Being paranoid does not mean that it is not happening: the remote control tools known affectionately as RAT (Remote Administration Tool) are a type of Trojan that allows controlling other people’s computers remotely and, in most cases, undetectable.
There are old and obscure ones, like BackOrifice (presented in the Defcon of 1998 to demonstrate the numerous vulnerabilities of Windows 98) or corporate and modern as Symantec’s pcAnywhere. Unlike other tools for hackers, RATs have become very popular because they are simple to use. Simply install the program and use the interface to manage all infected computers, including their webcams.
In this web, the cams are totally open, they are not private and are directed to a very specific public, the name of the web is cams xxxx and you can see as many as you want.
If our computer has been "ratted", the camera could be turned on without us knowing or taking pictures every X minutes, depending on the Trojan and our own configuration. Probably the hacker has full access to our system and can create, copy, delete and modify folders; read and answer emails, install new software and run programs, change operating system settings and even turn on and off the computer without us noticing to get gas light. In the RAT jargon, infected users are "slaves" that fans are exchanged in dedicated forums along with software updates and tips to catch more victims. This is also easier than it seems.
Social life of a trojan
To get a slave you have to make the user install the Trojan first but, obviously, nobody knowingly installs malicious software. The most common and effective ruse is to fill the exchange networks and hosting files with executables disguised as songs or movies. The movies are usually compressed to facilitate traffic and, when the user clicks to unzip the file, ends with an alien instead of the last episode of Game of Thrones. You have to fear files finished in .exe instead of .rar or .zip.
Another perfect site for slave fishing are social networks, where the artificial connection between "friends" provides a false sense of security. The most exquisite talk with their victims and convince them to open a link to a video or a photo. Others limit themselves to sending massive messages that say: Click to see an incredible video or Signing to end censorship in the Middle East.
It is not enough to avoid strangers. When you get the first slave, it’s easy to use your personal email to infect your circle of friends and family. If a cousin sends you a message that says "click to see your e-card" it is best to make sure that the surprise card does not hide a poisoned gift, even if it is our birthday, holy or the day of the Constitution. Beware of suspicious attachments.
May the light be with you
The favorite victims are young and attractive girls with little interest in computers, many photos on social networks and the bad habit of leaving the laptop on and open in their room. Many rats are onlookers who boast of their conquests in specialized forums and distribute photos and videos of girls who often end up in the cloud or in child pornography networks. Sometimes they are classmates, workmates or ex-boyfriends that can cause even more harm.
Access to emails, telephone conversations and personal documents produces an omniscient effect that terrifies victims but intoxicates the perpetrator, who quickly develops God’s complex. In recent years there have been cases of spies who have collected intimate material and then blackmail the victim and force her to undress in front of the camera, but the tendency is to troll the slave or make him gas light. The DarkComet panel had a poltergeist mode that allows you to move things from the site, change the names of things or have the system read texts aloft, to see how the victim reacts. Typically, slaves can watch videos of themselves in previous days or gross and unpleasant pictures. Some of these videos can be seen briefly on YouTube.
Trojans not only control cameras, but they can register passwords and listen to conversations, activating the microphone in addition to the camera. Interestingly, it is not easy to turn off the light that is turned on in some computers to indicate that the camera is active.
It’s amazing how many people turn off that warning on their own initiative and there are many computers that simply do not have it (and hackers handle lists of all of them). It is best to unplug the camera when we are not using it or, if it is embedded in the notebook, put a sticker on it. Many companies have begun to launch sophisticated ways to cover the third eye but just a post-it or a piece of electrical tape.