Who are webcam hackers and what are their interests?
This is a question that arises often and there are many answers which are sometimes obscure.
Reflecting on the goals of such actions often allows us to determine the potential people at the source but sometimes their actions are just one step of a larger plan.
Let’s review the most well known culprits when it comes to hijacking your computer to spy on you via your webcam.
Ammateur hackers: fun, voyeurism, private detectives
Yes, people learn how to hack, and younger generations are particularly interested in it. Succeeding in simple ways to capture the webcam video stream of a classmate’s webcam only invokes their desire to try again on a larger scale.
The motivation here is voyeurism and the case mentioned in our introductory article is just one example among many others…
For others, having access to webcams or home security cameras can be a means of monitoring the loyalty of one's partner, planning a robbery, or capturing any other event that would be helpful in an investigation or in legal proceedings.
On a whole other much more worrying level, we have organised crime. These unscrupulous criminals aim mostly for profit. They are what are called "cyber-criminals".
Their goal? To obtain your most valuable information such as email account logins, bank account details, credit card numbers, user accounts for secure platforms, social security numbers, cryptocurrency wallets and much more.
But this may also be simply to have at their disposal a "botnet" horde, that is to say, a significant array of computers that they have undetected control over in order to exploit them in various contexts: using them as a connection gateway for anonymity, mass connection to a website to make it inaccessible, sending spam, etc...
Finally in the list of reasons to compromise computers, we find the use case of planning malicious activities (scheduling information, viewing security cameras, staff information, etc...)
State Organisations / Private security companies
Sometimes secret, and at other times barely concealed, state security services tend to have the monopoly and the technological lead on cyber-security in order to ensure the defence and/or internal security of the state.
Recent as well as older studies demonstrate that, obviously in order to protect the state (without going into this debate), some state governments have chosen to deliberately access our electronic devices, telephones, computers (see the Yahoo case) and from this capture mountains of data to be exploited and analysed.
No one can ignore the technological competition of the world’s great countries. In this context, there are frequent attempts to steal important documents, patents, plans, etc... Although it’s difficult to trace the source of such misconduct, some information has surfaced.
For example, in 2014, for nearly 7 years, 5 people worked for the Chinese state to "obtain economic secrets or patents related to defence technologies in order to monitor space, and detect and intercept satellite communications". Their methods range from infecting computers via email, to providing services inside these companies. (See the article Chinese military hackers target space industry: study)
This has especially impacted American companies, and also French companies, notably the Toulouse Space Centre.
But don’t be fooled, state governments are not the only ones involved in these activities, many private companies have been put under the spotlight for collaborating with state organisations in order to implement controls over communications passing through the country (see the Amesys case).
Notably this allows political espionage to identify threats to the state's stability. The ethics of this practice therefore depend on state governments that exploit it and how far they are willing to go in violating the privacy of their citizens.
Imagine that you are a design lead for an automobile manufacturer. Every morning, you make the commute to advance the progress of your projects, your designs, to evaluate X or Y aspect of the next automobile model, which is expected to be the company’s next bestselling product.
Obviously you aren’t the only one that cares about this product. Beyond your team and your superiors, there are of course your competitors. To learn more about your projects some will attempt to access your confidential information by any means necessary.
In computer security terminology this is known as an APT (Advanced Persistent Threat) .
Prime targets can be information regarding projects, schedules, advancements, financials, specifications, or documentation. In short, anything that could make it possible to undermine your project or exploit it. Certainly, access to webcams is proving to be a very powerful instrument. This type of activity is often very elaborate. We will see that it is technically possible in our next article.
For example, the professional services firm Deloitte was hacked in September 2017 and confidential documents were stolen (see the Deloitte case).
Those active in the domain of hacking can therefore be anyone ranging from your simple neighbor, to companies with high capital and the extent of their activities can be very focused as well as very broad. In the next article we will explain the processes of these various attacks.