Comments

Steven HooberSeptember 19, 2011 2:03 PM

What I love most about this is how most comments (on the original article) seem to think the internet is not available outside the US. His illegal immigrant status is crucial, and with stronger immigration policies, he would not have been able to carry out these attacks. Sure.

CypherpunkSeptember 19, 2011 3:08 PM

Very disappointing to see that this site has sunk to the level of reporting crap like this; it always used to be one of the better security-related blogs out there.

OttoSeptember 19, 2011 3:10 PM

For a moment I thought it was about some kind of sex-related injury, then I re-read and found it wasn't "sex-torsion".

Disappointment.

DayOwlSeptember 19, 2011 3:25 PM

@Cypherpunk:

The article demonstrates how stupidity, security ignorance and just plain carelessness lead to preventable problems. The victims practically laid a red carpet for the guy. Hopefully a few have learned to employ a few basic security measures in their computer use.

Personally, I'm appalled at the number of people who seem to think nothing of sending nude photos of themselves into cyberspace. Very undignified.

x, y & zSeptember 19, 2011 3:36 PM

@Hoober

What do you mean that the Internet exists outside of U.S.A? How is that possible. You mean that they have Internet like in the moon or something?

Petréa MitchellSeptember 19, 2011 5:38 PM

when I first read about that, I found myself thinking about the earlier post here on folk models of computer security and how most security advice wasn't followed because either the model said most people wouldn't be targets, or because people didn't have a narrative for what harm it might cause them.

This story, OTOH, offers a new threat model to people who read it, suggesting that even small fry can be targeted, and providing an easy-to-understand example of harm.

I wouldn't bet on this one story by itself changing anyone's behavior, though.

ArclightSeptember 19, 2011 6:21 PM

Okay, the fact that our perp is an illegal alien is not really relevant to this discussion. Border security is an issue unto itself, but it doesn't seem like the physical location of the attacker was important to this type of attack.

The unique thing here is the amount of effort this man went to in his attempts to terrorize and humiliate his victims. And how successful he was.

I seriously doubt that profit was his main motivation, given that other types of fraud (and targets other than young women) would probably be more profitable for someone with the IT and con-artist skills this guy seems to have had.

One thing that does seem hard for me to believe is: Why didn't more of the victims or police immediately recognize the PC as the obvious source of data leakage and pull the plug ASAP?

I mean, someone has recordings of your voice calls, webcam shots, copies of your documents and photos, and real-time access to your chat logs. Really, it shouldn't take a genius to figure out that it's time to unplug the computer and get help instead of further enabling this creep by transacting your next 300 hours of dealings with friends, authorities, etc using the same infected computer.

I remember that almost all webcams and built-in cameras used to come with a sliding cover over them. I wonder why this feature has been dropped on most newer models?


Arclight

jerbearSeptember 19, 2011 6:30 PM

@Arclight
Need to consider though this guy likely had access to the users email at this point and from there would be able to access all the users accounts by using forgotten password and simple social engineering.

I have two thoughts for why cameras don't have covers any more.
1. The government for all you into hatting on big brother.

2. Blame Apple for slick clean looking devices. I mean where would you install a bulky lens covers on your mac book pro?

Lastly this guy really did not do anything that spectacular. He simply was able to gain access to a users system through malware and from there it was just time and data-mining, and alittle bit of crazy.

PrometheeFeuSeptember 19, 2011 6:49 PM

I love the use of P2P file sharing as the vector of attack. I would love to do a study of how many people will dbl click on an exe from a file-sharing network. I'm not sure how one could do that legally though...

Trichinosis USASeptember 20, 2011 2:23 AM

@Cypherpunk: cyberstalking is very common, in part because of your attitude that it's unworthy of the attention of the greater IT security community. IT is one of the last bastions of sexist bullies, who prefer to keep their prey's ignorance as the status quo.

Not all the people who do this sort of thing are even hacking. They're just abusing their legitimate access to the system. I did a service call at a telco data center once, the night shift ops had a computer full of audio files of "funny" conversation captures and would very casually listen in to random conversations via a patch cable. Their "hobby" was not psychologically healthy, never mind the legal or professional implications.

The IT community needs to police itself. I want to see more, not less, of this kind of post. There are a lot of creeps out there for whom this post hits entirely too close to home. Good.

ChrisSeptember 20, 2011 2:28 AM

@PrometheeFeu

I actually think you can legally do it. But the payload has to be a harmless application that notifies the user, the best is with an url-button.
The application should mention how dangerous it is to execute p2p-downloads and refer to the website for details how to browse p2p-networks more safely.
(That second part will give you the statistics you need, just be sure that ur not in a search-index)
You first ask if the user wishes to go to the website to get more details. If the user chooses no, you ask if the app may send an anonymous acknowledgement to the server for a statistical study.

More on topic: I distinctly recall having read this story before. It really has nothing to do with illegal immigration though.
One of the most astonishing parts is that all those females that noticed their webcam light on, and only ONE that actually put a sticker on it. Of course it isn't very bright to send pictures of yourself via the internet or let your boyfriend store it on his computer, but hey not everyone is a security expert.
Stop seeing your computer as a device, instead realize it's a open window to the world.

WooSeptember 20, 2011 4:24 AM

@jerbear: A tiny plastic slider should be possible to fit into even the sleakest FruitBookPro.. but it costs a few cents to implement (and a few dollars to design), so the manufactures don't consider it.

karrdeSeptember 20, 2011 9:39 AM

@Arclight:
One thing that does seem hard for me to believe is: Why didn't more of the victims or police immediately recognize the PC as the obvious source of data leakage and pull the plug ASAP?

I mean, someone has recordings of your voice calls, webcam shots, copies of your documents and photos, and real-time access to your chat logs. Really, it shouldn't take a genius to figure out that it's time to unplug the computer and get help instead of further enabling this creep by transacting your next 300 hours of dealings with friends, authorities, etc using the same infected computer.

These people think of a computer as an appliance, rather than as a complex system with security vulnerabilities.

Mr. MaturinSeptember 21, 2011 9:16 AM

Wouldn't a spot of duct tape resolve the lens cover issue? You could stick a back piece in place so as not to stick up the lens itself. Duct tape comes in cool new colors and patterns too, for style conscious Mac users. to NZ's comment, we all have something to hide.

MeSeptember 22, 2011 12:57 PM

Guess I need to be better about unplugging my mic when not in use.

This is also why I never wanted a web-cam.

Dirk PraetSeptember 22, 2011 7:40 PM

@ DayOwl

"Personally, I'm appalled at the number of people who seem to think nothing of sending nude photos of themselves into cyberspace."

Stupidity is not a crime as long as you are its only victim. And even US congressmen are doing it (remember Anthony Weiner). Until such a time that people take a mandatory course in computer security and privacy basics before hooking up to the internet (no pun intended), stuff like this will pretty much remain inevitable.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..