Posted on April 7, 2021 at 4:47 PM
A recent report reveals that a massive hacking operation by Chinese hackers has given access to hacked camera feeds in hotel rooms and people’s bedrooms.
The hackers stole the videos from hacked security cameras and are now offering them as sex tapes across social media and darknet forums.
The South China Morning Post reported about the hacking incident, stating that each sex tape comes with a different price tag, depending on the explicitness of the content.
According to the report, the threat actors placed videos containing people just moving around their hotel room or bedroom for $3, while videos containing nudity and sex cost $8 a piece.
There again, the stolen videos are repackaged in a lump and sold together as a collection called “home video packages,” according to the report.
Threat actors also offered real-time access to live camera
Another interesting thing is the fact that the threat actors are still having access to real-time camera streams. They are offered by the hackers at “set meal prices.” For instance, the hackers allow the buyers access to about 10 different households for about $11. Once the buyers pay the amount, they are given the camera ID numbers and the password to access the real-time camera feeds.
The price is moved further for buyers who want more. The hackers offer access to 10 different households and 10 different hotel rooms for $23. Additionally, the buyer will pay $39 if they want to access camera feeds from 20 hotel rooms and 20 households.
Stolen videos are in their tens of thousands
The report reveals that the hackers have stolen tens of thousands of videos. The report also revealed that a single seller shared about 8,000 videos in a group chat in a single 20-day period in February. The report added that the members of the chat group were VIPs. After getting the videos, they sold them to others as well.
“I have so many video clips that you can’t finish them all within six months,” one of the sellers said. The report added that most of the stolen videos were taken from Hubei, Hunan, and Guandong provinces.
The seller also stated that the videos do not have only contents from vulnerable home-security cameras, but some of them are coming from camera installations in random places from some groups of people.
The seller bragged that he is in contact with a dozen people who are traveling around China and installing videos everywhere they go.
The seller added that they are not perturbed or discouraged to continue even if the hotel discovers the camera. He said they will only lose money from the camera but recover it from the video sales.
Sellers are criminally liable
Zhang Tao, a lawyer with the Shanghai Hiways Law Firm commented about the hacking incident, stating that those who sell the stolen videos are carrying illegal actions and are liable under Chinese law.
The cybersecurity community has continuously stressed the security laxity in the Internet of Things (IoT). The problem is not only limited to China, but the US has had its fair share of camera vulnerability too.
Camera vulnerability also prevalent in the U.S
In January, the U.S. Attorney’s office charged an employee of security service provider ADT for accessing security cameras to watch women in their bedrooms. He was fired by his employer before subsequently being charged.
The former worker uses his email address to have real-time access to the video network. In February, some security experts discovered misconfigured baby monitor cams, which have the potential of allowing unauthorized access to the camera’s video stream.
Researchers at Bitdefender discovered a vulnerability in ADT’s LifeShield Security cameras and advised about the privacy risks of these vulnerable cameras.
“Gaps in this fragile ecosystem…might even turn devices that protect our privacy into tools that violate it,” the researchers pointed out.
Last month Silicon Valley startup Verkada was breached and the feeds of more than 15,000 cameras were exposed, including cameras from Cloudflare and Tesla.
The increased levels of vulnerability in these cameras are giving threat actors more cause to explore bugs. As a result, researchers have warned that companies producing these cameras need to beef up the security structure and concentrate more on user protection.