Security camera hack exposes live feeds from hospitals, workplaces and schools

/in


Hackers aiming to call attention to the dangers of mass surveillance say they were able to peer into hospitals, schools, factories, jails and corporate offices after they broke into the systems of a security-camera startup.

That California startup, Verkada, said Wednesday it is investigating the scope of the breach, first reported by Bloomberg News, and has notified law enforcement and its customers.

Swiss hacker Tillie Kottmann, a member of the group that calls itself APT-69420 Arson Cats, described it in an online chat with The Associated Press as a small collective of “primarily queer hackers, not backed by any nations or capital but instead backed by the desire for fun, being gay and a better world.”

They were able to gain access to a Verkada “super” administrator account using valid credentials found online, Kottmann said. Verkada said in a statement that it has since disabled all internal administrator accounts to prevent any unauthorized access.

But for two days, the hackers said, they were able to peer unhindered into live feeds from potentially tens of thousands of cameras, including many that were watching sensitive locations such as hospitals and schools. Kottmann said that included outdoor and indoor cameras at Sandy Hook Elementary School in Newtown, Connecticut, where 26 first-grade students and six educators were killed in 2012 by a gunman in one of the deadliest school shootings in U.S. history.

The school district’s superintendent didn’t return calls or emailed requests for comment Wednesday.

One of Verkada’s affected customers, the San Francisco web infrastructure and security company Cloudflare, said the compromised Verkada cameras were watching entrances and main thoroughfares to some of its offices that have been closed for nearly a year due to the pandemic.

“As soon as we were notified of the breach, we proceeded to shut down the cameras in all our office locations to prevent further access,” said John Graham-Cumming, the company’s chief technology officer, in a blog post. “To be clear: this hack affected the…

Source…