Getty Images
The hackers say they have infiltrated Silicon Valley startup Vercada’s network and gained access to live video feeds from more than 150,000 surveillance cameras hosted by the company Cloudflare, Tesla and other organizations.
The videos and images released by the group said they were taken from company fees, warehouses and factories of those companies, as well as from prison cells, mental wards, banks and schools. Bloomberg News, which reported the breach for the first time, said footage seen by a reporter showed staff at Florida’s Hal Halifax Health Hospital that a man had to be confronted and put to bed. Another video showed a handcuffed man at the Stugh Fatton police station in Massachusetts, interrogated by officers.
“I don’t think the claim that ‘we’ve hacked the Internet’ is as accurate as it is today,” said Tilly Kotman, a member of the hacker group who calls himself APT 69420 Arsen Cats. Wrote On Twitter.
Hardcoded credentials
The hack became possible after Verkada exposed an insecure internal development system from the Internet, Kotman told Arsen. It contained credentials for an account that had super admin rights on the Verkada network. Once inside the network, hackers say they have .x access to feeds from 150,000 cameras, some of which provide high-definition video and use facial recognition.
In a statement, a Verkada spokesperson wrote: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue and we have notified law enforcement. ”
Meanwhile, a CloudFlare representative wrote:
This afternoon we were warned that a handful of cloudflare offices in Fiso could be compromised with the main entry points and the Varkada security camera system monitoring the main roads. The camera offices were located in Fiso, which has been officially closed for almost a year. As soon as we were informed of the compromise we disabled the cameras and disconnected them from the office fee network. To be clear, this event has not affected any customer data or processes.
Tesla did not immediately respond to a request for comment.
Kotman is a Switzerland-based software engineer who leaked 20GB of Intel source code and proprietary data last year. Other companies whose data has been compromised by Kotman include AMD, Micros .ft, Adobe, Lenovo, Qualcomm and Motorola. Those breaches were also based on hardcoded credentials in Internet-exposed repositories.
Kotman said the hackers collected about 5GB of data from Verkada, but could have gotten more.
