What is Camfecting?
“Camfecting” is hacking into and using another person’s webcam without consent. Camfecting typically occurs when a computer user unwittingly downloads a file or program that is infected with a Remote Access Trojan, or “RAT.” A RAT is a type of malware that allows unauthorized remote access to a computer, and can allow a hacker complete control over the infected “slave” computer. Often times, a hacker will then upload the stolen data onto a hacker forum, or share information about which computers have been slaved so that other hackers can also gain access to these devices. RATs are easy to install, and the operator, or “ratter,” can watch the screen or webcam of any slave currently online.
At this time, there is no federal statute that specifically criminalizes or creates civil liability for camfecting. However, there are several federal statutes that may criminalize camfecting, depending on the specific circumstances of the incident.
The Electronic Communications Privacy Act (ECPA) makes it illegal to intercept stored or transmitted wire, oral, and electronic communications without authorization.
Title I of the ECPA, the federal Wiretap Act, criminalizes the intentional actual or attempted interception, use, disclosure, or procurement of wire, oral, or electronic communications. In terms of camfecting, if the RAT goes as far as collecting sound recording along with the video or images from the slave’s webcam, it is a crime under federal wiretapping laws because that is an intercept of a verbal communication. However, it is not currently illegal under federal wiretap laws to surreptitiously obtain solely images or video. Additionally, the federal wiretap laws are not adequate legal protection against camfecting because they cover the interception of communications in progress, and not creating a connection to take video.
The Computer Fraud and Abuse Act (CFAA) makes intentionally accessing a computer without authorization or exceeding authorized access illegal. A 1994 amendment to the CFAA prohibited, among other things, the transmission of a program, information, code, or command to a computer with the intent to prevent use of the system without the knowledge or the authorization of the owners of that computer.
In 1996, the National Information Infrastructure Protection Act (NIIPA) expanded the CFAA to cover even viewing information on a computer without authorization, whereas prior to the NIIPA violators could only be charged if they had acted for commercial gain.
However, the CFAA and the NIIPA only apply to “protected computers”—those used by the U.S. government, financial institution, or used in or affecting interstate or foreign commerce. Thus, personal computers can potentially be covered by the statute if it can be shown that they are used in or affect interstate or foreign commerce.
If a specific instance of camfecting does not fall under one of the federal statutes above, it may still be criminal under state law. Most states have criminal laws in place prohibiting the access of any computer without the owner’s authorization, and providing a range of penalties depending on the particular circumstances of the camfecting. Therefore, in most places in the United States, camfecting is indeed illegal at least under state law if not under federal law.
By Katelynn Merkin, HopkinsWay PLLC. | © HopkinsWay PLLC 2014. All rights reserved.