There are many different types of malicious software (malware) which can make their way onto your computer. Viruses, worms, and rootkits can all wreak havoc on your computer, your personal data, and your life.
One of the more distressing forms of malware is a category of malicious programs called “spyware.” Spyware, as you might imagine, is a program that covertly spies on your computer activity, usually reporting that activity back to someone else.
Difference Types of Spyware
Spyware can be categorized based on what type of computer activity it records and reports on. Virtually no spyware collects everything, but all of it collects something.
Targets for spyware include:
- Browsing history
- Screen grabs
- Keystroke logging
- Reading documents
Internet Browsing History
Spyware that tracks your online activity is perhaps the most common and has been going on for a very long time.
There was a time, before consumer protection regulation was implemented in this area, when it was extremely common. Now it is not quite as prevalent but still is a constant threat.
Internet activity spying can range from simply collecting a list of sites visited, to extremely fine-grained details about time spent on sites, clicks, actions, and so forth.
Some forms of internet spyware affect only a specific browser, and they can be effectively removed by simply uninstalling the browser in question and using a different one. On the other hand, some forms of internet-watching spyware are viewing all internet connections made by the computer. These are a little harder to get rid of.
Perhaps the least common form of spying, some spyware actually record the images on your computer screen. This isn’t done often because it is more difficult and the information gleaned is not nearly as useful.
Some forms of spyware record everything you type. This is particularly insidious, as it allows the attacker to collect all of the information you enter on a regular basis, including:
- Usernames and passwords
- Credit card information, including security codes
- Social security numbers
- Phone and address
- Date of birth
Email and Document Reading
Some forms of spyware actually sift through your documents or email (or both) looking for useful information. The programs that do this use algorithms that attempt to sift out non-useful information (most personal correspondence), looking for useful items like usernames, passwords, credit card numbers, and personal identification data.
Many people store their passwords and other sensitive information in documents on their computer, and this is the target.
It is an incredibly distressing thought, but it's true – there is spyware that will covertly turn on your computer's built-in camera and send video to third-party attackers.
Who is Spying, and Why?
- ID Theft Harvesters
- Law Enforement
- The US Government
Spyware is deployed by a number of different types of people and groups, and some of them might surprise you. What won't surprise you is that each group has their own agenda.
Identity Theft Harvesters
The majority of known spyware comes from groups committing identity theft. This type of theft tends to be done by organized crime rings, not individual hackers. Typically, the groups aren't targeting anyone in particular; they are trying to harvest as much usable information as possible.
The target of these sorts of operations is almost always credit card information. However, other personally identifiable information is also collected. The people who collect this information usually don't use it. They usually sell the personal data they collect in bulk to other criminals. As a result, it is not usual for some time to pass between initial collection of the data and eventual fraudulent charges.
Employers and Schools
If you have been issued a computer by your employer or your school, there is a good chance that it has (possibly legal) spyware installed on it. You should assume that, at the very least, your school or employer is tracking your internet activity.
There was a rather infamous case of a public high school that remotely activated cameras on student laptops, and used them to spy on their students.
Lots of people use the internet and their computers for illegal activity, which has given law enforcement officers in many countries the idea that they should deploy spyware on suspects’ computers in order to gather evidence.
In the U.S. and most other “First World” countries, there are strict legal requirements (such as a search warrant, or similar court order) before this can be done. However, there are plenty of cases where these requirements are either not applicable, waived, or simply ignored.
The United States Government
Specifically, the CIA, the NSA, and the department of Homeland Security. (Also the FBI, but they are mentioned above in “Law Enforcement.”)
As revealed originally by Edward Snowden, and elaborated on since then, it is apparent that the U.S. Government has engaged, and continues to engage, in massive surveillance — including spying on computer and internet usage by means of malicious programming and other methods.
Spyware that Isn't Spyware
Advertisers and data aggregators use a variety of legitimate ecommerce tools to track your online behavior, including:
- IP logging
- Browser fingerprinting
Most of the banner ads on the internet are run by only a small handful of advertising networks. If you visit two different sites that contain ads from the same network, the network tracks that you have visited both of those sites and serves up relevant ads based on your behavior. Multiply this across hundreds of thousands of websites, including many that you heavily interact with and provide detailed personal information to — Facebook, Google Apps, Twitter, any site with a detailed personal profile.
Advertisers analyze this data in order to sell you more things, more effectively. This might seem creepy, but it's better than stealing your credit card numbers.
How Does Spyware Get on My Computer?
Spyware can get on your computers all the same ways any other type of malicious software does:
- Automatic downloads from malicious websites – sites with explicit content are a particular problem
- Emailed files
- Apps and other downloads from unknown or untrusted sources
Protecting Yourself Against Spyware and Spying
There are a number of things you should do to protect yourself from spyware, and to mitigate its effects.
- Use anti-spyware and anti-virus software
- Do not download files from unknown sources
- Be wary of files and links emailed to you from friends, without an accompanying note or message
- Do not store passwords or credit card information in documents on your computer
- Do not use the same password on multiple websites
- Use a password manager that does not require typing passwords, and which stores password in an encrypted state
- Cover your webcam with a piece of opaque tape
- Avoid suspicious websites