ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Your PC may be tapped

September 23, 1999
Web posted at: 10:17 a.m. EDT (1417 GMT)

by Deborah Radcliff

(IDG) -- If you're finding user-installed cameras and/or microphones on Windows NT machines in your enterprise, be afraid. For the past four months, U.S. Army special agents have been showing their commanding officers how to turn microphones and cameras into remote spying devices.

"We run this in the lab here all the time. You can hear the guys talking [from another room], but they have no idea you're listening to them," said Jeff Hormann, special agent in charge of the Computer Crime Resident Agency, U.S. Army Criminal Investigation Command, Fort Belvoir, Va.
  Computerworld's home page
  Is the Back Orifice door really shut?
  How to protect your online privacy
  Download security utilities from FileWorld
 Reviews & in-depth info at's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers

The attack is delivered to the victim as a Trojan horse -- a hostile applet carrying executable code -- via an e-mail attachment. Once the attachment is opened, the attacker, using ports 12345 and 12346 on the desktop, or via HTTP Web protocol and file transfer protocol connections, can load a remote administration tool and order the Trojan horse to turn on the video and/or audio of the targeted machine.

By exploiting remote administration tools such as NetBus and Back Orifice, both of which the Army has proved can be used, the attacker can hijack desktop camera and microphone applications and then direct image and voice transmissions to the attacker's PC.

Because user-installed cameras and microphones usually don't have indicator lights, the victim is completely unaware of any eavesdropping, according to Hormann and others. And no desktop image, except maybe a small tool bar icon, will appear on the victim's computer to indicate that the audio and video capture are on, he adds.

Worse, said Powell Hamilton, manager of technology risk services at PricewaterhouseCoopers in Los Angeles, attackers can use the same tactics to hijack an online meeting session conducted through systems like Microsoft Corp.'s NetMeeting and grab shared whiteboard information.

One comforting fact, Hamilton said, is that microphones and cameras have yet to proliferate across the enterprise because image, voice and videoconferencing technologies are still rough around the edges. And, he adds, fear of remote spying and information breaches will probably continue to stall widespread adoption.

There's a warning that bears repeating: Keep virus- and intrusion-detection tools up-to-date. Symantec Corp.'s Norton AntiVirus, for example, recognizes when NetBus 1.6 and 2.0 and Back Orifice and Back Orifice 2000 are running on a desktop.

But hackers now possess compiling tools to change the attack signatures, making it more difficult for packaged applications to catch these attacks. In addition, Hamilton said, nearly 40 percent of the client sites he has reviewed don't have virus protection, and 90 percent don't use intrusion detection software.

Given the voyeuristic ways of hackers and rising concern over electronically committed corporate espionage, now is a good time to take inventory of your organization's microphones and cameras. If users have deployed these devices, teach them to manually cap cameras and unplug microphones when not in use. And if your organization is moving toward adoption of voice and video technologies, pay for higher-end microphones and cameras with indicator lights.

Embassy site hackers aimed to show its vulnerability
September 8, 1999
New tool blocks wily e-comm hacker tricks
September 7, 1999
Hacker ruse can exploit ActiveX Controls
September 6, 1999

Your personal info is for sale
(PC World Online)
Most corporate hacks are inside jobs
(PC World Online)
Is the Back Orifice door really shut?
Take Internet privacy into your own hands
(PC World Online)
Who -- and what -- is defending your privacy?
(PC World Online)
How to protect your online privacy
(PC World Online)
Download security utilities from FileWorld
(PC World Online)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Symantec Corp.
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.