YouTube’s ‘RAT’ problem

Posted by on Aug 4, 2015 in IT News | 0 comments

YouTube’s ‘RAT’ problem

It’s never been easier to learn how to hack, according to a new report.

Digital Citizens Alliance, a nonprofit advocacy group, has uncovered thousands of YouTube videos teaching wannabe hackers how to gain access to victims’ webcams and computers.

One example: A YouTube video plays romantic music and features a woman who has no idea that hackers are staring into her bedroom. In this particular video, they’re also teaching others how to do the same.

The video had 37,000 views before it was taken down. These videos, often accompanied by music, show step-by-step instructions on what hackers refer to as “slaving” victims. They take over their computers, turn on their webcams, and sometimes even interact with them.

Hackers are able to remotely access users’ webcams by installing malware called a remote access Trojan, or RAT. This type of malware is nothing new, but Adam Benson, a security researcher with the Digital Citizens Alliance, says the online tutorials are making hacking easier than ever.

The report also uncovers forums where hackers sell access to victims’ bedrooms. One user boasts “100 slaves” for sale. A buyer offers $5 dollars for access to females and $1 for males.

In some of the worst cases, hackers threaten to expose private moments if victims don’t send nude images of themselves.

One of the most high profile cases of “ratting” occurred in 2013. Former Miss Teen USA Cassidy Wolf had her web camera hacked. She had no idea a hacker was watching her for months.

“One night I had an email sent to my computer anonymously threatening me, giving me three options to do whatever he asked,” Wolf told CNNMoney. “The first one being to Snapchat him, the second one being to send him ‘better quality’ photos, and the third one being to video [myself] for five minutes doing whatever he asked.”

Wolf went to the authorities, who later apprehended the hacker.

She says victims still reach out to share their stories. The report strikes a chord with her.

“It’s insane that literally anybody can get ahold of somebody’s computer and basically terrorize someone’s life just by watching a YouTube video,” she says.

Many of the online hacking videos have ads that play ahead of the tutorial: a Wal-Mart ad precedes a tutorial on how to take over someone’s computer. An ad for Kim Crawford wine plays before a video titled “Dark Comet Pranking,” which shows a hacker turning on a teenager’s web camera and scaring him.

“Advertisers who spend a lot of money on online advertising and are invested in building a good brand…suddenly they find their products up next to bad actors and often criminal actors,” Benson says.

YouTube’s policy prohibits these types of videos, but it relies heavily on users to flag ones that violate the guidelines.

“YouTube has clear policies that outline what content is acceptable to post, and we remove videos violating these policies when flagged by our users,” the company said when asked about the videos.

Benson says it’s not enough.

“We would like to see human teams, human engineers, reviewing these videos,” he says. “Making sure that people are not victimized and re-victimized over and over and over again.”