bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

paywallTypes

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

The Washington Post

Have you ever received an email warning that someone is trying to hack into your account and wondered: Who is doing this to me?
A password manager called LogMeOnce now gives you the option to take a picture of whomever is trying to access the accounts you’ve registered with its service. It does this by hacking the hacker’s camera, whether on a computer or a mobile device, and secretly taking a photo.
The feature, which is called Mugshot and launched Tuesday, also provides information about your attacker’s location and IP address — the unique set of numbers that identify each computer on a network.
And it offers to take a photo with the rear-facing camera of a mobile device, so you can get a look at the hacker’s surroundings.
LogMeOnce, a Fairfax, Vancouver company incorporated in 2011, has a patent pending on the proprietary technology, which essentially tries to protect consumers by exposing the identities, or at least the locations, of hackers.
Chief executive Kevin Shahbazi phrased it another way, calling it a digital burglar alarm.
It is "identical to an alarm system that everyone uses to protect their home, business or property," only for the digital age, he said. Shahbazi compared it to closed-circuit television cameras, nanny cams and other security measures he’s worked with in the past.

Going after hackers by hacking their systems — a "hack back," as it’s called — falls in a legal grey area. A growing number of cybersecurity experts and businesses say such "active defence" measures are necessary as the threat posed by anonymous hackers grows. But officially, the US government does not allow private companies to hack back on their own.
Shahbazi said his offering is legal, likening it to the cameras that watch ATMs to catch robbers. One could also draw parallels to location apps, such as Find My iPhone, which ordinary consumers have used to bring device thieves to justice. LogMeOnce goes one step further by bringing a more advanced hack-tracking tool to the masses.
"It is very legal to protect your assets, passwords or access to your online banking credentials," Shahbazi said.
LogMeOnce does not collect any other personal data on digital intruders.
"But if they use a public library computer, a stolen phone or their own phone, and try to get into someone else’s account, then we can alert the rightful owner that someone from Ukraine, China or Fairfax is trying to access their account," Shahbazi said.
For consumers who feel menaced by anonymous, faceless hackers, being able to track who is trying to take control of their accounts could provide a measure of satisfaction.
All this is not meant to encourage vigilante justice for hacking, of course, but the tool could provide useful evidence for a higher authority if you find former a acquaintance — or, in a business owner’s case, a former employee — trying to access your accounts without permission.
Shahbazi demonstrated the feature for The Washington Post by simulating an attack on his own account. As he hacked a dummy account, his LogMeOnce dashboard showed information about where he — as the intruder — was. The programme then offered the option to snap a photo or record video of him.
Shahbazi, a serial entrepreneur who sold his last business to tech security giant McAfee, said he’s seen consumers increasingly embrace anti-hacking and other security measures. Mugshot, he said, was a feature he was particularly eager to offer.
"This has been a work of passion," he said.
 


Harden the line on cybersecurity attacks in Hong Kong

Thailand failed to collect biometric data from 17 million arrivals due to ‘limited’ storage

Hong Kong’s investment promotion arm probes ransomware attack

In battle against scams, Malaysians are now armed with a chatbot to waste fraudsters’ time

Cybersecurity

Preying on predators: Security tool Mugshot can secretly take photos of whoever is trying to hack you 

With password manager LogMeOnce's new feature, the hacker's phone can become your window into their world. Photo: Handout

Users are highly unlikely to get a mugshot like this, but it could be enough to help identify and incriminate the hacker. Photo: EPA

Tech