Hey there! Sign in to join this conversationNew here? Join for free

Is it possible for someone to hack into your webcam? Watch

    Online

    20
    ReputationRep:
    Yeah it definitely happens. If people wanna watch me talk to myself and my dog then so be it.
    Offline

    16
    ReputationRep:
    (Original post by Acsel)
    That's really not true. A user rarely has to open the door themselves because an attacker will take advantage of some flaw with the users system, such as unpatched software to gain access. A user can do nothing and they can be attacked.

    Using an "IP bouncer" will not stop someone hacking your computer. That is entirely laughable. It might make it harder but it certainly doesn't stop someone. Not to mention the odds of someone targeting you specifically is tiny. More likely is you'll download some malware online, for which your "IP bouncer" will do nothing.

    Microsoft don't install malware on computers (except Windows Vista). If someone from Microsoft installed malware then it wasn't Microsoft. How do you even know you have malware, specifically a trojan on the machine? Office is not difficult to install and should not require a call to anyone. Judging from your lack of knowledge it seems more likely that you installed malware yourself, or unknowingly gave someone else access to your PC and they installed malware for you. Or there may in fact be absolutely no malware in the first place.

    You are right, I've just given you the solution, for free, on a forum. If you have malware the only way you can be sure it is dealt with is to start from fresh. Sure some antivirus might succeed in scrubbing it but you can never be sure. Anyone that claims to be able to remove any type of malware without a reinstall is either exceptional (and thus won't be wasting their time on forums) or is a liar. If you want to get rid of the apparent malware you reinstall from scratch. But like I said there's absolutely no guarantee you've even got malware.
    Damn
    Offline

    17
    ReputationRep:
    (Original post by Bulletzone)
    Damn
    If that impressed you I don't recommend looking at the post I just updated above (which unfortunately got deleted). But the premise was that I reverse imaged searched John's profile picture, found his Twitter, personal blog, Facebook and so on. His Facebook was public so I learned his wife and daughters names and so on. And he's trying to tell me I know nothing lmao
    Offline

    16
    ReputationRep:
    (Original post by Acsel)
    If that impressed you I don't recommend looking at the post I just updated above.
    Too late. :eek4:
    Offline

    17
    ReputationRep:
    (Original post by Bulletzone)
    Too late. :eek4:
    I mentioned it before but I'm going to mention it again. This is not hacking in and of itself.

    That said what I did is a perfectly valid technique for building social engineering profiles (or "people hacking". The human aspect can often be the most insecure, which I'd like to think I just demonstrated. Facebook, TSR and so on are perfectly secure platforms (within reason). And yet 2 minutes, a Google Image search and some carelessness means I could find out far more than I should do about a random stranger on the internet.

    To everyone reading this, regardless of how smart of stupid you think the people posting here are: Be careful with what you do, say and put online. I've seen a fair few profile pictures in this thread alone that could possibly lead straight back to Facebook, Twitter, Instagram and so on. I imagine several people have put information in their TR profile that could help identify them (I would be guilty of that myself). Is it likely someone is going to target you? No. I did it to prove a point. Do you really want to run that risk though? What about in 10 or 20 years time when you're successful and worth targeting? All those forgotten online profiles add up.

    Take your privacy and security seriously people.
    Offline

    16
    ReputationRep:
    (Original post by Acsel)
    I mentioned it before but I'm going to mention it again. This is not hacking in and of itself.

    That said what I did is a perfectly valid technique for building social engineering profiles (or "people hacking". The human aspect can often be the most insecure, which I'd like to think I just demonstrated. Facebook, TSR and so on are perfectly secure platforms (within reason). And yet 2 minutes, a Google Image search and some carelessness means I could find out far more than I should do about a random stranger on the internet.

    To everyone reading this, regardless of how smart of stupid you think the people posting here are: Be careful with what you do, say and put online. I've seen a fair few profile pictures in this thread alone that could possibly lead straight back to Facebook, Twitter, Instagram and so on. I imagine several people have put information in their TR profile that could help identify them (I would be guilty of that myself). Is it likely someone is going to target you? No. I did it to prove a point. Do you really want to run that risk though? What about in 10 or 20 years time when you're successful and worth targeting? All those forgotten online profiles add up.

    Take your privacy and security seriously people.
    Your last point is very true. We may or may not become successful but in the event that we are, I'd most likely forget about this site as I would be soo busy
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    .
    reported
    Offline

    17
    ReputationRep:
    (Original post by john2054)
    reported
    I was well aware what I was doing would be close to breaking TSR rules. I don't particularly care. Realistically all I did was piece together a profile from your own negligence. Not my fault that I was able to reverse image search your profile picture and end up with half your family's names. If nothing else you've stopped belittling me and claiming yourself an expert.

    But seriously, fix your privacy problems. Tht's genuine advice. I don't care what you think of me but you seriously need to do something about your online privacy. Anyone else can do what I did and the next person might not be so forgiving.
    Offline

    10
    ReputationRep:
    Who's watching this thread and laughing? :laugh::laugh:
    Offline

    17
    ReputationRep:
    (Original post by Naruke)
    Who's watching this thread and laughing? :laugh::laugh:
    Defintiely me. I've been having a lot of fun
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    I was well aware what I was doing would be close to breaking TSR rules. I don't particularly care. Realistically all I did was piece together a profile from your own negligence. Not my fault that I was able to reverse image search your profile picture and end up with half your family's names. If nothing else you've stopped belittling me and claiming yourself an expert.

    But seriously, fix your privacy problems. Tht's genuine advice. I don't care what you think of me but you seriously need to do something about your online privacy. Anyone else can do what I did and the next person might not be so forgiving.
    I've never claimed to be an expert.

    And stop telling me what to do

    thanks.
    Offline

    17
    ReputationRep:
    (Original post by john2054)
    I've never claimed to be an expert.

    And stop telling me what to do

    thanks.
    You said you "clearly knew more about security than most people on this site". You said you've been hacking, learning about it, etc. "since I was in diapers". You got incredibly defensive when I pointed out that what you were saying was wrong and you in fact didn't know what you were talking about. You might not have claimed to be an expert but you implied that you knew what you were talking about when you clearly didn't.

    I'm not telling you what to do. It was genuine advice to better protect your privacy. Your blog might still point to Facebook and your Facebook might still be public but at least you can't be directly traced from TSR now. And the thing is you might have told me to stop but you still elected to change your profile picture. If nothing else you can see the risk you're putting yourself at. Whether you do anything about it is entirely up to you. Now do you actually have anything relevant to add since we established almost immediately that webcams can be hacked.
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    You said you "clearly knew more about security than most people on this site". You said you've been hacking, learning about it, etc. "since I was in diapers". You got incredibly defensive when I pointed out that what you were saying was wrong and you in fact didn't know what you were talking about. You might not have claimed to be an expert but you implied that you knew what you were talking about when you clearly didn't.

    I'm not telling you what to do. It was genuine advice to better protect your privacy. Your blog might still point to Facebook and your Facebook might still be public but at least you can't be directly traced from TSR now. And the thing is you might have told me to stop but you still elected to change your profile picture. If nothing else you can see the risk you're putting yourself at. Whether you do anything about it is entirely up to you. Now do you actually have anything relevant to add since we established almost immediately that webcams can be hacked.
    Here is your next mission, if you choose to accept it:

    Hack my computer, gain access to my back account details, and withdraw £1, to an anonymous account...

    Actually you don't have to do this, just tell me my account number and sort code?

    If you are really as good as you would have everyone else on here believe, you will find this a doddle.

    If not, either you won't or you can't?

    I guess which.....
    Offline

    17
    ReputationRep:
    (Original post by john2054)
    Here is your next mission, if you choose to accept it:

    Hack my computer, gain access to my back account details, and withdraw £1, to an anonymous account...

    Actually you don't have to do this, just tell me my account number and sort code?

    If you are really as good as you would have everyone else on here believe, you will find this a doddle.

    If not, either you won't or you can't?

    I guess which.....
    And this is where you fall down. I never claimed to be a hacker. I never claimed to be an expert. I made it explicitly clear that a Google image search is not hacking. I made it clear that what I did was largely down to your negligence. Me calling you out when you are wrong is not me trying to prove to people how good I am. And if you truly had some idea of the hacker mindset you'd understand that hackers aren't trying to impress people.

    You thought a dynamic IP was an IP bouncer that you used to stay safe from hackers. You thought Microsoft were installing trojans on your PC. You apparenlty have a trojan and are entirely unconcerned about it, seeing it as little more than a bug. You have poor security settings on your social media profiles. You claim to have been hacking for some 20 odd years and claim to know more about security than most people on this site. I called you out and apparently that means I want everyone to think I'm a 1334 hacker. Cool story bro

    But let's pretend for a moment that I could hack you. Do you really think I'd admit to it here? Do you really think I'd be stupid enough to do it when my TSR profile can be easily traced back to me? If I were in fact a great hacker then I'd have better things to do than call people out on forums. But for reference I'm sure an experienced skip tracer could use the information you've left lying around to figure out your bank details. Hell if I just straight up assume you still live in Derby based on your TSR profile then you've already narrowed the potential sort codes to maybe a dozen. I'd wager there's something on Twitter, Facebook, your blog, a forum post, etc. that could narrow things down. 192.com may even throw up a home address.

    And you know what? This is something I actually have experience with. You know that forensic degree that you cast aside because they wouldn't teach me about hacking? My head of school sets a challenge each year for students to find out as much about him as possible. We use methods just like the ones listed above. No hacking involved. So in theory I don't need to hack your computer to get your bank details. Am I capable of that and willing to break the law to do it? No. But it's possible.
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    And this is where you fall down. I never claimed to be a hacker. I never claimed to be an expert. I made it explicitly clear that a Google image search is not hacking. I made it clear that what I did was largely down to your negligence. Me calling you out when you are wrong is not me trying to prove to people how good I am. And if you truly had some idea of the hacker mindset you'd understand that hackers aren't trying to impress people.

    You thought a dynamic IP was an IP bouncer that you used to stay safe from hackers. You thought Microsoft were installing trojans on your PC. You apparenlty have a trojan and are entirely unconcerned about it, seeing it as little more than a bug. You have poor security settings on your social media profiles. You claim to have been hacking for some 20 odd years and claim to know more about security than most people on this site. I called you out and apparently that means I want everyone to think I'm a 1334 hacker. Cool story bro

    But let's pretend for a moment that I could hack you. Do you really think I'd admit to it here? Do you really think I'd be stupid enough to do it when my TSR profile can be easily traced back to me? If I were in fact a great hacker then I'd have better things to do than call people out on forums. But for reference I'm sure an experienced skip tracer could use the information you've left lying around to figure out your bank details. Hell if I just straight up assume you still live in Derby based on your TSR profile then you've already narrowed the potential sort codes to maybe a dozen. I'd wager there's something on Twitter, Facebook, your blog, a forum post, etc. that could narrow things down. 192.com may even throw up a home address.

    And you know what? This is something I actually have experience with. You know that forensic degree that you cast aside because they wouldn't teach me about hacking? My head of school sets a challenge each year for students to find out as much about him as possible. We use methods just like the ones listed above. No hacking involved. So in theory I don't need to hack your computer to get your bank details. Am I capable of that and willing to break the law to do it? No. But it's possible.
    Why are you being so hostile our kid? I hacked university, and left with a 2.1. I also hacked Africa, and left with a wife. The next time you complete this kind of hacks, by all means tell me. And if you ever have anything positive to contribute, by all means tell me about that too. You really have such a monochrome view of hacking don't you.

    I'm not a hacker. I don't know how to break a bank, or many of these tight security protocols. But I am aware of the basics. I know this somehow impinges your personal sense of self esteem, and i am very sorry about this. But lighten up okay our kid.

    By the way, you couldn't break my banks security protocol even if you wanted to, in fact i am fairly sure that anonymous couldn't. The most they can do is systems outage, lasting up to a few hours, and i think this is from DOS attacks (denial of service attacks, basically where attackers set up mass systems overload, by using trojans to overload a systems entry points). But then you already knew this right>?
    Offline

    0
    ReputationRep:
    (Original post by EC)
    Yeah, but wouldn't the light turn on automatically, even if hacked?
    I heard i think on the BBC, they can make it so the light doesn't come on but the camera is still on!
    Offline

    17
    ReputationRep:
    (Original post by john2054)
    Why are you being so hostile our kid? I hacked university, and left with a 2.1. I also hacked Africa, and left with a wife. The next time you complete this kind of hacks, by all means tell me. And if you ever have anything positive to contribute, by all means tell me about that too. You really have such a monochrome view of hacking don't you.

    I'm not a hacker. I don't know how to break a bank, or many of these tight security protocols. But I am aware of the basics. I know this somehow impinges your personal sense of self esteem, and i am very sorry about this. But lighten up okay our kid.

    By the way, you couldn't break my banks security protocol even if you wanted to, in fact i am fairly sure that anonymous couldn't. The most they can do is systems outage, lasting up to a few hours, and i think this is from DOS attacks (denial of service attacks, basically where attackers set up mass systems overload, by using trojans to overload a systems entry points). But then you already knew this right>?
    Not being hostile at all, you just don't seem to want to let this go. You posted a stupid "challenge" so I shared my knowledge.

    Congratulations, you're now using a completely different definition of hacking to suit your argument. You're not entirely wrong using the term hack here but you full well know that in this context hacking is about breaking into things. Hacking a webcam and hacking life are different definitions of hacking. It's not at all relevant though so I'm not getting into an argument about definitions.

    You know the basics and apparenlty that makes you more of a security expert than most of the people on this site? Pretty sure anyone doing any sort of CS style degree would be a genius then.

    I never claimed to be able to break your banks secrurity protocols and I'm really not sure where you go that notion from. At this point you're claiming I can't do a thing that I never mentioned in the first place. I made a point of saying that no hacking was required (for social engineering). So your rant about me not being able to break bank security protocols is null. Read before you post.

    You really love mentioning trojans don't you. DoS attacks don't explicitly use trojans to overload a system entry point. You're on the right lines but not quite correct. A DoS attack, as you say is designed to cause system outages more commonly referred to as loss of service. They do this by flooding the servers with requests. There's so many junk requests going in that the real requests get lost, the server bottlenecks, needs to be restarted and so on.

    When you mention trojans you're probably thinking of DDoS (Distributed Denial of Service) attacks. The general idea is the same as a DoS attack but the traffic comes from many locations, often from machines that have been compromised (potentially by a trojan but really any malware will do). A DoS attack is akin to you pressing F5 constanlty to refresh a page. A DDoS attack is akin to getting a group of people together and all of you pressing F5.

    DoS can generally be traced back to one person (of course you can hide you IP, run it from other machines and so on) but there is generally a single attacker. A DDoS can't be traced to a single machine because attacks are coming from multiple locations. DoS attacks generally aren't that popular nowadays for these sorts of reasons, The attack on Dyn on October last year was a DDoS attack, perpertrated using the Mirai botnet. No trojans involved, only mirai malware. Notably a lot of the devices creating DDoS traffic were IoT devices that had default settings, making them accessible by simply looking up their default login details.

    As for whether it would be possible to crack the banks security, it's of course going to be possible but looking at it from the perspective of anonymous doing it is entirely wrong. Hacking a bank through brute force, trying to insert malware and so on may or may not get you anywhere. In terms of brute force it's going to take way too long to be worthwhile. But that's not the only way to hack a bank (or any company). Penetration tester (ethical hacking) is a field devoted entirely to this. One of the common ways to hack is from inside. Why mess about breaking through external security when you can walk up to a server and plug your cables straight in?

    What people forget about hacking is that is isn't all computers and coding and malware. There is a huge human aspect as well. Social engineering can work wonders. Sometimes you physically need to go pick a lock manually and gain physical access. You might assume the system is perfectly secure but when you get in it turns out the IT guys left a sudo account primed for you to use.

    Not breaking into a bank but here's some hackers (legally) breaking into the US power grid. That's arguably more concerning, espeically when they find unlocked doors, laptops, etc. lying around and so on. Similar story of how pen testing worked to get access to a bank below.

    https://www.youtube.com/watch?v=pL9q...=537s&index=19

    http://uk.businessinsider.com/how-to...h-korea-2016-6
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    Not being hostile at all, you just don't seem to want to let this go. You posted a stupid "challenge" so I shared my knowledge.

    Congratulations, you're now using a completely different definition of hacking to suit your argument. You're not entirely wrong using the term hack here but you full well know that in this context hacking is about breaking into things. Hacking a webcam and hacking life are different definitions of hacking. It's not at all relevant though so I'm not getting into an argument about definitions.

    You know the basics and apparenlty that makes you more of a security expert than most of the people on this site? Pretty sure anyone doing any sort of CS style degree would be a genius then.

    I never claimed to be able to break your banks secrurity protocols and I'm really not sure where you go that notion from. At this point you're claiming I can't do a thing that I never mentioned in the first place. I made a point of saying that no hacking was required (for social engineering). So your rant about me not being able to break bank security protocols is null. Read before you post.

    You really love mentioning trojans don't you. DoS attacks don't explicitly use trojans to overload a system entry point. You're on the right lines but not quite correct. A DoS attack, as you say is designed to cause system outages more commonly referred to as loss of service. They do this by flooding the servers with requests. There's so many junk requests going in that the real requests get lost, the server bottlenecks, needs to be restarted and so on.

    When you mention trojans you're probably thinking of DDoS (Distributed Denial of Service) attacks. The general idea is the same as a DoS attack but the traffic comes from many locations, often from machines that have been compromised (potentially by a trojan but really any malware will do). A DoS attack is akin to you pressing F5 constanlty to refresh a page. A DDoS attack is akin to getting a group of people together and all of you pressing F5.

    DoS can generally be traced back to one person (of course you can hide you IP, run it from other machines and so on) but there is generally a single attacker. A DDoS can't be traced to a single machine because attacks are coming from multiple locations. DoS attacks generally aren't that popular nowadays for these sorts of reasons, The attack on Dyn on October last year was a DDoS attack, perpertrated using the Mirai botnet. No trojans involved, only mirai malware. Notably a lot of the devices creating DDoS traffic were IoT devices that had default settings, making them accessible by simply looking up their default login details.

    As for whether it would be possible to crack the banks security, it's of course going to be possible but looking at it from the perspective of anonymous doing it is entirely wrong. Hacking a bank through brute force, trying to insert malware and so on may or may not get you anywhere. In terms of brute force it's going to take way too long to be worthwhile. But that's not the only way to hack a bank (or any company). Penetration tester (ethical hacking) is a field devoted entirely to this. One of the common ways to hack is from inside. Why mess about breaking through external security when you can walk up to a server and plug your cables straight in?

    What people forget about hacking is that is isn't all computers and coding and malware. There is a huge human aspect as well. Social engineering can work wonders. Sometimes you physically need to go pick a lock manually and gain physical access. You might assume the system is perfectly secure but when you get in it turns out the IT guys left a sudo account primed for you to use.

    Not breaking into a bank but here's some hackers (legally) breaking into the US power grid. That's arguably more concerning, espeically when they find unlocked doors, laptops, etc. lying around and so on. Similar story of how pen testing worked to get access to a bank below.

    https://www.youtube.com/watch?v=pL9q...=537s&index=19

    http://uk.businessinsider.com/how-to...h-korea-2016-6
    Okay i watched your video, and read your article, now you watch mine:::

    https://collateralmurder.wikileaks.org/
    Offline

    17
    ReputationRep:
    (Original post by john2054)
    Okay i watched your video, and read your article, now you watch mine:::

    https://collateralmurder.wikileaks.org/
    I'm not entirely sure how that's relevant in any way but okay
    Offline

    3
    ReputationRep:
    (Original post by Acsel)
    I'm not entirely sure how that's relevant in any way but okay
    it relates to what i was discussing earlier.

    did you watch it?

    about Iraq
 
 
 
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • Poll
    What newspaper do you read/prefer?
    Useful resources
    AtCTs

    Ask the Community Team

    Got a question about the site content or our moderation? Ask here.

    Welcome Lounge

    Welcome Lounge

    We're a friendly bunch. Post here if you're new to TSR.

    Groups associated with this forum:

    View associated groups
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

    Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

    Quick reply
    Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.