Who are the webcam hackers and what are their interests?
This is a question that comes up often and the answers are many and sometimes obscure.Often thinking about the interests of such actions allows us to determine the potential people behind them, but sometimes it is just one step in a larger plan.Let's take a look at the most known actors in the case of hijacking your computer in order to spy on you via your webcam.
The apprentice pirates: pleasure, voyeurism, private detective.
Yes, hacking can be learned, and young people are particularly fond of it. Succeeding by simple means to get the video stream of the webcam of your classmate only makes them want to do it again on a larger scale.The motivations are voyeurism and the fact quoted in our introductory article is only one example among many others...For others, having access to webcams or home security cameras can be a way to verify the fidelity of one's partner, cases of theft or any other act that would be useful in an investigation or in legal proceedings.
The criminals
In a completely different and more worrying dimension, we find organized crime. These unscrupulous criminals aim for profit, mostly profit. They are what we call "cyber criminals".Their interests? To get as much valuable information as possible, such as e-mail addresses, bank accounts, card numbers, user accounts on secure platforms, social security numbers, crypto-currency accounts and much more.But it can also be simply to have a horde of "botnet", that is, a non-negligible list of computers that they have control of in an invisible way in order to exploit them in various situations: connection gateway to be anonymous, mass connection to a website to make it inaccessible, sending spam, etc...Finally, in the list of interests in compromising computers, we find the use of them to plan malicious actions (information on schedules, view of security cameras, information on personnel, etc...)
State Organizations / Private Security Companies
Sometimes secret, sometimes barely concealed, the security services of the States tend to have the monopoly and the technological lead on cyber-security in order to ensure the defense or the internal security of the country.Recent and older facts show that obviously in order to protect the country (and without entering into this debate), some have chosen to intentionally access our electronic equipment, phones, computers (see the Yahoo case) and this to recover mountains of information that will be exploited and analyzed.No one can ignore the technological competition between the major countries of this world. In this context, attempts to steal important documents, patents, plans, etc. are frequent. Although it is difficult to trace the source of these misdeeds, some of them have surfaced.For example, in 2014 for nearly 7 years, 5 people worked for the Chinese state to "obtain economic secrets or patents related to technologies in the defense sector in order to monitor space, detect and intercept satellite communications." Their methods range from infecting computers with an e-mail, to providing services to these companies. (see the article Cyberattack: when the Chinese army hacks the Western space industry)This impacted in particular American companies but also French, including the space center of Toulouse.But don't be fooled, the States are not the only ones to have recourse to these practices, a good number of private companies have sometimes been put under the spotlights for their collaborations with States in order to have a control on the communications of the whole country (see the Eagle case).This allows political espionage in order to identify threats to the stability of the country. The ethics of this practice depends on the regime of the state that exploits it and how far it is willing to go in violating the privacy of its citizens.
Your company's competitors
Let's imagine that you are a design manager at a car manufacturer. Every morning, you go to work on the progress of your projects, on your designs, to validate X or Y aspect of the next city car, planned to be the future best-seller of your company.Of course, you're not the only one who cares about this product. Beyond your team and your supervisors, there are of course your competitors. To learn more about your projects, some of them will try to access your sensitive information by any means.This is what we call an APT (Advanced Persistent Threat) in computer security.The preferred targets can be project information, schedules, progress, accounting, estimates, documentation, in short, anything that could harm your project or give you an advantage. Of course, access to webcams is a very powerful tool. This type of action is often very elaborate. We will see technically how this is possible in our next article.For example, the auditing firm Deloitte was hacked in September 2017 and had confidential documents stolen (see the Deloitte case).So the players in the hacking business can range from your average neighbor to high-capital companies, and the scope of their activities can be very targeted as well as very broad.