Have you ever gotten an e-mail from a service warning that someone is trying to hack into your account and wondered: Who is doing this to me?
A password manager called LogMeOnce now gives you the option to take a picture of whoever is trying to access the accounts that you've registered with its service. It does this by hacking the hacker's camera, whether that is attached to a computer or mobile device, and secretly taking a photo.
The feature, which is called Mugshot and launched Tuesday, also provides you with information on where your attacker is located and the hacker’s IP address -- the unique set of numbers that identify each computer on a network. And it offers the option to grab a photo from the rear-facing camera of a mobile device, so you can get a look at the hacker's surroundings.
LogMeOnce, a Fairfax, Va. firm incorporated in 2011, has a patent pending on the proprietary technology, which essentially tries to protect consumers by exposing the identities, or at least the locations, of hackers. Chief executive Kevin Shahbazi phrased it another way: a digital burglar alarm.
It is "identical to an alarm system that everyone uses to protect their home, business or property," only for the digital age, he said. Shahbazi compared it to work he's done in the past with closed-circuit television cameras, nanny cams and other security measures.
Going after hackers by hacking their systems -- "hack backs," as they are called -- falls in a legal and moral gray area. A growing number of cybersecurity experts and businesses say that such "active defense" measures are necessary as the threat posed by anonymous hackers grows. But officially, the U.S. government does not allow private companies to hack back on their own.
Shahbazi said that his offering is legal, more like the cameras that guard ATMs to catch robbers. One could also draw parallels to location apps, such as "Find my iPhone," which have been used by ordinary consumers to bring device thieves to justice. LogMeOnce simply takes matters one step further by bringing a more advance hack tracking tool to the masses.
"It is very legal to protect your assets, passwords, or access to your online banking credentials" he said. LogMeOnce does not collect any other personal data on digital intruders.
"But, if they use a public library computer, an stolen phone, or their own phone, and try to get into someone else’s account, then we can alert the rightful owner that someone from Ukraine, China or Fairfax, is trying to access their account," Shahbazi said.
For consumers who feel continually menaced by anonymous, faceless hackers, being able to track who is trying to take control of your accounts could provide a measure of satisfaction. That's not necessarily to encourage vigilante justice for hacking, of course, but could be particularly useful evidence for a higher authority if you find former acquaintances — or, in a business owner's case, a former employee — are accessing your accounts without permission.
Shahbazi presented the feature in a demo for The Post by simulating an attack on his own account. As he hacked a dummy account, his LogMeOnce dashboard then showed information about where he — as the intruder — was. The program then offered the option to snap a photo or video of him.
Shahbazi, a serial entrepreneur who sold his last business to tech security giant McAfee, said that he's seen consumers increasingly embrace anti-hacking and other security measures. Mugshot, he said, was a feature he was particularly eager to offer.
"This has been a work of passion," he said.
The new software has some other nifty features as well, such as a setting that lets you change all of your passwords at once, a password "scorecard" that gives you an outside opinion on how strong your password really is and a password calculator that will just generate a strong password for you. You can also securely share account access with others — without having to actually give up your password to anyone — and designate a "password beneficiary" to pass on your account access after you have passed away.
Password managers in general are an option to consider for those who feel overwhelmed by having to manage so many accounts. Several programs such as 1Password, Dashlane, LastPass and others have been gaining in popularity as consumers have grown worried about hacks while also trusting more information to the digital world. Set-up on these programs can be arduous, but offer a lot of convenience once they're up and running.
Maybe, someday, passwords will die and be replaced by something different. Fingerprint and voice scanning technology, in particular, have emerged as possible replacements for the password — we're already seeing that option crop up with Apple's Touch ID and fingerprint readers on Android phones.
Until then, however, password managers are an option for everyone to consider as they create more accounts — back to school time, everyone! — and fight that urge to just make all your passwords "password." It may be easier on your brain to do that; it also makes it way easier for that snot-nosed kid down the street to break into your accounts for fun.