TraceSecurity

Scam Alert -Cyber Spying

Broadcast on NBC MEREDITH VIEIRA, co-host: We're back at 7:45, and this morning we begin a three-part series, SCAM ALERT: IDENTITY THEFT. You might think, 'Oh, it could never happen to me,' but you won't believe the clever ways crooks are stealing your most personal information. NBC's Kevin Tibbles is here to focus on one scam that invites bad guys right into your home. Kevin, good morning to you. KEVIN TIBBLES reporting: Good morning, Meredith. Well what would you do if a stranger knocked on your door and asked if he could come inside so he could simply sit down and go through all our personal documents? Chances are, you'd slam the door in his fact, right? Well, when it come to cyber spying that exactly what the bad guys are doing through your computer, and you wouldn't even know it. Unidentified Man #1 (Experiment Participant): I never thought of anything coming through the mail itself.

Scam Alert (Part 1 of 3) Scam Alert (Part 2 of 3) Scam Alert (Part 3 of 3)

Unidentified Man #2 (Experiment Participant): I was caught off guard. Something wasn't right. But it was too late.

Unidentified Woman (Experiment Participant): It's scary to know that in one little click, someone can change your whole life.

TIBBLES: These are the voices of identity theft. But they are the lucky ones, not victims of a real scam, but of an unscientific experiment conducted by Jim Stickley and his company TraceSecurity.

Mr. JIM STICKLEY (TraceSecurity): We're trying to find out what are the risks out there, what are people susceptible to, and then coming up with solutions before they're actually falling victim for real.

TIBBLES: Over the next three days, you'll see how these people could have fallen prey to a crime that affected an estimated nine million people just last year, beginning with a disturbing ploy that could give crooks a window directly inside your home: cyber spying.

A cyber spy could track every move you make via your computer's Web cam, simply by tricking you into believing that program you're downloading is legitimate. But hidden inside that program are the keys to accessing everything in your computer.

At the TraceSecurity headquarters in Baton Rouge, Jim demonstrated this scam: sending out five Web cams to a group of friends and family, along with the letter claiming they'd been randomly selected by a fictitious company for an Internet usage survey. But when the recipient loads the software, they're actually running a program designed by Jim that could give him control of the camera and the computer itself.

Mr. STICKLEY: The CD still looks real, only now you're loading our software first and our software's very malicious. You're going, 'OK, right now I'm in my home. My shades are closed, I'm secure. I can do whatever I want and no one's around,' and you're blowing that away. I mean, suddenly, there is somebody around, and it can be millions of people.

TIBBLES: After a week, a Web cam had been set up. Jim called the victim, his own brother-in-law Pat to inform him he'd been tricked. A courtesy any real hacker wouldn't extend.

Mr. STICKLEY: I received an e-mail that showed me that a camera had come in. Well, right now I can communicate with everything on their computer. I can start their camera out, I can run commands. I can do whatever I need to do on their computer.

TIBBLES: Once Pat agreed to be recorded, Jim showed how easily his spying could go unnoticed.

Mr. STICKLEY: Can you tell in any way that you're being filmed right now on your camera?

PAT (As Identified, Experiment Participant): No. Nothing at all. It's unnerving, to say the least.

TIBBLES: With consent from Pat, Jim could cyber spy through Pat's Web cam and had complete access to personal files.

Mr. STICKLEY: I could download, for example, their cookies off their computer, which a lot of times are used for part of the authentication process with online banking. I can record their keyboard computers, so everything they type in, their username and password, Social Security numbers and a lot of private information.

TIBBLES: For Jim, accessing Pat's personal information proved to be simple.

PAT: I hooked it up, hooked the Web cam up, and put it in and didn't think anything about it.

TIBBLES: One recipient told the fake company they were suspicious; the other three did not respond.

Mr. STICKLEY: I would hope it's going to bring awareness to it. I mean, it could be something very simple, very benign where they just think they're downloading a screen saver for their computer and that one screen saver could activate a whole slew of problems for them and giving somebody full access to their system.

PAT: Everybody wants to have the convenience of being on the computer, but with that freedom comes all these risks. And hopefully, people watching will learn the same thing.

TIBBLES: One out of our five targets fell victim to our scam. One too many, which Jim hopes will raise awareness of this potential threat.

Mr. STICKLEY: You know, it's very simple to take advantage of that kind, kind of good-natured feeling that everybody has that, 'When I get something in the mail it must be a good thing.' So, you know, we feel bad, but we hope we're enlightening people.

TIBBLES: And, Meredith, if you're using the same computer to do your banking as your kids are using to download screen savers or little smiley faces, chances are you might want to start using a different computer.

VIEIRA: Dangerous stuff. Kevin Tibbles, thanks so much.

TIBBLES: You bet.

VIEIRA: We'll be back right after this.