 2011.
Click2Houston.com, "Hacker uses webcam to spy on family," acessed May 19, 2004.
Interview, David Sherry, chief information security officer for Brown University, July 6, 2011.
Email, Adam Wosotowsky, principal engineer at McAfee Labs, sent June 29, 2011.
We want to hear your suggestions and comments. Email the Rhode Island Truth-O-Meter with feedback and with claims you'd like to see checked. If you send us a comment, we'll assume you don't mind us publishing it unless you tell us otherwise.