In the past I’ve tried to emulate Mark Zuckerberg. Become a billionaire, celebrity, philanthropist, wear a sweatshirt or t-shirt everyday, drop out of college and don’t have to go to class anymore, what’s not to like? Sadly, for the most part, it hasn’t worked out so well for me.
For example, after seeing The Social Network I got exceptionally drunk and tried to write a college midterm paper – a la Zuck’s coding of the predecessor to Facebook while toasted. I read my essay the next morning and was genuinely amazed by how few actual words I had used in the six-page paper that I had written. While I was excited that I had created some kind of new language, I also realized that at best I was a J.R.R. Tolkien imitator and, sadly, not a budding Facebook billionaire.
As a result, I realized that maybe emulating Zuck wouldn’t work for me – I decided I probably shouldn’t drop out of college or wear sweats to my next job interview. Luckily there is more than one way to skin a cat. Today we can all be like Mark Zuckerberg and at the same time protect our privacy.
Earlier this year Instagram hit 500 million active users and in commemoration Zuck posted the above photo to his Facebook page. It’s a nice photo and if that was all it was I guess I could write a story about Mark Zuckerberg’s beautiful smile.
Instead, one sharp twitter user – @topherolson – noted that Mark had inadvertently revealed three things:
- That his Mac camera is covered with tape.
- That his Mac microphone is covered with tape.
- That his email client is Thunderbird.
Mark Zuckerburg is clearly worried about his cyber security – he is a high value target who has been hacked before – so instead I’m writing an article about the steps that Mark Zuckerberg takes to protect his privacy and why security experts think we muggles should all do the same.
Why you’re at risk
We live in an age of ever increasing connectivity and reliance on technology. At the same time, and as a direct result, we also live in an age where the NSA has the power to monitor emails and text messages sent by the American people. Not to mention the ability to secretly tap into hundreds of millions of Google and Yahoo accounts worldwide, where nearly one million new malware threats are released every day and where hacking costs the global economy an estimated $575 billion on an annual basis.
So yes, if you have a computer, if you use a phone, if you use email, you are at risk of being hacked.
While it might be easy to conclude that Mark Zuckerberg is your garden variety paranoid, eccentric, billionaire when he tapes over his laptop’s microphone and camera, in reality he is protecting himself against a risk that we all face.
Zuckerberg is protecting against “ratting.” While this might sound like some form of particularly painful medieval torture technique, it is actually slang for a Remote Access Trojan cyberattack (a uniquely modern torture technique). A RAT is a form of malware which, if successful, can give a hacker remote control of your computer – including your webcam and microphone.
Today the risk of this kind of attack is high –
70 percent of malware consists of Trojans and the most easily deployable of these is the RAT whose source code often only costs $10 to $50. Hackers can use this control to do a wide range of bad things to you:
- Hijacking control of personal computers.
- Watching and logging your keystrokes
- Downloading, uploading, or deleting files
- Destroying your CPU through overclocking
- Installing additional viruses and worms
- Editing your Windows registry
- Using your computer for a denial of service attack and to otherwise infect friends and family
- Stealing passwords, personal identification information, and credit card numbers
- Wiping your hard drive
- Installing hard to remove boot-sector viruses
And even to spy on victims through remote control of webcams and microphones.
For Zuckerberg this could mean the theft of sensitive Facebook business and personal data which could cause harm to Zuck personally, to employees, to his business, and to customers. However, by taping over his webcam and microphone Zuck has protected himself (and us all) against the worst of cybercrimes – the release of the first Mark Zuckerberg sextape – a true crime against humanity.
Billionaires aren’t the only ones in jeopardy
RAT attacks don’t just happen to those with billions at stake.
Amy Wright, was a 20-year old student at the University of California at Irvine – a far cry from a billionaire executive like Zuckerberg – when she was hit with a RAT attack.
GQ reported that Wright received an IM from mistahxxrightme, asking her for webcam sex. Amy said no. Mistah X IMed her again and said that he knew all about her. He described the color of her dorm room walls, her sheets, the pictures on her wall, her “pink vibrator”, and then finally sent her an image file. It was a picture of her in her room naked and having webcam sex with her boyfriend, James Kelly.
The “sextortion,” as it has been called, didn’t stop there.
Next Mistah X sent an IM to James Kelly’s ex-girlfriend, Carla Gagnon, asking her for webcam sex before sending her a video of her in the nude. Then he contacted Kelly and told him he had control of his computer. Mistah X taunted Kelly.
James tried to talk to Amy, but as soon as he did Mistah X sent him a message – “I know you’re talking to each other right now!” When Amy called the police, and the hacker messaged her, “I know you just called the police.”
It took the involvement of the FBI Cyberdivision to finally catch Mistah X – a 32-year old undocumented immigrant confined to a wheelchair and obsessed with Professor X from The X Men.
In total, he’d sextorted 230 victims and captured 15,000 webcam-videos, 900 audio recordings, and 13,000 screen captures. He was not part of any cybergang, but instead he was just one frustrated and depressed individual with access to a laptop.
Imagine the harm that an organized group of cybercriminals could do – in 2014, a website opened that played live video from thousands of webcams in over 250 countries.
These attacks aren’t going away any time soon
The problem is that RATs are cheap, require relatively little technical skill, and as Scott Aken, a former FBI cyberagent explains, there are too many RATs in existence for law enforcement to bring them all down.
It’s also relatively easy to infect computers with RATs.
The threat is growing – malware is becoming more difficult to detect by integrating evasion techniques into code and is being built by more advanced groups, which since 2015 have created stronger and virtually unbeatable malware. These attacks are becoming so prolific that SnoopWall LLC labeled 2015 the year of the RAT.
Cyberextortionist gang the Cryptolocker managed to gross over $30 million in 2015 alone. Cybercriminals can see the ROI of these kinds of attacks and so they will only increase in number, both on high value targets and on individual consumers – particularly young women.
The Mark Zuckerbergs of the world and mere mortals alike need to protect themselves from these attacks. It is important to take steps to beef up the security of your devices by:
- Ensuring your antivirus software is installed and always on.
- Regularly changing secure passwords (and especially changing from the factory password)
- Always keeping your firewall on.
- Not clicking on suspicious links.
But in the end security experts – along with Mark Zuckerberg – think that, however secure your device is, it won’t be enough to stop a determined cybercriminal.
Last year NTT tested the top antivirus products and concluded that 50 to 70 percent of malware made it past their virus scanners – new types of malware are being created faster than security companies can detect or protect against them. And when you might be up against the NSA – whose GCHQ program selected random Yahoo webchat users to surveil, the FBI, and increasingly organized (and often state-sponsored) cybercriminal gangs, it’s safe to assume that their attacks could be more powerful than your defense.
As a result, experts think that we should all steal a page from the paranoid billionaire playbook and take the basic security measure of covering our webcam and microphone when they are not in use. Lysa Myers, a security researcher at the Data Security firm ESET said in an email to the NYTimes:
Covering the camera is a very common-sense security measure. If you were to walk around a security conference, you would have an easier time counting devices that don’t have something over the camera.
So let’s all do the smart thing and copy the security experts and the boy genius – FBI director James Comey is doing the same. Comey told NPR that he covers his laptop camera and microphone, “because I saw somebody smarter than I am had a piece of tape over their camera.”
And it’s easy to do. You can cover your camera and microphone with a post-it note, duct tape, painters tape, cute cat stickers, invisible tape, washi tape, or even spring for a sticker expressly designed for laptop camera and microphone security (to the tune of only $10).
While this might make you look paranoid, it’s an easy step to protect your privacy from the growing threat of cyberintrusion.
On the other hand, for those of you who think that you have nothing to hide, you can always follow the example of Matthew Green: “Because I’m an idiot,” replied Matthew Green, an encryption expert at Johns Hopkins University when asked why he doesn’t cover his cameras.
I have no excuse for not taking this seriously… but at the end of the day, I figure that seeing me naked would be punishment enough.