If you used Yahoo Messenger to video chat with your friends or strangers between 2008 and 2012 — and perhaps even later — British spies might have a collection of screenshots of your most intimate online conversations.
The GCHQ, the British equivalent of the NSA, has been caught collecting screenshots of millions of Yahoo users from their webcams through a program called "Optic Nerve," according to the latest Edward Snowden leak, published on Thursday. A large number of those images were, unsurprisingly, naked pictures taken from sexually explicit webcam sessions. How did this happen? And how worried should you be that something like this might happen again?
See also: Is It the Dawn of the Encryption App?
Unfortunately, the original report by The Guardian doesn't provide much in the way of technical details, and the original documents the report is based on have not been released.
First of all, it's important to clarify that the GCHQ is not accused of hacking into computers and intercepting webcam feeds directly from the machines of Yahoo users, like hackers can by installing RAT (Remote Access Tool) malware on a victim's laptop or PC. Furthermore, the GCHQ did not need Yahoo's cooperation to execute its webcam spying project.
The method the GCHQ reportedly used was to tap directly into fiber optic cables passing through the UK to collect one image of a Yahoo user using their webcams every five minutes, as part of its Project Tempora, according to The Guardian.
Thanks to this program, the GCHQ has reportedly been able to collect vast amounts of Internet data, without having to ask anyone for permission. As of this writing, it remains unclear as to just how many Yahoo users were simultaneously tracked by the GCHQ's five-minute interval screenshot method.
Any Internet data flowing through those fiber optic cables, if not encrypted, can be intercepted in the same way. Yahoo's webcam chat data, for example, is transmitted without encryption, making it relatively easy to be intercepted by GCHQ's spies — as well as hackers snooping on public Wi-Fi networks like the ones commonly used at Starbucks.
That's most likely how the British spies were able to collect screenshots of people using Yahoo Messenger, as privacy and security researcher Ashkan Soltani explained to Mashable.
Yahoo told Mashable that it will begin encrypting Yahoo Messenger communications by March 31. However, the company declined to comment on the encryption of its webcam feeds.
But what if you use Google Hangouts, Apple Facetime or Skype?
Google Hangouts
Ever since its launch, Google Hangouts has used SSL web encryption, making video chats through the service theoretically safe from spy agencies tapping into fiber optic cables.
FaceTime
As for Facetime, last summer Apple stated that "conversations which take place over iMessage and FaceTime are protected by end-to-end encryption" making them supposedly impossible to intercept, even for Apple.
A few months later, however, we found out that Apple's claims regarding iMessage were not completely accurate, as researchers revealed that Apple and the NSA could theoretically read iMessages. Ever since Apple's statement, however, no one has stepped forward to debunk or question FaceTime's encryption techniques, so video conversations through the software should be safe.
Skype
Skype, for its part, has long touted the security of its software. In 2008, a spokesperson said that, thanks to Skype's encryption techniques, the company didn't have the ability to help police intercept user calls through the software. But the same year, according to The New York Times, Skype secretly started working on "Project Chess," an internal program designed to come up with ways to make Skype communications available to law enforcement agencies.
Then, in 2011, the NSA forced Skype — at that point owned by Microsoft — to comply with its surveillance requests and become part of PRISM, according to Snowden documents.
But PRISM is not the same thing as Tempora. Through PRISM, the NSA reportedly gets data directly from tech companies — with all the necessary legal requirements in place — rather from intercepted Internet traffic. Nevertheless, Skype, in an online FAQ, says its encryption "protects you from potential eavesdropping by malicious users."
In summary, there is no indication that most other webcam chats are vulnerable to the same kind of surveillance the GCHQ reportedly used against Yahoo users. But if you're using your webcam through Yahoo, you may be vulnerable.
Optic Nerve was still active in 2012, but there's no indication the program has been stopped since then, as Spencer Ackerman, one of the two Guardian reporters who broke the story, noted on Twitter.
Just bc I'm seeing this out there: we have no indication OPTIC NERVE/etc *stopped* in 2012. Docs from '12 we saw indicate it was active then
— Spencer Ackerman (@attackerman) February 27, 2014
Have something to add to this story? Share it in the comments.