Time to Tape Over the Camera on Your Laptop

AVG Security
by Mark Yates on September 26, 2016

The founder of Facebook does it. So does the head of the FB — who thinks you should do it too. The first runs maybe the world’s best-known company. The second is in the business of knowing other people’s business. Given they both likely have state-of-the-art fortresses built around their PCs, maybe they know something.

What they know is that laptops and tablet cameras can be hacked without users’ knowing it. This is usually done with a remote administration tool (RAT), which by some estimates accounts for upwards of 70% of Trojans, a piece of software that hides on PCs to track activity and sometimes take control. RATs are relatively easy to build and deploy and allow online thugs to capture video without your knowing it.

What’s the danger?

Perhaps the best-known RAT intrusion happened a few years ago in California. Teenage hacker Jared James managed to slip a Trojan onto the reigning Miss Teen USA’s computer and snap images while she changed clothes. He then threatened to ruin her future pageant possibilities by making the images public if she didn’t give him more.

And that was just the tip of the iceberg. After surrendering to the FBI, James confessed to hacking the cameras of as many as 150 women. Other such cyber criminals live-broadcast bedrooms on the internet or even actively mess with the women they “slave” – freezing screens, bullying via IMs and emails, and displaying shocking images.

The great majority of these criminals perpetrate against women, but men have also been targets. And while many webcam hackers use images and video to satisfy voyeuristic needs and to humiliate victims, others are just in for the money. One Australian man literally caught with his pants down was told to pay $10,000 or be exposed online. He refused, but noted that double standards often mean women feel compelled to comply.

So how widespread is webcam hacking?

Despite dozens of news stories, official statistics are hard to come by. And as with ransomware attacks, many victims never report the crime.

One Australian man literally caught with his pants down was told to pay $10,000 or be exposed online.
But with cameras, hacking is relatively easy. One disturbing service called Shodan provides access to unprotected webcams around the world—as well as smart TVs, lighting systems, and other online devices. The primary problem is that cameras (and connected devices more generally) have weak security protocols. (For the geeks out there: Shodan crawls the web looking for Real Time Steaming Protocols [RTSP port 554], which don’t generally use basic password protection.)

For cameras embedded in PCs, criminals need access to the PC, as well. This is often done by posing as friend, through a phishing attack, or with some other form of social engineering to trick victims.

Okay, I’m sold. But is a piece of tape or sticky note enough?

For covering the camera, yes. But this issue highlights the importance of cultivating a security mindset when online. This should include a range of activity such as keeping applications up to date, using strong passwords, deploying email security best practices, maintaining general vigilance when online, and installing proper internet security, like that available from AVG.

So while taping over your webcam is smart — and easily reversible if you use a sticky note or a purpose-specific device — this quick fix should really just be the beginning of the measures you take.

Bonus tip: Going all the way

If tape’s not permanent enough for you, you can also disable your camera altogether. (Keep in mind, though, that you’ll need to reverse the process every time you want to make a video call or capture video.) For Windows 8, just use the Start Menu Search and type in “Device Manager” and open it up. Then select Imaging Devices and click “Integrated Webcam”. If it’s not there, try looking under Sound, video, and game controllers.

Windows Device Manager

In the pop-up box that opens, select the Driver tab and the Disable button. Note that the name of the camera may be different on your PC than in the screenshots. Also, if you do not have administrator rights, you will not be able to disable the camera.
Webcam Properties in Windows

While you’re there, be sure to update your driver as well.

My New Life, and How It Happened.

As time rolls on, we all find ourselves aging. We find ourselves wondering how we will spend our remaining years. We watch the cost of living increase at an alarming rate at times, and wonder how will we cope. If we don’t own a home we worry about rent mostly, but we worry about food, medical needs, and basic day-to-day life. These thoughts came home to me in a very real way one spring month in 2014. My Mom passed away on March 31, 2014. My life completely changed from what it was, care giver for my mom, full-time, to on my own, no home or job. Through the ups and downs of figuring out a new life, my life took a few unusual turns.

It is an exciting life I live now! I live full-time in an RV. I got myself a puppy named Sophie, ( I still wonder, WHAT was I thinking). I have moved to Redding, California, (I still return to Santa Rosa on a monthly basis). I am restarting my business, (reinventing myself once again). I have a few customers who have stuck with me through time, (THANK YOU!).  I am ready to increase my business again, and I couldn’t be happier! But the best of everything, is the renewing of my business venture, with the adding of remote assistance service.

I can help you no matter where you are, or where I am, using a program that is installed on our computers. The program allows me to connect to your computer, enabling me to see your desktop, any open documents, and any visible private information But there are limits; I can only see private information for which you have given me your password. In addition, using my mouse and keyboard, I can do things like change settings, upgrade and run all malware protection, and update Microsoft Windows protection. I can also see and solve any problems that your computer has. If you have a problem you want me to solve, you send me an email and I will access your computer and assist you. If you are unable to email, I am only a phone call away.

I’m excited about the new direction my life is taking. At the age of 68 years young, I still ask those questions; but they don’t seem so scary any more. I write this to give encouragement. When life seems scary, if you are willing to be open to the unusual, it can be exciting too.  As I face the future, I look forward to connecting with new and existing customers.



They say they want your opinion, but don’t be fooled!

(Another article from AARP)

The email – often from a well-known retailer like Walmart or Macy’s – may start out innocently enough:

You have been chosen to take part in our brief Customer Satisfaction Survey. If you decide to complete this survey, we will send $150 to your confirmed credit or debit card account just for your time. Helping us better understand how our customers feel, benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our services. The survey form is attached to this email. Please download the attachment, open it, and follow the instructions on your screen.
Wanting to help, you play along. The first few questions of the survey may ask basic information about which products and/or services you use or instruct you to evaluate the customer service. But then, the form takes a twist. It asks for personal information like credit card, bank account or Social Security numbers, which is later used against you by a scammer.

Take steps to protect yourself.

Know who you are dealing with. It’s easy to steal the look and feel (colors, logos and header) of an established retailer or organization. Scammers can also make links look like they lead to reputable websites and emails appear to come from a different sender. Tip: hover over the sender name to make sure the address is valid.
Legitimate businesses will never ask for your Social Security number, money, password, or bank account information on a customer survey.
When in doubt, do a quick web search. If the survey is a scam, you may find alerts or complaints from other consumers, and the organization’s real website may have further information.
Watch out for a reward that’s too good to be true. If the survey is real, you may be entered in a drawing to win a gift card or receive a small discount off your next purchase. Few businesses can afford to give away $150 for completing a few questions.
If you think you have been the victim of a customer service survey scam, file a complaint with the Federal Trade Commission at http://www.ftc.gov/complaint.


Kristin Keckeisen
Fraud Watch Network

Tax Scammers Hit New Lows

Sent to me by AARP. I wanted to share, especially with my senior citizens.


April 15 is less than a month away, and scammers are continuing to target people for tax-related scams.

IRS Imposter Scams
The Associated Press recently reported that fake IRS agents have targeted more than 366,000 people with harassing phone calls demanding payments and threatening jail in the largest scam of its kind in the history of the agency.

How it works:

Bogus IRS agents call you, claim you owe taxes, and demand payment using a prepaid debit card or a wire transfer. And, they might even know the last four digits of the taxpayer’s Social Security number.
Those who refuse are threatened with arrest, deportation or loss of a business or driver’s license.
The callers may also manipulate caller ID to make it look like they are calling from an IRS phone number.
The IRS will make contact first by paper mail and they never demand payment by debit card, credit card, or wire transfer.

What to do:

If you get a phone call from someone saying he is with the IRS—hang up and contact the IRS immediately at 1-800-829-1040.

Inflated Refund Scams
With 60% of taxpayers using professional help in filing their taxes, people should be suspicious of anyone promising inflated refunds. “Every filing season, scam artists lure victims in by promising outlandish refunds,” said IRS Commissioner John Koskinen.

How it works:

The scammer tells his targets they will get a large refund saying they qualify for fictitious tax credits, rebates, or government benefits.
They may also file a return in the person’s name and not tell the person that a refund was made – the money goes straight into the scammers’ bank account.
These fraudsters may use flyers distributed door-to-door or in community gathering places, advertisements, phony store fronts and word of mouth through community groups and churches to lure their victims.
What to do:

Watch out for tax preparers who promise a big refund – maybe even before looking at your records.
Be careful of supposed tax preparers who charge fees based on a percentage of the return – this is not a standard practice and gives the preparer a strong incentive to falsify the return.
Make sure you get a copy of the return that was filed – and then track the return on the IRS website.
And of course, never sign a blank return – no matter what promises are made!
Identity Theft Refund Fraud
Taxpayers also need to watch out for identity theft, particularly around tax time.

How it works:

You file your taxes expecting a refund.
But, you find out that someone else, using your Social Security number and likely other personal identifying information, has filed a return in your name.
Your return is rejected as a “duplicate” because a refund has already been issued to the scammer.
Also know that scammers will often steal Social Security numbers and other personal information of people who may not be filing a tax return—like your children or grandchildren, folks who may not have income to report, or even the recently deceased. So please share this alert with family and friends and help them detect and correct fraud!

What to do:

If you think someone used your Social Security number for a tax refund contact the IRS as soon as possible. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from thieves in the future. Go to irs.gov/identitytheft or call 800-908-4490. Also if you haven’t received your refund yet, visit irs.gov/refunds to check your status.

For more information, check out the IRS “Dirty Dozen Tax Scams”.

Kristin Keckeisen
Fraud Watch Network


Scammers Calling…

An excellent article from AARP.

Have you ever gotten a phone call like this?

  • A caller has a hot tip on a new investment that will yield lots of quick money, and insists you must immediately decide or the opportunity will be gone.
  • Someone calls with an urgent request for a disaster relief charity and asks you for your credit card number to make a donation, but you are not sure you’ve heard of the charity.
  • A tech support caller says virus activity has been detected on your computer, and then asks for access to your computer to fix it or to wire money as a fee to get it fixed.

These are all examples of telemarketing scams. Scammers prey on people by getting them excited about unexpected riches or worried they’re going to miss out on a great deal. Basically, their goal is to get you “under the ether,” an emotional state that can lead to poor decisions.

What can you do to protect yourself – or those you love – from unscrupulous and persuasive scammers?

What Are Telemarketing Scam Buzz Phrases?
It’s sometimes hard to tell the difference between reputable telemarketers and criminals who use the phone to rob people. You can protect yourself by learning how to recognize the danger signs of fraud. If you hear some of these buzz phrases on a phone call, hang up.

  • You’ve been specially selected (for this offer).
  • You’ll get a free bonus if you buy our product.
  • You’ve won big money in a foreign lottery.
  • This investment is low risk and provides a higher return than you can get anywhere else.
  • You have to make up your mind right away.
  • You don’t need to check our company with anyone.
  • You must send money, give a credit card or bank account number, or have a check picked up by courier.
  • You must act ‘now’ or the offer won’t be good.
Tips to Avoid Telemarketing Fraud
It’s very difficult to get your money back if you’ve been cheated over the telephone. Before you do anything by telephone, remember:

  • Don’t buy from an unfamiliar company; legitimate businesses are happy to give you information.
  • Always check out unfamiliar companies or charities with your local consumer protection agency, Better Business Bureau, attorney general, or charity watchdog groups.
  • Get the caller’s name, business name, telephone number, street address, mailing address, and business license number before you transact business, then verify these.
  • Don’t pay in advance for services.
  • Resist pressure to make a decision immediately.
  • Be sure to talk over big investments offered by telephone salespeople with a trusted friend, family member, or financial advisor.
  • Never respond to an offer you don’t understand thoroughly.
  • Keep your credit card, checking account, or Social Security numbers to yourself. Don’t tell them to callers you don’t know — even if they ask you to “confirm” this information. That’s a trick.
  • Don’t send cash by messenger, overnight mail, or money transfer.
  • Don’t agree to any offer for which you have to pay a “registration” or “shipping” fee to get a prize or a gift.

Who Was Alan Turing? And Why Did Queen Elizabeth Grant Him a Pardon?

By Russell Goldman
Dec 24, 2013 10:47am

(In light of the Duck Dynasty ignorance, I thought this appropriate to post.)

Alan Turing, the British mathematician who helped defeat the Nazis by cracking their secret codes and laid the groundwork for modern computer science, was posthumously pardoned by Queen Elizabeth on Monday for a 1952 conviction for being gay.

Here’s what you need to know about Turing.

Alan Turing

Born: June 23, 1912

Died: June 7, 1954, at age 41. Turning killed himself, likely by eating an apple poisoned with cyanide, following a criminal conviction for homosexuality.

Accomplishments: Turing is widely considered the father of computer science. His developments in cryptography were instrumental in cracking the Nazi’s Enigma code, a vital step in turning World War II in favor of the allies.

Turing predicted the rise of computers and essentially invented the idea of software. He was first to define artificial intelligence and design a test to determine whether computers could truly appear to be human.

Controversy: Despite his contributions to the war effort and to science, Turning was charged with “gross indecency” in 1954, under laws that at the time criminalized homosexuality. Rather than serve prison time, Turning agreed to a form of chemical castration, in which he was injected with female sex hormones. Later that year he killed himself.

Legacy: Every computer today, from cells phones to those aboard the International Space Station, owe their existence to the “Turing Machine,” the first modern computer to run interchangeable software.

As computers become smarter and seemingly more human, the “Turing Test,” an experiment in which human subjects must determine if they are interacting with another person or a computer, remains the standard by which artificial intelligence is measured.

Turing’s life has been commemorated in books, a monument, a play and an upcoming feature film.

“His action saved countless lives. He also left a remarkable national legacy through his substantial scientific achievements, often being referred to as the ‘father of modern computing,’” British Prime Minister David Cameron said in a statement.

Crime pays very well

Cryptolocker grosses up
to $30 million in ransom

No wonder street crime is down. If you want to make a dishonest living, cyber-crime is the place to be. According to a Dell SecureWorks report by Keith Jarvis, the creators of the notorious CryptoLocker ransomware virus may have made as much as $30 million in a mere 100 days.That’s a lot more than you’d earn stealing people’s iPhones –and you’re far less likely to get caught. (It’s also a lot more than you’d get doing honest work.) The $30 million estimate comes from a Geek.com article by Lee Mathews, and is based on the SecureWorks report’s numbers. The original report includes a speculation that at least 0.4% of CryptoLocker victims end up paying the ransom, “and very likely many times that.” The report also admits that “These figures represent a conservative estimate of the number of ransoms collected by the CryptoLocker gang.”CryptoLocker first appeared in the wild in early September. Like most ransomware, it attempts to scare people into sending money by closing off access to their data or threatening to do so. But unlike previous such programs, CryptoLocker makes good on its threats. Whereas previous ransomware viruses might trick you into paying their blood money by hiding your documents and other data files where any competent techy could find them, CryptoLocker really encrypts the files. And it does a good job of it. Jarvis’ report states that “CryptoLocker uses strong third-party certified cryptography offered by Microsoft’s CryptoAPI. By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent.”

In other words, if CryptoLocker infects your computer, and you don’t have a recent and reliable backup, your choices are between paying the $300 ransom and kissing your documents, spreadsheets, and photographs goodbye. Surprisingly, if you do pay the ransom, you get your files back.Keeping promises — not a behavior usually associated with thieves — suggests that whoever is behind CryptoLocker is treating it like a real business. When people balked at using credit cards to send money to criminals, these particular criminals started accepting Bitcoins. They’ve even responded to the insane Bitcoin deflation of recent months. When they first started accepting the virtual currency, they priced your files at 2 BTC. But as the price of a Bitcoin skyrocketed against real currencies, that price dropped three times, and as of Wednesday was down to 0.3 BTC.That’s an awfully polite gesture for extortionists.Of course, the rising cost of Bitcoins may have helped the criminals considerably. Jarvis estimates that they received nearly $380,000 in Bitcoins (it appears that most people still pay with credit cards). “If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication.”

I don’t want to make the people running this racket sound like gentlemen thieves. They’re crooks who steal your vital information, then make you buy back what is rightfully yours. They deserve jail time, not $30 million.