What We Can Learn from the School Webcam Spy Story
Your company probably doesn't issue laptop computers to high school students, but the webcam spying case that happened in Lower Merion School District in Pennsylvania has lessons for any business that has employees working remotely on company-owned and -tracked computers on company networks.
According to an article in the Philadelphia Inquirer, a security company needed only a few hours to successfully hack into a version of the laptop tracking system used by the school district. The article stated:
The company, Leviathan Security Group, said it launched the review after realizing that some of its clients were using the same system, LANrev, that drew an international spotlight to Lower Merion.
LANrev is a software package that lets administrators remotely access and manage multiple computers on a network at the same time. The LANrev feature that drew so much scrutiny was a theft-tracking tool that can pinpoint a computer's location, remotely activate its webcam and store copies of the images on its screen.
In a few hours, Leviathan executives said, one of their engineers was able to decipher a password - lines from a German poem - to gain administrative access on the network. The engineer could then install software to essentially take over a user's laptop - sorting through its e-mail, using its webcam or deleting or changing files.
As more organizations are turning to software like Skype that allows for "face-to-face" conference calls, webcam-related security on network computers needs to be considered. F-Secure provided some basic webcam security tips and how to avoid being spied on in a recent blog post:
You could choose a webcam with security features. Most webcams today come with an LED light that switches on whenever the cam is transmitting. Or get a webcam with a lens cover (oddly these seem to have fallen out of fashion, are people more trusting these days?).
If you already have a webcam, you can go through the settings for its control program – if there's a remote admin feature included and you're not using it, make sure it's disabled. If you're using a wireless webcam setup, make sure your wireless network is secured, so that noone can nick the webcam feed off your own network.