Former NSA Hacker Releases Tools To Thwart Webcam Spies

Lately, people like Mark Zuckerberg and even the director of the FBI have been advising people to put tape over their webcam. Those of you without tape can use a tool that lets you do it with software. Like this one

Further Reading

Hardcore Spying for Profit: The SilverPush Framework

What’s a Little Spying Between Friends?

Webcam Spying

Remotely hacking peoples’ computers has a long history. A favorite past time for male hackers is to hack into the computers of women to spy on them. In an article by Ars Technica, they warn that Remote Administration Tools (RAT) are the tools of the trade. Once a hacker gets a victim to install the tool, or force it on their computer with a virus, they can do anything.

In one example, a woman who had a RAT on her laptop watched as a hacker remotely controlled her laptop. He did pranks like hiding the Windows Start button, opened the DVD drive, displayed porn in the browser, and more. Other hackers record videos and pictures of women undressing, then posting the media to online forums.


Image credit: Ars Technica

One of these, called Hack Forums, hosts many such pictures. It has about 23 million posts. One poster said, “Man I feel dirty looking at these pics.” He talked about a post with 134+ pages filled with images of women in their private homes.

“Poor people think they are alone in their private homes, but have no idea they are the laughing stock on HackForums…it would be funny if one of these slaves venture into learning how to hack and comes across this thread.”

It’s highly unlikely that the victims would see the humor in being hacked and referred to as “girl slaves.” And this is just the tip of the iceberg. Women who have been “ratted” often report feeling paranoia (obviously!), especially if the spying turns to blackmail. A hacker named Luis Mijangos targeted woman and called himself a “sextortionist.”

Cult of the Dead Cow

A group called Cult of the Dead Cow released a RAT tool years ago. They named it BackOrifice and presented it at the 1998 DEFCON conference. The original author of the tool, Sir Dystic, called BackOrifice a tool for “remote tech support aid and employee monitoring and administering [of a Windows network].”

In a press release by the Cult of the Dead Cow, they said that the tool was meant to “expose Microsoft’s Swiss cheese approach to security.” The tool could do things like:

  • Logging keystrokes
  • Restarting the target machine
  • Transferring files between computers
  • Taking screenshots

These days, dozens of RATs exist, with names like DarkComet and BlackShades. Hackers can install them on dozens or even hundreds of computers at once. Sometimes antivirus software can detect and remove the tool, but hackers retaliated with “crypters” that obfuscate the source code. The holy grail is for a RAT to be “FUD” or fully undetectable.

To be fair to the legitimate hacker community, calling these people hackers is disingenuous. Hackers refer to them as “script kiddie“; people who “hack” by downloading easy-to-use tools that others create. Often script kiddies have little to no technical knowledge.


Several years ago, in a webcam spying case on Miss Teen USA Cassidy Wolf, one of her high school classmates installed a surveillance tool on her laptop. He spied on her and other women through their webcam. But Wolf said that she had no idea that it happened because her webcam light didn’t turn on.

Most laptops with a built-in webcam have a privacy feature: a light that comes on every time the camera is in use. But it seems that there is a way around this, although at the time no one thought it possible. Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, told The Washington Post that it is indeed possible and the FBI had been pulling it off for years.

And in a paper called “iSeeYou: Disabling the MacBook Webcam Indicator LED,” researchers discussed how they were able to activate a MacBook’s webcam without the light turning on. They reprogrammed the iSight camera’s micro-controller. This let the camera and light activate independently from each other.

Image credit: The Washington Post

Image credit: The Washington Post


Fortunately, there are ways to protect yourself aside from taping your webcam. Patrick Wardle, a former NSA employee who is now the director of research at Synack, has security tools. Wardle says that tape only goes so far because it doesn’t prevent a hacker from recording your conversations.

“These are the kind of things that as an attacker you would want to record anyways, because otherwise I’m just sitting at my desk petting my dog.”

On MacBooks, a green light turns on when the webcam activates, but there isn’t light for the microphone. Wardle’s tool – Oversight – monitors webcam andf microphone usage. When an app access one or the other, Oversight notifies the user who then decides to allow or block the usage.

Image credit: Objective-See

ef Image credit: Objective-See

If a person has malware on their computer that activates only when you turn on the webcam/mic, Oversight gives you two notifications: one for when FaceTime, Skype or a similar app opens, and one for when the malware turns on.

So far there hasn’t been malware in the wild that covertly piggybacks on webcam/mic usage like this, but Wardle made a proof-of-concept malware just to test Oversight. The fact that a former NSA employee has made these tools makes some of us uncomfortable enough to use duct tape or something  else like iSight Disabler. It’s an AppleScript that disables the MacBook webcam whenever you want, but it doesn’t disable the microphone.