Posted on October 17, 2020 at 1:26 PM
An unknown group of hackers managed to hack over 50,000 cameras from multiple countries, and record large quantities of content, thus invading users’ privacy.
Modern homes are equipped with all kinds of devices that can be connected to the internet, from desktops and laptops, to tablets, phones, gaming consoles, smart TVs, and more. Smart homes have even more devices and appliances, such as smart refrigerators, AC, and yes, even smart cameras.
The trouble is, all of these devices can also be hacked due to their constant connection to the worldwide web. Especially if they are not adequately protected.
This is exactly what has happened recently, as a hacker collective claims that they managed to breach as many as 50,000 security cameras installed in regular people’s homes.
What is known about the incident?
Hackers claim that they managed to steal private footage, and they even leaked some of it on the internet.
Most of the videos seem to be originating from Singapore, Thailand, South Korea, but also Canada. However, regardless of location, more than 50,000 households have had their privacy invaded.
Videos differ in many different aspects, including length and content. Some of them are only a minute long, while others last for as long as 20 minutes. They also show people of various nationalities and ages, most of which are in different stages of undress, or compromising positions.
Such footage has been uploaded to various porn websites.
The original report of the incident came from The New Paper, which stated that an unknown hacking group claims to have shared the clips with more than 70 members. They all paid $150 in exchange for access to the footage.
The group’s Discord is also quite large, counting almost 1000 members. It would appear that they specialize in security camera hacks.
Hackers have also published an offer
To prove their claims, hackers are offering 700 megabytes of footage in what they call a ‘free sample’ of the loot. That includes more than 4,000 photos and videos.
Not only that, but the group also offers to grant access to the hacked cameras to any interested members. They even offer to teach their VIP members how to use the hacked cameras for watching live or recording videos. In other words, the number of videos that could end up online might continue to grow.
ESET’s Jake Moore noted that this may seem worrying, but it shows exactly the kind of danger that can come from posting cameras online and not securing them properly. He said that people usually don’t have security in mind when setting up smart devices, and that he hopes that the incident will teach smart device users how important that is.
How did the hackers do it?
So far, there are not a lot of details on how the hackers managed to pull this off. However, there are some theories about how they accessed the devices. For example, like most other devices, cameras could also be flawed.
ESET itself uncovered an entire series of flaws in a D-Link cloud camera that can be used for gaining access.
Then, there is the fact that people often do not change the default password on their smart devices. There are even those who do, but they use passwords that are relatively easy to guess, as they don’t believe that a simple camera needs to be protected with a highly complex password.
Regardless of how they did it, the fact is that the group did manage to hack all those cameras, and they now have videos to prove it, and endanger people’s privacy.
This is why the IoT sector’s security should not be underestimated. Users must change their default passwords as soon as they complete the setup, and use complex ones, with upper-case and lowe-case letters, numbers, and symbols. They should never use birthday dates, pet names, and similar things that are fairly simple to guess or obtain online.