A hacker collective claims to have gained access to roughly 150,000 security cameras, including in jails, hospitals and even a Tesla factory. The intruders say they found the login and password to a ‘super admin’ account online.
The hacktivists targeted Silicon Valley security firm Verkada, which sells surveillance cameras that users can manage through an online portal, breaching a “Super Admin” account that gave access to feeds for all of the company’s customers, according to a Tuesday Bloomberg report. In addition to more than 200 cameras in Tesla factories and warehouses, the hackers viewed security footage from schools, hospitals – including psychiatric wards – and a number of jails and prisons. Verkada’s own offices also fell victim to the breach.
A software engineer claiming to have taken part in the hack, Tillie Kottmann, told Bloomberg the breach “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” adding that the admin’s username and password were found on the open web.
It’s just wild how I can just see the things we always knew are happening, but we never got to see.
Kottmann, who has previously claimed involvement in leaks of hacked material from chipmaker Intel and Nissan Motor Co., said the cyber collective is motivated by “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it,” jokingly dubbing the group “Advanced Persistent Threat 69420.”
Among the tens of thousands of devices affected by the breach, the intruders were able to access some 330 security cameras around the Madison County Jail in Huntsville, Alabama, which use facial recognition tech to track inmates and staff. In some cases, the hackers said they also accessed audio of police interviews with suspects, while other footage seen by Bloomberg showed officers interrogating a handcuffed man inside a police station in Stoughton, Massachusetts. Medical facilities were also swept up, with the outlet reviewing security video from Halifax Health, a Florida hospital that was featured in a now-deleted “customer story” on Verkada’s website.
A spokesperson for the California security firm noted that all internal administrator accounts at the company were disabled after it noticed the intrusion, saying “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.” Kottmann also confirmed to Bloomberg that the hackers had since lost access to the surveillance feeds.
The hack comes just days after another massive breach targeting Microsoft’s Exchange servers, which gave blackhatters access to data from up to 30,000 organizations across the US, including “a significant number of small businesses, towns, cities and local governments,” according to cybersecurity analyst Brian Krebs.
Like this story? Share it with a friend!