I can watch you on your built in webcam if you come to my website!!!

Wow... Way to scare the bejesus out of everyone. I doubt anyone on here needs to worry about having all of their information released to everyone they know. If it's all really that bad and embarrassing, then you shouldn't be doing it at all.

reply to post by Jupiter Crashes

Originally posted by Jupiter Crashes
Wow... Way to scare the bejesus out of everyone. I doubt anyone on here needs to worry about having all of their information released to everyone they know. If it's all really that bad and embarrassing, then you shouldn't be doing it at all.

Does this apply to federal governments, too? If not, then someone should probably tell em.

...what about for people in the "privacy" of their own homes?

reply to post by silent thunder


The FBI has the same type of program... intended to infiltrate your computer at will... take a look at the FBI program Magic Latern:

en.wikipedia.org...

or the Carnivore proect:

en.wikipedia.org...

all United States projects intended to infiltrate a computer and install malicious code undetected. The status of these current projects is unknown, but given current security (some almost seeming blatent) its easy to see that there are enough security vulnerabilities in EVERYTHING as to where you wouldnt even need an offical program, just outsource it to some 15 year old kid who knows the backdoors and install it that way. As specifically to a webcam I know there are plenty of 'google hacks' you can use to pick up unsecured webcams that people just attach to their networks to monitor their homes and their kids... I would wonder if it is something similar... I am a Cisco/Microsoft Certified Network Engineer so this is more than a curiosity for me...

It's reasons such as this that will make all the internets a fad! What with all the disco and doobies. . .it's only a matter of time that computers will become an addictive drug, just like Nyquil!

Ok, well, this is really nothing new as nothing of the mind of man is without fault. No tool is exempt from becoming a weapon, most often, for whom it was created.

Originally posted by staple
I will have to dig up links but not too long ago an American diplomat had his foreign manufactured laptop confiscated because it was transmitting images of the dip's office back to the spies. Apparently the cam pics were good enough to capture the text from the paperwork he worked on daily. Not sure if the microphone was used but it is possible.
With cool new fisheye lenses you can capture the whole 360 viewing field and extrapolate any angle you want with COTS software.

Flash for as long as I remember has had the ability to use the webcam and mic and present it for the websites' use.
www.testwebcam.com...

Holy crap!

Web cams that capture 360 degrees.... three bleeping hundred and sixty degrees... really?

I want one right away!!!

Please... fish eye lenses capture at best 180 degrees. The FOV of web cams are way, way smaller than that. And there is no such magic as "extrapolate any angle you want". Computers are not magicians you know. They can't work with data they don't have and imagine things up to reconstruct wonderland out of thin air. At least not in that sense and certainly not without some degree of human intervention and some real processing power to back it all up.

As for Flash it only gained real video (not image sequences) support after the sorenson compression scheme was introduced which was years later it's debut. If I'm not mistaken it was around 2002 in Flash version 6 or something that the flv format was introduced that it became able to access your hardware (web cam) and do live video streams.

This is all fear mongering at it's finest.

Every connection you make needs a port and these are constantly being logged at some point on your network even if you don't know which ones or even cares about that. Video streaming isn't something that goes by unnoticed like that specially when you're on crappy connection and adds audio layer to it. It demands bandwidth, it demands a set of drivers to be turned on and running among many other tiny little details that make "this I see what you're doing magic" not as easy as the OP makes it sound.

Is it possible? Yes... it is.

Can it be done with a few one liners of code embed in the source of a web page or some cheap js script?

I say prove it!

And this whole spy talk where shady agencies need a web cam to get access to something that probably already has it's digital incarnation on the very same machine (like documents) sounds like a bad plot of a cheap movie. And even it did happened like that, that poor diplomat you've mentioned probably had a back door open (and probably installed) in his laptop beforehand.

If the internet was something so simple where any agencies or any tech savvy guy had complete control over everything the whole time the web by now would be just like TV or worst. So turn down the paranoia a notch or two before spreading this type of crap.

Real privacy on the internet is a ludicrous idea since the inception of the www. People that have something to hide and really want privacy should just stop using it and go back to the XV century. And even then refrain from using letters and writing crap down.

The CIA doesn't need to back Facebook. They can simply cease any information they want from any source they see fit as long that information is being hosted in US soil or countries that play nice with the US. So this whole talk is somehow exaggerated.

Facebook as any other of these sites that provide a service for free like Google, Yahoo, Bling, you name it are just businesses that in exchange for their services use your information (be it profile, habits, etc) for mining proposes (marketing, etc) for other companies which can or not include government institutions and such.

Nothing really new here and people that think that these companies would keep a millions worth in infra-structure costs just so they can provide you something for free without any profit or source of income really need to get their level of naiveness checked. Because they are probably not suit to be living in the so called "modern lifestyle" and using computers.

Or do you guys think that ATS doesn't do any mining and sell your info to third parties directly or indirectly?

Think again... right on the source of this very page like in 99% of the pages you visit worldwide.

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-475284-1'],['_setCustomVar', 1, 'FORUM', '10', 3]);
_gaq.push(['_trackPageview']);
() [
var ga = document.createElement('script'); ga.type = 'text/_javascript'; ga.async = true;
ga_ = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
])();

That's right. Unplug your web cam, don't use Facebook, Google, and whatnots. Just keep using ATS like you do that they will deliver everything to Google anyways so they can cross reference that with other sources and guess what is the color of the underwear you're using

f r e a k i n g c h e a p p a r a n o i a f e a r m o n g e r i n g

Originally posted by I.C. Weiner
I'm calling BS on this one...I remember Sub-7, anyone else?

I can do "stuff", and as far as turning on a cam or accessing files, that cannot be done without permission....

sorry, but FAIL......

Huh? Since WHEN did Sub7 ever require a vic to give permission to be subbed? That would sort of defeat the purpose of that software! Sub7is now defunct, I believe. The last version I know of was 2.2, and support stopped right at the beginning of WinXP. Don't get over confident, though. There are other RATS like Sub7 out there which are current, right up to Win7.

Ain't no way permission is REQUIRED to do such things. Permission is ASKED by polite folks, but those who aren't so polite can, and do, wreak havoc in the innards of remote machines. They may do a bit of social engineering, but in no way will they ask permission before just doing it.

As a matter of fact, the capabilites of Sub7 and the like are why no mic or camera is EVER attached to this machine, and why I never deal with any sensitive data while it is physically connected to any network, including my own nwtwork.

Ok so im not the only one that was paranoid about this, maybe I had a hunch, or im just noidin out but I leave my webcam off, unless I know im gonna use it for something in particular, in which case im just talking to a freind on skype, but yeah, its an unsettling though

This was so obvious, look a simple everyday, run of the mill trojan can do something like this so it was obvious someone would make it very public. It's an easy enough exploit so i don't think it's paranoid to have been concerned about built in web cams. I know i covered mine the first laptop i had that included one.

As for MI5 or 6 rummaging around in your computer, well that's what encryption is for. I have nothing to hide but it's the principle of the matter that concerns me.

im sorry but this is just bull#. i work in IT and while i dont deal with desktop machines, this just made me laugh.

your webcam will NOT initialize as an active device unless software explicitly requests it. this means you either need to have poor security that allows everything through, or you've accepted the connection to the webcam by clicking a trigger like a yes button. if you for some stupid reason have your security down low enough while on the internet, dont have a personal firewall (windows 7 firewall is great, so is the checkpoint personal firewall), script blocker extensions in your browser (notscripts.. for firefox and chrome!) and a virus scanner, then you are asking for it.

if you are that paranoid you are going to cover your webcam with paper, then just uninstall the webcam driver, disable the hardware and no website will be able to even know it exists!

Originally posted by depressed67

Originally posted by demongoat

what the OP implies is totally impossible, computer software is not designed to do what he claims at all, now maybe some OSes have been written with special backdoors for the government agencies to gain access to pcs with cams, but that is built in, in that case.
so i wonder how the OPs magical website would work? he doesn't say "i have code that will exploit something installed and run on your pc!!" this isn't new or news, there are tons of things like that, in fact people really should stop using IE7 because of the pdf exploit.

i think he is saying that the CSS on the div containing the accept webcam code is set to transparent and so you click on the accept button without knowing. I find that hard to believe, but at the same time quite plausable. A bit like having white text on a white background thats a link thats ontop of something less mundane like a graapic. Seems doable. But thats not really new and not really web cam specific. You caould be activating anything including invisible flash buttons and script downloads.

i don't think he is, it sounds like he thinks he can get people to come to his site and somehow the site injects code into your computer that allows him to control the webcam remotely, unless he is exploiting a known/unknown exploit the scenario is impossible.
clickjacking is not remotely like the claim in the OP, he doesn't say how he would get control, the only ways are clickjacking or exploiting a flaw in the browser that allows it. most of the flaws still require some user input to happen, for example the pdf exploit in adobe acrobat only needs you to scroll over the pdf file to work, but you still need people to do it.
despite what the MSM would have us believe, a user just doesn't go to a website and get infected. you can't just connect to the server and get hacked, there has to be something to mess up your security.

reply to post by theregonnakillme


This is very true and it has happened with my sister too when she was working on her laptop. She was surfing internet at that time while drinking hot tea/coffee, suddenly a message popped-up "what are you drinking, looks nice!". That wasn't the first time it happened, earlier also many messages used to pop-up like "i can see u", but it was confirmed when someone (known or unknown) could actually comment on her drinking something.

And it sounds weird to many people I know, but I got a small cover made for my netbook to hide the webcam. hehe talk about being paranoid!

Originally posted by flyingfish
This warning for all you having a bad hair day.
Don't log on if your not all dolled up and for chrisp sakes don't spill the beans about the reactor!

Of course, this makes sense. lol

Paranoia..So you think you are so important to warrant such activity,s from the Goverment?
What have you to hide that "they" would turn your Cam on and off at will?
I bet most of you give out more INFO, real Info, then you are ever aware of!

Data Mining is BIG buisness, so be more aware of what you are putting out on the net than worrying about Web Cams and Cell Phones!... in some cities in Europe you can walk from one end of the city and be monitored all the way, that disturbs, if disturbs is the right word for it, me more than worrying about my web cam or phone!

I have an in-built webcam. But hey, no drivers installed, no it doesn't work ;-P

Well, with 34 flags, I now invite you to prove it.

I will visit your website and you can then snap pictures of me, and upload them to your picture area on ATS so we can see if this is true or not. (By the way, it's not true. In my black-hat days I've tried to do this to others. It is not possible without a virus being planted on the machine - activeX, _javascript, and flash alone cannot accomplish this.)

reply to post by againuntodust


More than likely true but as a former black hat you know just how very easy it is to plant something like that on someones system remotely. In the end covering a webcam doesn't sound like a bad precaution. Just think about the school that was caught remotely turning on the cameras and microphones of kids laptops when they were at home.

Paranoia has it's place.

reply to post by ImaginaryReality1984


I don't even use antivirus software, only a hardware firewall. So based on my security precautions, I'm probably not going to be covering my webcam up anytime soon. And you're right, it can be easy to get someone to install a virus - however, that someone is not me.

edit1: that school situation had everything to do with those school computers having the network administrator monitoring software (for remote access, etc) installed on the computer. it shouldn't make the normal home computer user worry.

Originally posted by demongoat

Originally posted by depressed67

Originally posted by demongoat

what the OP implies is totally impossible, computer software is not designed to do what he claims at all, now maybe some OSes have been written with special backdoors for the government agencies to gain access to pcs with cams, but that is built in, in that case.
so i wonder how the OPs magical website would work? he doesn't say "i have code that will exploit something installed and run on your pc!!" this isn't new or news, there are tons of things like that, in fact people really should stop using IE7 because of the pdf exploit.

i think he is saying that the CSS on the div containing the accept webcam code is set to transparent and so you click on the accept button without knowing. I find that hard to believe, but at the same time quite plausable. A bit like having white text on a white background thats a link thats ontop of something less mundane like a graapic. Seems doable. But thats not really new and not really web cam specific. You caould be activating anything including invisible flash buttons and script downloads.

i don't think he is, it sounds like he thinks he can get people to come to his site and somehow the site injects code into your computer that allows him to control the webcam remotely, unless he is exploiting a known/unknown exploit the scenario is impossible.
clickjacking is not remotely like the claim in the OP, he doesn't say how he would get control, the only ways are clickjacking or exploiting a flaw in the browser that allows it. most of the flaws still require some user input to happen, for example the pdf exploit in adobe acrobat only needs you to scroll over the pdf file to work, but you still need people to do it.
despite what the MSM would have us believe, a user just doesn't go to a website and get infected. you can't just connect to the server and get hacked, there has to be something to mess up your security.

Actually he is, he said it in one of his posts. im not very good at finding stuff but its in this thread about 2-4 pages back or so. He says so explicitly that the hack involves CSS setting stuff to invisible etc. As I said, sounds plausable but i dont see why its cam specific. it could equally well be used to download anything or set your homepage to something irritating. Or the worst of all, send you to that page that pupports to be virus scan that actually installs loads of viruses and then requires a system rebuild.

Further, i doubt they need web cam access. Whats it going to show, YOU AT VERY CLOSE RANGE FOR HOURS AT A TIME? BORING!!!!

The internet is all about thinking. And thats what they want to tap into. And they can INFER what your thinking.

For example, whats happening here:

User logins in, 3am, rapid surfing of girls profiles in quick succession, search settings set to age 18-18, female, thin. Average picture view 2.1 seconds. Total log in session 20 minutes, then silence.

Awnser = someone has just realised their sister is lost and is looking for clues in random girls photos, then after 20 minutes realises it was just a waking dream and they dont actually have a sister.

They dont need 20 minutes of cam video to figure out exactly what your doing, unless of course they want to know if you have a particular fetish such as doing it WHILE dressed up as a school girl or splurting into your own mouth. The wonders of modern technology.

Or how about this one.

User logsin, surfs several sites about serial killers, then goes to google to search for CHEAP MACHETTES, CROSSBOWs and AIRGUNS. Then does a Google places search for local schools using streetview, and book marks said pages. Orders Machette, Googles solisitorsto make official last will.

Obviously a school teacher researching pychotic behavoir for a new class hes teaching who is also interested in getting a new job at a local school. QED No need to look for bodies in the cellar. No need to activate the webcam to reveal 174 hours of his practice agenda.

Originally posted by depressed67

Originally posted by demongoat

Originally posted by depressed67

Originally posted by demongoat

what the OP implies is totally impossible, computer software is not designed to do what he claims at all, now maybe some OSes have been written with special backdoors for the government agencies to gain access to pcs with cams, but that is built in, in that case.
so i wonder how the OPs magical website would work? he doesn't say "i have code that will exploit something installed and run on your pc!!" this isn't new or news, there are tons of things like that, in fact people really should stop using IE7 because of the pdf exploit.

i think he is saying that the CSS on the div containing the accept webcam code is set to transparent and so you click on the accept button without knowing. I find that hard to believe, but at the same time quite plausable. A bit like having white text on a white background thats a link thats ontop of something less mundane like a graapic. Seems doable. But thats not really new and not really web cam specific. You caould be activating anything including invisible flash buttons and script downloads.

i don't think he is, it sounds like he thinks he can get people to come to his site and somehow the site injects code into your computer that allows him to control the webcam remotely, unless he is exploiting a known/unknown exploit the scenario is impossible.
clickjacking is not remotely like the claim in the OP, he doesn't say how he would get control, the only ways are clickjacking or exploiting a flaw in the browser that allows it. most of the flaws still require some user input to happen, for example the pdf exploit in adobe acrobat only needs you to scroll over the pdf file to work, but you still need people to do it.
despite what the MSM would have us believe, a user just doesn't go to a website and get infected. you can't just connect to the server and get hacked, there has to be something to mess up your security.

Actually he is, he said it in one of his posts. im not very good at finding stuff but its in this thread about 2-4 pages back or so. He says so explicitly that the hack involves CSS setting stuff to invisible etc. As I said, sounds plausable but i dont see why its cam specific. it could equally well be used to download anything or set your homepage to something irritating. Or the worst of all, send you to that page that pupports to be virus scan that actually installs loads of viruses and then requires a system rebuild.

Would require a combination of _javascript to do that but also using hidden/masked div layers to put a button on top of a button (or link) to dupe the person.

It's all done through duping or a combination of scams and the stupidity of the person clicking the link as I mentioned earlier - it only takes one idiot to get things in motion, not some clever process taken out of a hackers movie.