Hackers can turn network cameras, microphones on you

Do you have a microphone or video camera connected to your computer or network? If you value your privacy, turn those devices off, a top Army computer protection official warned today.

Philip Loranger, chief of the Command and Control Protect Division in the Army's Information Assurance Office, demonstrated how anyone can attack a network and turn on any camera or microphones connected to that network with what he called "not very sophisticated hacker tools'' downloaded from the Internet.

Loranger, who conducted an attack on a dial-up military network in Columbia, Md., from an Association of U.S. Army Information Assurance symposium in Falls Church, Va., said the .mil system he managed to penetrate—and whose identity he would not disclose—did not have any intrusion-detection system despite the spurt of recent publicity about an increase in hacker attacks. Using "point and click'' hacker tools, Loranger said he cracked three out of seven passwords on the system.

Once inside the network, Loranger said he then probed the network and discovered a "read/write password file'' that allowed him to delete the "super-user'' password, allowing him to create a super-user password for himself, giving him free reign over the system. Loranger said this then allowed him to search the system for any microphones or cameras connected to it and then turned them on. "I can capture conversations and bring them back to my own computer,'' Loranger said, "and I can turn on video cameras and bring pictures back.''

The Army conducted this "white-hat attack'' after warning the target facility to expect it, Loranger explained, but the lack of intrusion-detection devices did not provide the system's users with any warning "until I launched a denial-of-service attack and brought the system down.''

Loranger said he conducted the demonstration to emphasize that hackers use information warfare attacks to do more than just cripple computers or steal information located on the network. The networks also can serve as real-time windows into the physical world outside the network.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.