From...

September 23, 1999
Web posted at: 10:17 a.m. EDT (1417 GMT)

by Deborah Radcliff

(IDG) -- If you're finding user-installed cameras and/or microphones on Windows NT machines in your enterprise, be afraid. For the past four months, U.S. Army special agents have been showing their commanding officers how to turn microphones and cameras into remote spying devices.

"We run this in the lab here all the time. You can hear the guys talking [from another room], but they have no idea you're listening to them," said Jeff Hormann, special agent in charge of the Computer Crime Resident Agency, U.S. Army Criminal Investigation Command, Fort Belvoir, Va.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Computerworld's home page
Is the Back Orifice door really shut?
How to protect your online privacy
Download security utilities from FileWorld
Reviews & in-depth info at IDG.net
IDG.net's personal news page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for IT leaders
Search IDG.net in 12 languages
News Radio
	Computerworld Minute
	Fusion audio primers

The attack is delivered to the victim as a Trojan horse -- a hostile applet carrying executable code -- via an e-mail attachment. Once the attachment is opened, the attacker, using ports 12345 and 12346 on the desktop, or via HTTP Web protocol and file transfer protocol connections, can load a remote administration tool and order the Trojan horse to turn on the video and/or audio of the targeted machine.

By exploiting remote administration tools such as NetBus and Back Orifice, both of which the Army has proved can be used, the attacker can hijack desktop camera and microphone applications and then direct image and voice transmissions to the attacker's PC.

Because user-installed cameras and microphones usually don't have indicator lights, the victim is completely unaware of any eavesdropping, according to Hormann and others. And no desktop image, except maybe a small tool bar icon, will appear on the victim's computer to indicate that the audio and video capture are on, he adds.

Worse, said Powell Hamilton, manager of technology risk services at PricewaterhouseCoopers in Los Angeles, attackers can use the same tactics to hijack an online meeting session conducted through systems like Microsoft Corp.'s NetMeeting and grab shared whiteboard information.

One comforting fact, Hamilton said, is that microphones and cameras have yet to proliferate across the enterprise because image, voice and videoconferencing technologies are still rough around the edges. And, he adds, fear of remote spying and information breaches will probably continue to stall widespread adoption.

There's a warning that bears repeating: Keep virus- and intrusion-detection tools up-to-date. Symantec Corp.'s Norton AntiVirus, for example, recognizes when NetBus 1.6 and 2.0 and Back Orifice and Back Orifice 2000 are running on a desktop.

But hackers now possess compiling tools to change the attack signatures, making it more difficult for packaged applications to catch these attacks. In addition, Hamilton said, nearly 40 percent of the client sites he has reviewed don't have virus protection, and 90 percent don't use intrusion detection software.

Given the voyeuristic ways of hackers and rising concern over electronically committed corporate espionage, now is a good time to take inventory of your organization's microphones and cameras. If users have deployed these devices, teach them to manually cap cameras and unplug microphones when not in use. And if your organization is moving toward adoption of voice and video technologies, pay for higher-end microphones and cameras with indicator lights.