Mark Zuckerberg is one of the most powerful men in the world because billions of people give Facebook, which he founded, free access to their personal data. In return, users receive carefully curated snapshots of his life: baby photos, mundane office tours and the occasional 5K.
On Tuesday, observers were reminded that Mr. Zuckerberg, 32, is not just a normal guy who enjoys running and quiet dinners with friends. In a photo posted to his Facebook account, he celebrated the growing user base of Instagram, which is owned by Facebook. An eagle-eyed Twitter user named Chris Olson noticed that in the image’s background, his laptop camera and microphone jack appeared to be covered with tape.
Other publications, including Gizmodo, used the tweet to raise the question: Was this paranoia, or just good practice?
The taped-over camera and microphone jack are usually a signal that someone is concerned, perhaps only vaguely, about hackers’ gaining access to his or her devices by using remote-access trojans — a process called “ratting.” (Remote access is not limited to ratters: According to a cache of National Security Agency documents leaked by Edward J. Snowden, at least two government-designed programs were devised to take over computer cameras and microphones.)
Security experts supported the taping, for a few good reasons:
• The first is that Mr. Zuckerberg is a high-value target.
“I think Zuckerberg is sensible to take these precautions,” Graham Cluley, an online security expert and consultant, wrote in an email Wednesday. “As well as intelligence agencies and conventional online criminals who might be interested in targeting his billions, there are no doubt plenty of mischievous hackers who would find it amusing to spy upon such a high-profile figure.”
• The second is that covering photo, video and audio portals has long been a basic and cheap security safeguard.
“Covering the camera is a very common security measure,” Lysa Myers, a security researcher at the data security firm ESET, said in an email. “If you were to walk around a security conference, you would have an easier time counting devices that don’t have something over the camera.”
• Third, Mr. Zuckerberg is not immune to security breaches.
A recent hacking of his Twitter and LinkedIn accounts shows that he most likely committed two basic privacy faux pas: He may have used the same password across several websites and did not use two-factor authentication.
Judging from his photo, however, it appears that Mr. Zuckerberg was taking simple precautions to protect himself from anyone who may try to gain remote access. The practice is fairly technologically simple: Hackers trick people into clicking on links or unfamiliar websites containing malware that allows them access to the devices.
Mr. Zuckerberg is not the only high-profile case: James Comey, the director of the F.B.I., told students at Kenyon College in April that he also puts tape over his computer’s webcam, for surprisingly simple reasons, according to NPR:
“I saw something in the news, so I copied it,” Mr. Comey said. “I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera.”
People who are not billionaires or high-ranking government officials are not without risk, said Stephen Cobb, a senior security researcher at ESET.
“For people who are not C.E.O.s, the threat is people scanning the internet for accessible webcams for a range of motives, from voyeurism to extortion,” Mr. Cobb wrote in an email.
Experts don’t have a good estimate for how often such attacks occur, but according to a 2015 report released by the nonprofit Digital Citizens Alliance, the practice is a growing problem for consumers, especially young women. The report also said that trojans account for some 70 percent of all malware.
“They’ve been one of the most popular types of malware on every operating system, for quite a long time,” Ms. Myers, of ESET, said. “The best ways to protect against them are to update all your software on your machine regularly, and use reputable security software, including anti-malware and a firewall.”
Continue reading the main story