-Caveat Lector- http://www.cnn.com/TECH/computing/9909/23/pc.tapped.idg/index.html Your PC may be tapped by Deborah Radcliff September 23, 1999 (IDG) -- If you're finding user-installed cameras and/or microphones on Windows NT machines in your enterprise, be afraid. For the past four months, U.S. Army special agents have been showing their commanding officers how to turn microphones and cameras into remote spying devices. "We run this in the lab here all the time. You can hear the guys talking [from another room], but they have no idea you're listening to them," said Jeff Hormann, special agent in charge of the Computer Crime Resident Agency, U.S. Army Criminal Investigation Command, Fort Belvoir, Va. The attack is delivered to the victim as a Trojan horse -- a hostile applet carrying executable code -- via an e-mail attachment. Once the attachment is opened, the attacker, using ports 12345 and 12346 on the desktop, or via HTTP Web protocol and file transfer protocol connections, can load a remote administration tool and order the Trojan horse to turn on the video and/or audio of the targeted machine. By exploiting remote administration tools such as NetBus and Back Orifice, both of which the Army has proved can be used, the attacker can hijack desktop camera and microphone applications and then direct image and voice transmissions to the attacker's PC. Because user-installed cameras and microphones usually don't have indicator lights, the victim is completely unaware of any eavesdropping, according to Hormann and others. And no desktop image, except maybe a small tool bar icon, will appear on the victim's computer to indicate that the audio and video capture are on, he adds. Worse, said Powell Hamilton, manager of technology risk services at PricewaterhouseCoopers in Los Angeles, attackers can use the same tactics to hijack an online meeting session conducted through systems like Microsoft Corp.'s NetMeeting and grab shared whiteboard information. One comforting fact, Hamilton said, is that microphones and cameras have yet to proliferate across the enterprise because image, voice and videoconferencing technologies are still rough around the edges. And, he adds, fear of remote spying and information breaches will probably continue to stall widespread adoption. There's a warning that bears repeating: Keep virus- and intrusion-detection tools up-to-date. Symantec Corp.'s Norton AntiVirus, for example, recognizes when NetBus 1.6 and 2.0 and Back Orifice and Back Orifice 2000 are running on a desktop. But hackers now possess compiling tools to change the attack signatures, making it more difficult for packaged applications to catch these attacks. In addition, Hamilton said, nearly 40 percent of the client sites he has reviewed don't have virus protection, and 90 percent don't use intrusion detection software. Given the voyeuristic ways of hackers and rising concern over electronically committed corporate espionage, now is a good time to take inventory of your organization's microphones and cameras. If users have deployed these devices, teach them to manually cap cameras and unplug microphones when not in use. And if your organization is moving toward adoption of voice and video technologies, pay for higher-end microphones and cameras with indicator lights. � 1999 Cable News Network. All Rights Reserved. . DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
