You may be spied right now by this scary Twitter bot
There is an air of mystery when you first notice @FFD8FFDB. However, the next thing you will see is that really gets on to you.
The Twitter bot tweets a grainy, context-free picture escorted by a line of peculiarly formatted gibberish every few minutes.
Only after you begin digging into the actual working of the bot that it becomes clear that the project is developed on a profoundly disquieting foundation that throws light on one of the major privacy escapes in the modern telecommunication set-up.
???????? pic.twitter.com/iWXLNnzC2L
— ?รฟ?โฌ (@FFD8FFDB) December 28, 2015
Basically, the software behind @FFD8FFDB browses the Internet for webcams whose operators have left them unsafe, taking screenshots from the feeds, and then tweets them.
???????? pic.twitter.com/e4Z3gwEFUH
— ?รฟ?โฌ (@FFD8FFDB) December 28, 2015
Derek Arnold, a Minneapolis-based Web developer is the man behind the working of the bot. He said that he created the bot mainly as an exercise in aesthetics, even while @FFD8FFDB teaches an important lesson about privacy.
In an email to Daily Dot, Arnold explained that โMostly I wanted to use a somewhat predictable, but unreliable imagery source (unsecured public network cameras) as the basis for some fun with video filtering.โ In order to discover cameras that are connected to business Internet networks, Arnold accumulates the list of unsafe cameras โusing some network tools.โ
???????? pic.twitter.com/BwbbbxcnuJ
— ?รฟ?โฌ (@FFD8FFDB) December 28, 2015
To make sure that the bot isn’t tweeting out images that are disclosing details of strangers’ personal lives, Arnold personally chooses the cameras himself. โI went this route because, while there are many lists of cameras available online … my goal wasn’t titillation,โ he said. Whenever he comes across cameras broadcasting from people’s homes, he immediately blocks them from the bot’s list of source cameras.
?????????? pic.twitter.com/SDryVXcYmS
— ?รฟ?โฌ (@FFD8FFDB) December 28, 2015
โI tended to lean on cameras that are in outdoors, public or business settings rather than in people’s homes, which was fairly easy since I chose not to scan residential ISP blocks,โ he said.
The resulting images, which Arnold develops through video filters to give a processed and washed-out look, normally show deserted or near-deserted office streetscapes and office building interiors mixed in with windows into places like ski resorts and slot racing tracks. While some do have unsuspecting human subjects, most of the spaces depicted are deserted.
There are many places available online that can be used to easily find webcams that can be made available to anyone with an Internet connection noted Arnold. Launched in 2009, Shodan, a search engine is one of those avenues that let users to recognize hundreds of millions of different Internet-connected devices, from people’s home routers to traffic signals to, yes, even webcams.
Many of the operators of webcams are not at all worried to turn on any security features, which means that anyone who is able to locate an unsafe device’s IP address would be able to gain access to it.
Cybersecurity Researcher, Dan Tentler in a talk at the 2012 Defcon cybersecurity conference in Las Vegas, described how he used Shodan to access the controls that would let him to potentially do things like switch off a French hydroelectric plant or defrost a Danish hockey rink.
In a blog post about the @FFD8FFDB project, Arnold described that the appeal of the captured images outdo the security implications the bot puts on display.
โOnce you see past the titillation of the intrusion, some of the vantage points have a composure of their own,โ Arnold wrote. โThe camera installerโs motives are unknown to me, but can be inferred. Sometimes itโs a public camera, used promotionally, so the scene feels composed and ideal.
โOther times the cameraโs purpose is security, in which case the angles are harsher, the composition worse,โ he continued. โThe owner has crammed the device into some dusty corner, competing for space with cobwebs and condoms. But even the harshness of this viewpoint provides an aesthetic perspective. This view feels dystopian, and the hammer strikes a wire in ourselves and our personal impression of the world.โ
Arnold noted that he hasn’t got much pushback for the bot possibly violating anyone’s privacy.
โI’ve only had a couple of people confounded by it, but I don’t think people are primarily creeped out,โ he said. โMaybe they are, but I’d say most people that interact with it or me tend to say positive things, as I think they get that it’s more of an aesthetic endeavour without any lofty ideals or lessons to learn from it.โ
While it wasn’t Arnold’s primary aim to pinpoint the insecurity of many webcams, he acknowledges that its in-built voyeurism does have a point. โObviously one of the things that makes this project a little fun is that it’s slightly transgressive,โ Arnold said, โbut I wouldn’t call that the primary goal.โ
So how does one block something like this from my cameras, just have wps etc?
Does this only pick up insecure networks?