Linux Mint Forums

[JustMinted]

I just read an article on Ars Technica (http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/) about RATs. I knew that they existed, but it never occurred to me that they could be so widespread. It looks like a tool geared towards Windows, but I'm not a kernel guru so I'm not sure if Linux users should even think twice about it. Any thoughts from those with more know-how?

[Jamesc359]

A scary scenario no doubt. This is why I always keep my webcam/mics unconnected unless in use, I'm always cautious of what software I run and etc. At the end of the day though I'm not a likely target for such things, I am after all a mere male with above average computer skills. I worry more for my family because of their children. I try to "educate" them on the dangers of using P2P software, running their computers without anti-virus/anti-malware software, etc., etc., but I can't hold their hand every time they turn on their computer.

To answer your question, Linux is most definitely not invulnerable to this kind of thing. "Software" (aka RATs) exist for virtually every OS out there (even your cell phone). There's no need to be paranoid though. The fact is these guys want easy targets, so they prefer casual computer users who in turn prefer Windows. So it's unlikely that you'll be targeted since Linux represents such a small number of desktop computers and in general Linux users are also more knowledgeable and thus more cautious about executing foreign binaries/scripts and etc.

This could change in the future. As more people - in particular casual users - use Linux it becomes more and more of an attractive target for these kinds of exploits.

Stay away from bad sites. Keep your browser (and any other software) up to date. Don't run scripts/binaries from untrustworthy sources. Be cautious of all foreign material (emails, websites, etc.). Even a seemingly benign JPEG attachment could be dangerous. Keep these things in mind and you should be reasonably safe.

[catweazel]

There was a bloke arrested in the USA not more than a year or so ago. He was a PC repairman and he told his women clients that it would help if their laptop was occasionally taken into a steamy, damp area, such as the bathroom while they took a shower.

http://abcnews.go.com/US/california-computer-technician-trevor-harwell-suspected-spying-women/story?id=13806697

The machines were Macs.

[Jamesc359]

Wow, I can't imagine the nerve this guy had to have to tell any woman to take their computer into a hot steamy shower! Even more shocking is that it worked on any of them

[JustMinted]

What I was actually curious about was whether or not such a tool could work on a Linux machine without explicit root permission. Casual browsing, for instance, with browser ad/script blockers disabled or uninstalled. Or opening a .pdf/.gif/.jpeg file as non-root. If such exploits are known for Linux, are the developers aware? Are they doing anything about it?

[Jamesc359]

You're thinking of RATs as an exploit, but even though they do exploit you and your computer the RAT itself is not the exploit. They're a tool, a program, etc. that uses freely accessible interfaces to give the 'remote user' (aka the hacker) the ability to control the target machine. It's no different than Skype accessing your webcam or Firefox uploading a file (your PDF/JPEG) to a remote web server. Strictly from a coding standpoint the RAT is a perfectly legitimate program. Regardless of whether or not it's run as a regular user (like you) or as root.

I for example have installed SSH to enable me to remotely control certain aspects of my computer. Do I need root privileges to do that? Yes, but only because I wanted to put the program in my systems path (/usr/sbin/sshd I believe) and open ports below 1024. Somebody using a RAT to exploit your computer isn't going to concern them selves with such things. They'll likely just install it into some hidden folder and open a port > 1024. Anyways, I could easily take a photo with webcam (a command line program to take screenshots with a webcam) and transfer it to my computer. Like wise I could just as easily eject my optical drive with eject or play a sound with mplayer. The only thing that separates a RAT from SSH is that the ability to take screenshots, or eject the optical drive is built into the software. So really a RAT is just that, a Remote Administration Tool.

Don't get me wrong, RATs in this case are usually used for one purpose only and that is to exploit you and your computer. So what is the exploit then? Well I'd be amiss if I didn't say that yes, Linux does have exploits that hackers can and do use to get their RATs (and other malicious software) onto your computer and no it doesn't require root access. But these exploits are typically patched by the software's developers as soon as they're discovered. When people keep their software/OS up to date that makes it difficult (but not impossible) for hackers to develop a tool and infect a large number of machines before the holes are patched.

So what is a would be hacker to do? Well you're left with two options that are convenient. One is to infect out of date machines. This tactic is commonly used by a slightly more advanced hacker. The other way is to exploit the user. This is the method that's very popular amongst the RATing community because most of them aren't that sophisticated. They trick unsuspecting and trusting users into running their RAT for them. You simply can't forbid people from installing RATs on their computers, because there's no easy way to determine what is a bad RAT and a good one (SSH for example.) The only solution is to plug vulnerabilities that would allow a hacker to infect your machine without your assistance and to educate people of the dangers out there and how to avoid becoming a victim. E.g. don't use P2P sites to download music/games from . Don't open strange email attachements, etc., etc.