Wake Up Call for Those who Possess Sensitive Data

video surveillance

This post is also available in: עברית (Hebrew)

Hackers aiming to call attention to the dangers of mass surveillance say they were able to peer into cameras inside various institutions and organizations. The group say they breached a massive trove of security-camera data collected by the US-based startup Verkada, gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools, as reported by bloomberg.com. Verkada provides a web-based platform that manages cameras.

The data breach was carried out by an international hacker collective and intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into, said Tillie Kottmann, one of the hackers who claimed credit for breaching Verkada.

The hackers were able to gain access to a Verkada “super” administrator account using valid credentials found online. Verkada said in a statement that it has since disabled all internal administrator accounts to prevent any unauthorized access.

But for two days, the hackers said, they were able to peer unhindered into live feeds from potentially tens of thousands of cameras, including many that were watching sensitive locations such as hospitals and schools. 

One of Verkada’s affected customers, the web infrastructure and security company Cloudflare, said the compromised Verkada cameras were watching entrances and main thoroughfares to some of its offices that have been closed for nearly a year due to the pandemic.

Cybersecurity expert Elisa Costante said it’s worrisome that this week’s hack wasn’t sophisticated and simply involved using valid credentials to access a huge trove of data stored on a cloud server. “What is disturbing is to see how much real-life data can go into the wrong hands and how easy it can be,” Costante, vice president of research at Forescout told abcnews.gold.com. “It’s a wake up call to make sure that whenever you are collecting this much data we need to have basic security hygiene.”