• United States




GCHQ strains an Optic Nerve

Feb 28, 20143 mins

Seems that the GCHQ have allegedly been a naughty bunch of boys and girls. Under the banner of a program humourously code named “Optic Nerve”, they collected pictures from webcams over a period of several years.

Um, why did they need this exactly? Was this part of a massive sting against some criminal mastermind sitting around in their island fortress plotting to overthrow some government? All the while petting their snow white cat?

Well, no.

Anyone was fair game apparently.

From The Guardian:

In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.


Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of “a whole new level of violation of our users’ privacy”.

Yahoo reacting “furiously” to this activity on the part of GCHQ strikes me as hollow. Especially when you take into account that Yahoo didn’t even enable SSL in their email offering until January of this year. They touted happily that they were now encrypting email.


From Washington Post:

However, security researchers say the ciphers Yahoo is using to implement that encryption on some of its servers is weak. An analysis by SSL Lab shows that Yahoo is using an outdated cipher call RC4 to secure some connections. Matthew Green, a John Hopkins professor who focuses on cryptography, was surprised they used that cipher suite, calling it “archaic.”

Why did it take so long to roll out SSL in the first place? It isn’t as if this was a brochure-ware site. This is a site with people’s email.

GCHQ captured images of 1.8 million users? While I find it deplorable that GCHQ would collect this information on Yahoo users without any apparent basis. I’m more confused as to why Yahoo did not encrypt the traffic in the first place. Why was the GCHQ able to capture these images at all? And to think, just for a moment, how many of those images are of people who are under 18 years old? This takes on an entirely darker meaning at this point.

I reached out to GCHQ seeking comment and received the following from a GCHQ spokesperson,

‘It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.’ 

I wonder who authorized this activity then and why.

How can you protect yourself? Only use services that actually encrypt your traffic. Leverage services for anonymity as Tor. Use a VPN. Cover your camera when not in use. And, I cannot stress this enough, do NOT video yourself naked online. Same goes for naked selfies.

In retrospect wish I had been a Yahoo webcam chat user. Why you ask? Just for the knowledge that somewhere in the deep recesses of their building, some poor analyst would be staring at their screen and screaming as I sat in front of the camera…in my birthday suit. 

I’m evil that way.

(Image used under CC from Dan Zen)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author