articlescloudflarecomputer securitycomputingcrime preventioncybercrimecyberwarfareGadgetGadgetshackerhacker cultureinternet securitymatthewmatthew princesecurity hackerTechnologyteslatillie crimewtillie kottmannverkada

Hackers Target Surveillance Firm, Exposing Live Camera Feeds

Illustration for article titled Hackers Target Surveillance Firm, Exposing 150,000 Live Camera Feeds in Hospitals, Jails, and Tesla

Photo: Martin Bureau (Getty Images)

A hacker group claims to have broken into the networks of cloud-based surveillance startup Verkada, gaining unfiltered access to thousands and thousands of live security camera feeds in the process.

The hack first gained public attention Tuesday afternoon, when a Twitter user who goes by the name “Tillie” began leaking purported images of the hack onto the internet: “ever wondered what a @Tesla warehouse looks like?” the hacker, who uses they/them pronouns, quipped.

Tillie, who goes by the full name Tillie Kottmann (or “Tillie Crimew” on their Twitter handle) is allegedly part of an international hacker collective responsible for having breached Verkada. Once inside, the hackers were able to use the firm’s security feeds to peer into the internal workings of droves of organizations, including medical facilities, psychiatric hospitals, jails, schools and police departments, and even large companies like Tesla, Equinox and Cloudflare, according to a report from Bloomberg.

Among other things, Kottmann implied Tuesday that they could have used their access to Verkada to hack into the laptop of Cloudflare CEO Matthew Prince:

The hacker group has very noticeably courted public attention, calling the intrusion campaign “Operation Panopticon” and claiming they want to “end surveillance capitalism” by bringing attention to the ways in which ubiquitous surveillance dominates people’s lives. The group may go by the moniker “Arson Cats” and has given itself an “APT” number, in reference to the way threat groups are labeled as “advanced persistent threats” by security research firms.

According to Bloomberg, the security hole that let hackers in was a pretty amazing one: Hackers discovered a password and username for a Verkada administrative account publicly exposed to the internet. In a Twitter message, Tillie reiterated this to Gizmodo, claiming that once they had compromised the administrator account (called a “super administrator”), they were able to hook into any of the 150,000 video feeds in Verkada’s library.

“The access we had allowed us to impersonate any user of the system and access their view of the platform,” said the hacker, further explaining that the “superadmin rights are also what granted us access to the root shell at the click of a button.”

When questioned as to whether there was a political message behind the hack, Tillie said that part of it was the fact that they hated “surveillance capitalism”:

“Yeah i guess i hate capitalism in general, surveillance capitalism being an especially horrible and disgusting part of it,” the hacker said. “however the insight having access to these camera feeds has given us has also been a very interesting way to see things we all know happen behind closed doors, but usually never get to see.”

As of publication, Verkada representatives could not be reached for comment. Emails sent to Tesla and Equinox have not yet been met with a response. A representative from Cloudflare sent the following message:

This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months. As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, this incident does not impact Cloudflare products and we have no reason to believe that an incident involving office security cameras would impact customers.


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button