How would you feel if someone hacked into your computer or business and illegally captured screenshots or even camera images of you, your employees or even your family using social engineering? Now to extend that even further, what if in one of those screenshots they caught you doing something you should not have been doing, something illegal?
Would you expect to be brought up on charges, considering that those images where obtained by an illegal hacker? Most of us would probably think that we are quoting some conspiracy theory movie… but the sad truth is that this may very well be the reality.
As you know the team at social-engineer.org has been following and blogging on the crazy story that continues to unfold in regards to the Lower Merion Web Cam Scandal. I can’t say much because as of this second we have a dedicated researcher scouring through the all of data, reports and information that has been gathered on this topic. Recently there has been in depth research into the terabytes of pictures and data collected to determine the real culpability of the school and the employees of the school.
As we have been preparing this story for release we saw a news story that just forced us to blog some information early. Here is the snippet that caught our attention:
“Plaintiffs’ counsel’s concern centers around the 50,000+ photographs and screen shots taken of other students and parents that Plaintiffs’ counsel has not examined,” Haltzman’s response reads in part. “Since the Government has not agreed to immunize all students and their parents from prosecution for criminality that could possibly be depicted in the data collected, and since it is conceded that the data collected by LMSD, a government entity, was illegally obtained in violation of the Fourth Amendment, there is concern that the Government will target, or worse prosecute, students and parents based upon the illegally obtained evidence.”
There are still parents who haven’t even seen their pictures yet and the government may intercede and grab the photos, catalog and possibly prosecute – WOW.
Previously on May 3rd the FBI asked why so many images where taken without regard for privacy of families and especially minors. So the question comes in, who gave Lower Merion the right to intrude on those communications? Regardless of whether a student stole a computer, whether a student is a problem student or whether the parents missed an insurance payment – does it not seem inexcusable for the school to violate the privacy of minors, students and families?
What if whoever is in front of the camera is not a student or part of the school, friends, family or someone not related to a late payment or bad student? One article used a very good analogy, what if you were late on your cable bill and the cable company decided to just turn on a camera on your cable box to see if you were using the TV and for what? If we had this type of “luck” in a social engineering audit we would feel blessed, but this breach of privacy has only victims.
The lawsuits would be filed so fast it would spin your head off, and rightly so. That kind of privacy invasion is something we just can’t handle, nor should we have to.
This is just the tip of the iceburg and really doesn’t cover the real meat of this story. Our researcher is polishing the story as you read, so stay tuned and we will posting more in the next day or so.
Thanks to nick8ch for sending us the link and helping us with the research for this story.