When you next type something sensitive on your computer keyboard, be sure that no-one else is watching. A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malwareware.
In a class action lawsuit, six women have accused pharmacist Matthew Bathula of invading their privacy by spying on them at work and at home.
According to the lawsuit, Bathula is alleged to have planted spyware on at least 400 computers in clinics, treatment rooms, and labs at the University of Maryland Medical Center where he worked. Bathula is said to have installed a keylogger. This software monitors what a user types on a keyboard without their knowledge, relaying it back to the keylogger’s owner.
The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts.
This access enabled Bathula to download the victims’ personal information, including their private photographs and videos, the class action asserts, adding that he also used his access to systems both at home and at work to spy on the victims in real time.
He used webcams installed on work computers for telehealth sessions to spy on new mothers pumping milk at work, and did the same through their home webcams.
Bathula allegedly spied on victims with their children at home, and also watched them undressing and being intimate with partners. He is said to have disabled the cameras’ operating lights so that victims could not see they were being viewed.
How to protect yourself
Bathula has not thus far been charged with a crime. The anonymous women, who first became aware of the issue when the FBI contacted them, are suing their employer, University of Maryland Medical Systems, for “failure to take reasonable, readily available measures to protect its employees.”
But spyware is a threat for people outside the workplace too. What should you do to protect yourself from someone logging your keystrokes? Here are some tips.
Keep your software up to date. Some spies manually install keyloggers on target computers, but others use malware to install it remotely. Malware droppers frequently take advantage of known vulnerabilities in older versions of operating system and application software. They exploit these security holes to install their malware. You can minimize these loopholes by constantly keeping your software up to date.
Install anti-malware protection. Anti-malware protection works at the lowest level of the operating system to check on the software applications that it’s running and watch for suspicious or known malicious activity.
Watch where you download from. Software downloaded from unofficial sites – especially pirated software – often comes with unwelcome additions including keyloggers and other spyware.
Don’t reuse passwords. People often use the same password across multiple accounts for convenience. This is not a good idea. If a keylogger reads one password, its owner can try the same credentials on your other accounts. According to the lawsuit, Bathula harvested passwords from the workplace keylogger and used them to hijack personal accounts that victims hadn’t accessed at work.
Use a password manager. Another way to prevent a keylogger from reading your passwords is not to type them in. Instead, you can use a trusted password manager that will auto-fill password fields on login pages for you.
Use multi-factor authentication. Where online accounts support it, use two authentication methods to log in. Your password is one such method, but many use an authenticator app on their phone that provides an extra code to type in. Because that code changes all the time, an attacker won’t be able to use it to enter your account in future. For even more security against keyloggers, some accounts now support the use of hardware-based passkeys that don’t require you to type in a code at all.
Protect your webcam. Another layer of defense is to protect your webcam and microphone. Some come with security shutters, while for others, a Post-It will do. If Mark Zuckerberg covers up his camera, it’s probably a good sign that we should too, while using a microphone with a physical off switch – or at least covering your laptop one tightly with tape – can protect your audio. If someone does gain access to your webcam, at least it won’t reveal your secrets.
As with all layers of protection, these defensive measures are best used in conjunction with each other. The more difficult you make it for an attacker to spy on you, the less likely they are to succeed.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.