Alleged hacker accused of spying on nude teenage girls via webcam

April 28, 2008 Sophos Press Release

Webcam spyware
Hackers have used webcams to spy upon victims for sexual kicks.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, are warning computer users about the importance of properly securing PCs, following news that a man who allegedly used computer malware to prey upon young women has been charged in Canada.

According to media reports, 27-year-old Daniel Lesiewicz has been charged with using spyware to take over the webcams of women as young as 14 and coerced them into posing naked for him.

Lesiewicz, the owner of a computer support company, has appeared in a Montreal courtroom on charges of possessing and producing child pornography, extortion and threats. According to the Sûreté du Québec, Lesiewicz made friends with teenage girls in internet chatrooms, sent them emails which infected their computers with malware, and then persuaded them to pose naked online.

The victims are then said to have been contacted by another internet user called "Dave", who told the women that nude photos of them would be posted on the net unless they posed again in front of their webcams.

According to a police spokeswoman, most of the young women who had their computers hacked were between the ages of 14 and 19, but some were in their twenties.

Sophos notes that there have been other cases in the past where hackers have taken remote control of innocent users' webcams in order to spy upon them.

In early 2005, Spanish authorities fined a student who captured movie footage from unsuspecting users, and arrested a 37-year-old man who spied on victims via a webcam while stealing banking information. In the same year, a 45-year-old computer technician from Nicosia, Cyprus was apprehended after taking compromising pictures of a teenager via her webcam, and threatening to send the pictures to her friends unless she posed naked. 18 months ago, Adrian Ringland, from the British town of Ilkeston, Derbyshire, was sentenced to jail for ten years after admitting posing as a minor on internet chatrooms and using spyware to take explicit photographs via children's webcams.

"Many young people may have poorly-defended PCs in their bedroom, leaving them potentially open to abuse. Although most malware these days is designed to steal money from its victims, clearly some hackers are being motivated by sexual kicks instead," said Graham Cluley, senior technology consultant for Sophos. "The message is simple: keep your PC protected against the latest threats with anti-malware software, security patches and firewalls, and if in any doubt unplug your webcam when you're not using it."

Business employees can fall victim too

Sophos experts note that the problem of poorly-defended PCs does not just affect young home users, but workers too.

"It's important to recognize that these kind of attacks are not just a problem for youngsters," continued Cluley. "Home and remote workers use computers often equipped with webcams and may have lax protection in place. The danger of people using a 'work' computer for non-approved use such as instant messaging chat are well documented. Companies should deploy application control technology to set a strict policy as to which programs, such as chat clients, can be used by their employees."

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection. Sophos's Application Control functionality - which is integrated into Sophos Endpoint Security and Control - puts the power in system administrator's hands to control usage of many different types of programs amongst their users.