[Article first published as Lack of Computer Knowledge Allows Technician to Hack Customers' Webcams on Blogcritics.]
In my line of work and field of nerdery, I often encounter people who need my help because they just don’t understand computers. I guess normally that’s not really a big deal – I mean my company does pay me to take care of all of our technical stuff after all. A user forgot a password? No problem. RAID array fail? Hand me my tools and that superhero cape in the corner there, I’m on the case. It’s all sanctioned stuff. It’s the other problems that people come to me with, usually about their personal and home tech causing “issues” that give me worry.
Now I put the quotes around “issues” because generally no one would really describe them that way – usually all that’s required is a change in settings to get things the way they need to be. I have no problem walking them through stuff like this. The first few times that is. After answering similar questions from the same people about the same problems, or hearing how they downloaded the same virus from the same fake email address I’ve warned them about a dozen times, that’s when I get upset. Is it an inability to learn basic things? Well, not exactly. It’s more a refusal to try and understand the machines that manage their lives. We live in a time when computers help govern pretty much everything we do, be it something as simple as sending an e-mail to automating manufacturing sites. It’s engrained in our cultural and social DNA. How many of you could go a week without using email? Facebook? The internet? I doubt it would be more than a handful of you. And with every additional piece of our lives ruled by the web, there’s an additional security hole to be plugged. People getting hacked for various things are always present in the news cycle. So why is it that people refuse to try and learn more about computers? I don’t understand it myself, but it can sometimes contribute to serious problems.
I read a story today about computer repairman rigging customers’ machines to take video and pictures (in bathrooms and showers) through webcams without their consent. His setup, as in what he told customers to convince them to move their machines into the bathroom, should have thrown up red flags for most people. The culprit, Trevor Harwell of Southern California, installed software on his customers’ Macbooks to take control of their embedded webcams. This software gave the users fake error messages, telling them to “fix their internal sensor soon,” according to Sgt. Andrew Goodrich of the Fullerton Police. Alright, a standard user may be justified in thinking that there is in fact a generic “internal sensor” in their device. That’s fair. But the second message should have signaled alarms to anyone: “try putting your laptop near hot steam for several minutes to clean the sensor.” So what did this error message prompt users to do? Report suspicious activity? Take it to a Mac Store or Genius Bar? Unfortunately, it prompted many of them to take their computers into the bathroom without question while they showered to get the prescribed steam to fix the problem.
Once Harwell had access, he took photos and videos, primarily of female targets, while they were either undressed or changing clothes. Those photos were routed to his own machine through a remote server. He was finally caught when a Fullerton resident did see the red flags, and reported suspicious messages on his daughter’s computer in 2010. As a result, 20-year old Harwell now faces 12 counts of computer access and fraud (those would be felonies for those keeping score) for the hundreds of thousands of images and videos in his possession. Rezitech, the company Harwell worked for, said that none of this was done while working for them, and are cooperating fully with law enforcement on this investigation.
Now I’m not going to blame the exploited users completely. IT people can operate now from a position of power and authority, much like doctors and lawyers, given the knowledge we have over the masses. Unfortunately the young man in question, a pervert and a predator, abused that position, and took advantage of those who trusted him. Look at who his targets were. They were computer users who didn’t know anything about the devices they were using. They would take anything their Mac told them as truth, and blindly comply without a single hint of suspicion. I know a lot of people who know absolutely nothing about computers, but they’d definitely have the good sense to call me before they took a computer into the shower with them.
Everything is connected these days – computers, game consoles, even televisions. Making sure you’re digitally safe should be a priority for everyone. So I ask of you all, learn a little bit more about the tech you use in your everyday life. You all have nerd friends or family members that are willing to sit down and run through some computer security stuff with you. Just ask them.