Google asked to police stolen webcam videos on YouTube
YouTube should do more to police and remove video clips made using hijacked webcams, say digital campaigners.
In a report released at the Black Hat conference, the Digital Citizens Alliance said it had found thousands of videos on YouTube that featured stolen footage.
In total the clips had racked up millions of hits, said the group.
Webcam hijackers profited from their trade via adverts on videos and by selling access to some streams.
Adam Benson, deputy director of the non-profit DCA, said the trade in stolen webcam footage was "troubling" and called on Google, which owns YouTube, to stop relying on computer-based methods to find and remove the videos.
In other cases involving videos that showed shocking or illegal images, YouTube had deployed teams of people to handle complaints and hunt down offending clips, he said.
"The humans can see things that the algorithm is just not going to pick up," he said.
In a statement, Google said: "YouTube has clear policies that outline what content is acceptable to post and we remove videos violating these policies when flagged by our users."
The same should be done with these clips that often frighten, humiliate and terrorise victims, said Mr Benson.
However, Google appeared to dismiss the report based on its source.
"Legal documents and news reports establish that the movie industry spent hundreds of thousands of dollars to fund, coordinate, and heavily publicise the efforts of this 'consumer organisation' as part of the MPAA [Motion Picture Association of America]'s Project Goliath campaign," it said.
The DCA said it had shared its findings with YouTube but so far had not received any response.
Mr Benson said the tool of choice for the people who shared the videos online were programmes known as "remote access trojans" or "Rats" for short.
"Rats are pretty cheap and some are free but if you want something that's a bit more sophisticated that's not going to be that expensive," he said.
As their name implies, this gives an attacker access to a victim's computer and grants them as much control over it as its real owner.
Many sites that offer people links to pirated content harboured the Trojans and infected people who thought they would be getting free songs, movies or games when they clicked on the link.
Experienced Rat operators could rack up 50 or so victims in a few minutes via these sites, suggests the DCA research.
Once installed, Rat operators find out if a machine has a webcam and then starts to stream images from them seeking candid footage.
Short clips were often placed on YouTube and used as a way to get people to visit other sites where more footage was available for a fee. Streams featuring young women were the most popular and carried the highest charges, he said.
Many operators were making thousands of dollars a month from their victims, he said, adding that the trojans were being used by cybercriminals all over the world.
Tackling the problem was hard, he said, because many people hit by it had intimate footage of their lives shared online.
"Even when someone is hit and becomes a victim there's a lot of shame and fear because they do not know who has seen the materials and that makes them very reluctant to talk about it and come forward," said Mr Benson.
The issue of exploiting hijacked footage came to prominence in March 2014 when American teenager Jared James Abrahams was jailed for 18 months for hijacking the webcams of several young women and extorting cash from them by threatening to release the images he stole.
The case won publicity because one of his victims, Cassidy Wolf, a former Miss Teen USA, did not pay up but instead reported the crime to the police.