150,000 Cameras Hacked
VERKADA OFFERS “hybrid-cloud” security camera systems, and customers include numerous public institutions, as well as some big-name companies, such as Tesla, Nissan, and web security firm Cloudflare. Its server was hacked, and images and video clips totaling 5GB were taken from its 150,000 active cameras and released to the press. These included scenes from inside county jails and hospital.
The breach lasted over 36 hours, and was made by a collective called APT-69420, seemingly simply to make a point. A spokesperson, Tillie Kottmann, cited curiosity, anarchism, and fun as motivations, along with more politicized concerns. The security on Verkada’s systems was described as “non-existent and irresponsible.” The hackers managed to obtain super admin access, so had free rein to view supposedly secure footage from sensitive locations. Verkada has assured its customers that it is “confident that all customer systems were secured” after the breach went public.
There are a lot of cameras watching us. Legal protection from surveillance is minimal, and based around the concept of an expectation of privacy. This is open to interpretation, leaning toward acceptance. Who has access to footage is similarly poorly defined. Meanwhile, untold amounts of footage of us are piling up on server racks. Now add Internet access to that footage. The hack shows again that going to the cloud without solid security isn’t always going to end well. Where we are watched is one debate, but if we are watched, it must be done securely. This hack was done to make a point, other groups may have different concerns.