It sounds like a virtual haunting, and it happens on your computer. File folders go missing. The mouse curser starts roaming around on its own. Pop up messages appear for no particular reason. The laptop shuts down without a command. After it restarts, the webcam light is on. But if you’re not using the computer in genreal, and the camera in particular, who is?
If you’re lucky your computer has viruses; if you’re not so lucky, your PC may have a RAT problem. A RAT infestation can lead to a whole new level of privacy violation.
Remote access tools (RATs) were developed to allow users to access their PCs away from the office—think advanced telecommuting—but a new generation of hackers is developing increasingly advanced RAT software that allows them to take over a computer owned by an innocent target—think you—and make it their “slave.” Once they’re in, they can spy on you through the webcam and listen into your conversations on the microphone, effectively turning your computer into a one-way mirror into your life.
“People would not have a clue it’s been installed on their PC as the methods now are getting more and more advanced,” says Black Shadow, a hacker contacted by TakePart through Hack Forums, a bulletin board. “Hackers use them for a few reasons: to spy on a person, to steal from their accounts, to build up a bot-net for DDS [distributed denial-of-service] attacks, or just for fun, to be nosy.”
A YouTuber who goes by the handle DaSheepherder posted a video on Hack Forums some 15 months ago complaining he’d been RATted by one of the members of the forum. “Whoever did it just deleted everything,” he said. “I have got, like, nothing, nothing left. All my intros and all my upcoming videos have been deleted. I’ll have to start from scratch making the intros and all that.”
Black Shadow saw the post and says he helped DaSheepherder retrieve the deleted files. “I cleaned up his PC, got rid of the RAT for him,” he wrote on Hack Forums. “[A]fter the kid I helped got hacked, I wanted to find a way to stop them, so I have produced a RAT Firewall. [N]ow it’s time to help people defend themselves.”
To detect a RAT takeover, says Black Shadow, “Look at your startup items. It will show [up] there for sure, unless it’s been programmed into the memory, then it will not be visible.
“Look at your task-manager at running processes, most RATS are set to run from these, it will always run from user name.”
And always, he says, “Check for your webcam light if it’s on.”
The snoop, and the consequences, coming from the other end of that webcam can be far more serious than losing a fledgling YouTube inventory if you’re living in a country embroiled in political unrest, insurrection or civil war.
Karim Taymour, a Syrian activist, told a reporter from Bloomberg that after he was arrested by the Assad regime, his interrogators showed him a “stack of more than 1,000 pages detailing his conversations and electronic files exchanged on Skype,” according to Reporters Without Borders.
“My computer was arrested before I was,” Taymour said.
In its annual “Enemies of the Internet” report released March 12, Reporters Without Borders found that “Internet content filtering is growing, but Internet surveillance is growing even more. Censors prefer to monitor dissidents’ online activities and contacts rather than try to prevent them from going online.”
Oppressive governments are like RATters: They like to watch.